Syslogd deep analysis

Log System: the operating system generates a lot of information during operation, which is a way to observe the normal status of the system during operation; at the same time, we can locate the root cause of the problem when a fault occurs.

Introduction to syslogd and klogd

Syslogd is used to record logs generated by other facilities other than the kernel. When the system's control is transferred from the kernel to init, the log information is recorded by syslog.
Klogd: the kernel is mainly responsible for controlling the logs generated by the kernel. After the system is started, the klogd process records and records the logs in/var/log/dmesg.

View commands

# Dmesg (responsible for opening the var/log/dmesg file and displaying
# You can also view the cat command

Introduction to log information types of Related Files

Var/log/dmesg: stores the logs generated by the kernel, that is, the logs generated before the init program is started.
/Var/log/messages: System Standard Error log information. logs generated by most subsystems that are not generated by the kernel are recorded here.
/Var/log/maillog: stores the log information generated by the mail system;
/Var/log/secure: stores security-related log information, which records detailed private information about the user's correct or wrong logon to the system
Only Administrators can view them;

Log Level

Priority (log level) log level, generally has the following levels (from low to high)
Debug # debug information of a program or system. The lower the level, the more detailed the logs are recorded, and the hard disk is overloaded.
Info # General information
Notice # messages that do not affect normal functions
Warning/warn # important events that may affect system functions
Err/error # error message
Crit # Serious [equivalent to issuing a blue alarm]
Alert # The orange alarm must be triggered immediately]
Emerg/panic # will cause the system to be unavailable [equivalent to issuing a red alarm]
* # Indicates all log levels
None # Opposite to *, indicating that nothing is recorded

Facility (which can be understood as the source of log generation) is often used as follows:

Auth # Authentication-related
Authpriv # permission, authorization-related
Cron # Task Scheduler-related
Daemon # daemon-related processes, such as httpd working in the background
Kern # kernel-related
Lpr # print related
Mail # email-related
Mark # mark related
News # news-related
Security # security-related, similar to auth
Syslog # syslog's own
User # user-related
Uucp # unix to unix cp related
Local0 to local7 # custom use
* # * Indicates all facility

Action (it can be understood as the log processing method)

Absolute path on the system # common files such as/var/log/xxx
| # Pipelines are sent to other commands through pipelines for processing
Terminal # terminals such as/dev/console
@ HOST # remote HOST, for example, @ 10.0.0.1
User # system user, for example, root
* # All users logging on to the system. Generally, emerg-level logs are defined as follows:

1 2 Next Page