1. Use the logger command to record logs
Logger is a shell command interface that allows you to use the Syslog System Log Module and write a line of information directly to the system log file from the command line.
Log Level
The log level is divided into seven levels, from the urgency to the end:
The emerg system is unavailable and its level is urgent.
Alert, which must be handled and resolved immediately
The crit will occur and must be prevented. Event is about to happen
Warnig warning
Err error message, common error message
Notice reminder information, very important information
Info notification information, which is general information
Debug: This is debugging information.
1. Solution:
Edit syslog. conf,
# Vi/etc/syslog. conf
Add local3.none to the first line so that logs of the device local3 are not recorded in the messages file,
# Log anything (could t mail) of level info or higher.
# Dont log private authentication messages!
*. Info; mail. none; authpriv. none; cron. none; local1.none; local3.none/var/log/messages
Record all levels of information of the device local3 in the userlog file,
# User log
Local3. */var/log/userlog
Reload the configuration file of the syslog service,
[Root @ KEVEIN Slides] # service syslog reload
Reloading syslogd... [OK]
Reloading klogd... [OK]
2. Test:
Environment of the test machine:
OS: Red Hat Enterprise Linux 5 update 3
Network: 192.168.0.100/24 Gateway: 192.168.0.1
[Root @ KEVEIN Slides] # ping 192.168.0.1 | logger-it logger_test-p local3.notice &
[2] 22484
The parameter meaning in the Command logger-it logger_test-p local3.notice:
-I. Process IDs are recorded on each line.
-T logger_test: the "logger_test" label is added to each record.
-P local3.notice: set the device and level of the record
[Root @ KEVEIN Slides] # tail-f/var/log/userlog
Oct 6 12:48:43 kevein logger_test [22484]: PING 192.168.0.1 (192.168.0.1) 56 (84) bytes of data.
Oct 6 12:48:43 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 1 ttl = 253 time = 49.7 MS
Oct 6 12:48:44 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 2 ttl = 253 time = 68.4 MS
Oct 6 12:48:45 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 3 ttl = 253 time = 315 MS
Oct 6 12:48:46 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 4 ttl = 253 time = 279 MS
Oct 6 12:48:47 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 5 ttl = 253 time = 347 MS
Oct 6 12:48:49 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 6 ttl = 253 time = 701 MS
Oct 6 12:48:50 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 7 ttl = 253 time = 591 MS
Oct 6 12:48:51 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 8 ttl = 253 time = 592 MS
Oct 6 12:48:52 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 9 ttl = 253 time = 611 MS
Oct 6 12:48:53 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq = 10 ttl = 253 time = 931 MS
The ping Command output is successfully output to the/var/log/userlog file. The experiment is successful.
2. Log rollback
The system generates logs all the time. If the logs are not cleared in time, they will soon be filled with hard disks. However, manual cleaning is troublesome. In this case, the logrotate program completes this task well.
Logrotate is used to delete the old log file and create a new log file. We call it a "dump ". We can dump the logs based on the log file size or the number of days. This process is generally executed by a daemon called crond. logrotate can also be used to compress log files, and send logs to the specified email.
The logrotate configuration file is/etc/logrotate. conf. The main parameters are as follows:
Parameter Functions
Compress compresses logs after dumping through gzip
This parameter is used when nocompress does not require compression.
Copytruncate is used to back up and truncate the current log file that is still being opened.
Nocopytruncate backs up log files but does not truncate
Create mode owner group dump file, create a new log file using the specified file mode
Nocreate does not create a new Log File
Delaycompress
When used together with compress, the dumped log file is compressed only when it is transferred to the next dump.
Nodelaycompress overwrites the delaycompress option, and the dump is compressed at the same time.
The error message sent to the specified Email address when the errors address exists
Ifempty dumps even empty files. This is the default logrotate option.
Notifempty is not dumped if it is an empty file
Mail address sends the dumped log file to the specified E-mail address
Do not send log files when nomail dump
Olddir directory
The dumped log file must be in the same directory as the current log file.
The log file after noolddir dumping and the current log file are placed in the same directory
Prerotate/endscript
The command to be executed before the dump can be placed in this pair. These two keywords must be set separately.
Postrotate/endscript
The command to be executed after the dump can be placed in this pair. These two keywords must be entered separately.
Daily indicates that the dump cycle is daily.
Weekly indicates that the dump cycle is weekly.
Monthly specifies the dump cycle as per month
Rotate count
Specifies the number of dump times before log files are deleted. 0 indicates no backup, and 5 indicates that five backups are retained.
Tabootext [+] list
To prevent logrotate from dumping files with the specified extension, the default extension is. rpm-orig,. rpmsave, v, and ~
Size
Dump is performed only when the log file reaches the specified Size. The Size can be bytes (default), KB (sizek), or MB (sizem ).
The system executes and operates logrotate:
In/etc/cron. there is a logrotate shell script in the daily/path. Therefore, the cron program calls the logrotate program once a day, and then the logrotate program checks whether the log file meets the rollback conditions and performs the corresponding action.
Perform the following operations:/usr/sbin/logrotate/etc/cron. daily/logrotate. conf;
In the/etc/logrotate. conf file, the following options are available:
# RPM packages drop log rotation information into this directory
Include/etc/logrotate. d
This option indicates that all scripts under the/etc/logrotated directory are executed simultaneously when the logrotate program is executed.
Example of running the action: Clear the relevant content in the/var/log/wtmp directory every month:
/Var/log/wtmp {
Monthly
Create 0664 root utmp
Rotate 1
}
Lab:
1.
Environment: Red Hat Enterprise Linux 5.3
Tutorial description:
(1) run the logrotate command with Cron to check whether the target log file meets the rollback limit once every minute. (2) Configure/etc/logrotate. conf or create a custom/etc/logrotate. d/userlog
(3) edit/etc/syslog. conf so that the recorded log information can be written to/var/log/userlog.
[Root @ KEVEIN ~] # Crontab-e
* ***/Usr/sbin/logrotate/etc/logrotate. conf // write this command
[Root @ KEVEIN ~] # Vi/etc/logrotate. conf
* ** Omitted ***
/Var/log/userlog {
Daily
Size 10 k // The unit is case sensitive. The value must be k or M.
Create 0664 root
Rotate 3
Prerotate
/Bin/kill-HUP 'cat/var/run/syslogd. pid 2>/dev/null' 2>/dev/null | true
/Bin/kill-HUP 'cat/var/run/rsyslogd. pid 2>/dev/null' 2>/dev/null | true
Endscript
}
The prerotate script must be added here, so that the syslog program can re-read the configuration file. The purpose of this script is to allow the syslog program to release the file descriptor held on the userlog file. Otherwise, even if the log file
Rollback does not allow syslog To write data to newly generated log files. For example, if this script is not added, even if the logrotate program truncates the userlog file and renames it as userlog.1, the syslog program still writes data to the original userlog file, namely userlog.1.
[Root @ localhost ~] # Vi/etc/syslog. conf
****** Omitted *****
*. Info; mail. none; authpriv. none; cron. none; local1.none; local3.none/var/log/messages
# User log
Local3. */var/log/userlog
Reload the configuration file
[Root @ KEVEIN ~] # Service syslog reload
Reloading syslogd... [OK]
Reloading klogd... [OK]
Restart the crond Service
[Root @ KEVEIN ~] # Service crond restart
Stopping crond: [OK]
Starting crond: [OK]
Test:
Use the logger command to write data to userlog and test the logrotate function.
[Root @ KEVEIN ~] # Ping 192.168.1.1 | logger-it logger_test-p local3.notice &
[1] 5144
[Root @ KEVEIN ~] # Cd/var/log/
[Root @ KEVEIN log] # ll-h userlog *
-Rw-r -- 1 root 1.6 K Oct 11 userlog
[Root @ KEVEIN log] # ll-h userlog *
-Rw-r -- 1 root 6.1 K Oct 11 20:00 userlog
// Although logrotate has been executed, the limit value has not been reached
[Root @ KEVEIN log] # ll-h userlog *
-Rw-r -- 1 root 0 Oct 11 20:08 userlog
-Rw-r -- 1 root 15 K Oct 11 20:08 userlog.1
-Rw-r -- 1 root 18 K Oct 11 20:05 userlog.2
Note that when the conditions are met, the logrotate program will cut off the target Log File userlog and name it userlog.1, change the original userlog.1 to userlog.2, and so on, the syslog program always writes data to the userlog file.