The log of connection time in Linux is usually recorded by the two files of/var/log/wtmp and/var/run/utmp, but these two files cannot be viewed directly with cat, and the file is automatically updated by the system, we can use W, who, Finger, ID, Last, Lastlog, ac command to view.
Linux in the monitoring log for the process, first of all, the process monitoring log in the monitoring of the user's operation instructions is very effective, when the server recently found that there is often no reason to go down or for no reason to delete files, etc., can be viewed by using process statistics logs. We use ACCTON/VAR/ACCOUNT/PACCT to turn on process statistics log monitoring, and we can use Lastcomm to view process statistics logs.
Linux for Log service is managed by a service called syslog, such as syslog Log service to drive a lot of files, such as/var/log/lastlog is to record the last time the user successfully logged on, IP information, and/var/log/ Messages is the common system and service error information of Linux operating system, while/var/log/secure records Linux system security log, records user and workgroup transformation, user login authentication information, and/var/log/ Btmp records the user, time, and remote IP address of a Linux login failure, while/var/log/cron records the execution of scheduled tasks.
The Syslog service is managed by two important configuration files, namely the/etc/syslog.conf Master profile and the/etc/sysconfig/syslog secondary configuration file, while/etc/init.d/syslog is the startup script.
When the system is working for a certain period of time, the contents of the log file will increase with the time and the number of visits, the log files will become larger and higher, when the logs file beyond the control of the system, it will have a systemic performance impact. Dumps can be set to yearly dumps, monthly dumps, weekly dumps, a certain size dump, and so on.
In the Linux system, we often use logrotate for log dump, combined with cron scheduling task, can easily realize the dump of the log file, the setting of the dump mode has/etc/logrotate.conf configuration file control.
Sinsing analysis of logs in Linux