View WEB logs in CentOS
The importance of the linux Log system must be clear to everyone. We usually use logon information, various operation information, software error information, and so on to keep the system healthy and stable, learning to view and manage log systems is essential. The following describes the common log files in the web system:
I. linux system logs: the log system on centos6 is rsyslog.
The starting process is rsyslogd.
1. view the startup status of the log system;
# Chkconfig -- list rsyslog
# Service rsyslog status
# Ps aux | grep rsyslogd 2. System Log Files
Log File Location:/var/log
Configuration File Location:. conf file under/etc/rsyslog. conf/etc/rsyslog. d/
Common files are as follows:
Dmesg: information output before the init program is started. Contains kernel buffer information (kernel ring buffer ). You can use the dmesg command to quickly view the boot log of the last system boot.
Messages: includes the overall system information and logs generated during system startup. In addition, mail, cron, daemon, kern, and auth are recorded in var/log/messages logs.
Maillog: the log information generated by the mail system.
Secure: User logon information.
Boot. log: logs generated when the system is started.
Wtmp: a binary file that records the logon times and duration of each user. You can use the wtmp file to show who is logging on to the system and who is using the command to display the file or information. Because it is a binary file, you need to use last-f/var/log/wtmp to view it.
Btmp: records all logon failures. Use the last command to view the btmp file. For example, "last-f/var/log/btmp | more". We can see that this folder is very large. The solution is to change the ssh port and lock the user so that he cannot log in. /Etc/pam. d/contains configuration files for various authentication programs or services. Edit these settings to limit the number of failed authentication attempts. When the number of failed attempts exceeds the specified value, the user is locked.
Lastlog: records the latest information of all users. This is not an ASCII file, so you need to use the lastlog command to view the content.
Spooler: uucp and news logs (UUCP is a protocol that is connected through a serial line between Unix systems. Uucp uses the UUCP protocol to transfer files.
Yum. log: the installation software log using the yum command, which records all the information you have installed, uninstalled, and updated using the yum command.
Tallylog:/var/log/tallylog is a binary log that records Authentication failures and is related to pam Authentication login.
Dracut. log: dracut is the next generation of initramfs system. Therefore, this file records information about the virtual file system before the system starts.
Cron: every time a cron process starts a job, it records relevant information in this file.
Anaconda. log: When Linux is installed, all installation information is stored in this file. All anaconda-related files are logs generated when the system is automatically installed.
Rdate. log: rdate is used to obtain the time on the remote time server. With the-s parameter, the obtained time can be applied to the local system.
Gshell. log
Kernel-version
Backup-dir
The above three files are generated by the software ~ I also hope some experts will point out that.
[Note: The lastlog command is used to display the last logon information of all users in the system. The last command is used to display the user's recent logon information. Execute the last command separately. It reads the/var/log/wtmp file and displays all the usernames recorded in the login System for the file. You can add a user name (such as last root) after the last command to display the information about this account. If you only want to know the attempt to log on to your account (bad logins), you can use the lastb command. The lastb command is used to display the logon list of user errors. This command can detect system logon exceptions. Run the lastb command separately. It reads the file named btmp in the/var/log directory and displays all the user names that failed to log on to the file.]
/Var/log also contains the following sub-directories for specific system-based applications:
Ntpstats: records information related to Network Time Protocol (NTP.
Prelink Folder: contains the information modified by prelink in the. so file.
Audit Folder: The Role of Linux audit: helps you understand and analyze what is happening in your system.
Mail folder: some records related to sendmail software.
Sa Folder: contains information collected by the sysstat package on a daily basis. Sysstat is a software package that includes a set of tools to monitor system performance and efficiency. These tools collect system performance data for us, such as CPU usage, hard disk and network throughput data, the collection and analysis of these data helps us determine whether the system is operating normally. It is a good assistant to improve the system operation efficiency and run the server safely;
ConsoleKit Folder: ConsoleKit is mainly used by Gnome for Fedora-Fast User Switching. It is mainly used to automatically load device and Power Management.
For web construction and web development, we also need to be familiar with the log files generated by various web software, including apache (http), php, and mysql.
Ii. http log files
File Location: Specify the configuration file location in the configuration file:/etc/httpd. confaccess_log: records all access activities to the Web server error_log: Error Log ssl_request_log: ssl access log
3. php-fpm log files: php-fpm also has access logs, error logs, and slow query logs. However, in addition to debugging requirements, only error logs are enabled.
Configuration File Location: it is specified during compilation. It is generally in the etc directory under the php installation directory. The default enable location of the error log file is generally in the php installation directory var/log directory name is php-fpm.log
4. php log files:
Configuration File: the/etc/php. ini error log is disabled by default. You can specify the location of the log file in the configuration file to enable log_errors = On in the configuration file.
Error_log = File Location