Title: What is syslogd. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
1. What is syslogd? Syslogd can be simply called a daemons that records system activities. For example, you can record who, when, where, and what you have done (such as writing a narrative), or you can record what happened in your system, for example, when is the reboot or hardware or software error information? Of course, it also records the information of the Service running on your system.
Most of the time, a friend came up and asked, "Why can't I start X ?!" Question marks and exclamation marks are not allowed to be used in Chinese standards, but we can know that his mood is urgent. But why don't you first consider what changes you have made? Why don't you first check whether there is any error output? Why don't you check the log file? At least, logs provide a good reference for solving the problem. Many people say that one of their devices does not work. Do you take the dmesg information seriously for reference?
Syslogd is a trivial task, but it is a very important task. Many of my friends decided to stop the daemons in order to improve the system performance and save a little resources. In my opinion, this is not advisable.
Syslogd logs are generally stored in/var/log/, and are stored on another server. Because the information recorded by syslogd is too important, it also involves log security issues.
General System Log information:
Code:
/Var/log/secure: records system security information, such as ssh, ftp, and pop3;
/Var/log/wtmp: record who has logged on to the system. Because this log has been encoded, you can only use the last command to view it;
/Var/log/boot. log: as the name suggests, records the information about enabling or disabling the system and Wu fu;
/Var/log/message: system errors are recorded in this log, for example, logs using the log function in iptables;
/Var/log/mail:
/Var/log/httpd/
/Var/log/mysqld. d. logs of these services are recorded.
2. syslogd configuration instructions 2.1 start syslogd Service
First, you must determine whether your system is running the service.
Code:
Service [color = red] syslog [/color] status
Or:
Code:
Ps-aux | grep syslog
If your system does not run this service, you can open it. There are many methods.
Code:
Service syslog start
If you want the system to run syslogd at the next startup, you can add it to the Service in setup. If you determine your default boot level, such as 3, you can also add a soft connection starting with S under/etc/rc. d/rc3.d. Alternatively, you can use chkconfig 2345 syslog on to add.
2.2 syslogd service configuration file
The configuration file of syslogd is generally in/etc/syslog. conf. This file still follows the rules of other configuration files you have seen, for example, # Is a comment. You can see what your syslogd is helping you record. This is part of my syslog. conf:
Reference:
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
# Kern. */dev/console
# Log anything (could t mail) of level info or higher.
# Don't log private authentication messages!
*. Info; mail. none; authpriv. none; cron. none/var/log/messages
# The authpriv file has restricted access.
Authpriv. */var/log/secure
# Log all the mail messages in one place.
Mail. */var/log/maillog
# Log cron stuff
Cron. */var/log/cron
2.3 syslog. conf configuration rules
Code:
Service name. storage or display location of information level
This syntax is simple. Haha. One by one.
Service name
Mail http at cron kern and so on.
Information level
Code:
Info: displays information;
Notice: the information you need to pay attention;
Warn or waring: warning information;
[Color = black] although the above three information reminds you of this, the error is not found. Pay attention to the following information. [/Color]
Error or err: error message. You need to carefully check the cause of the error;
Crit: a very serious error. It has reached the critical point;
Alert: Warning! Do you think of "Red Alert "? However, this is a serious error;
Emerg or panic: The system is messy. redo it;
Special:
Debug: displays a lot of information;
None: as the name suggests, no information is recorded.
Storage or display location
Code:
Absolute log Path: for example,/var/log;
One of your users;
Host on the Network: @ log.company.com
Printer:/dev/lp0
2.4 application example
Code:
Mail.info/var/log/maillog
Information greater than or equal to info will be written to/var/log/maillog.
Information with a level of warn is written into/var/log/mailcronwarn, and other information is written into/var/log/mailcron.
Code:
*. *; Mail, cron. none/var/log/message
Code:
*. *; Mail. none; cron. none/var/log/message
Records all information of all services except mail and cron.
3 Relationship Between syslogd and logs in service configuration in the system As mentioned above, syslogd provides Log service for the system. So what is the relationship between the log information defined in the configuration file and syslog. conf?
Or you have noticed this section:
Code:
# Log anything (could t mail) of level info or higher.
# Don't log private authentication messages!
*. Info; mail. none; authpriv. none; cron. none/var/log/messages
What does this passage mean? I think it is to record all system information except mail, authpriv, and cron in/var/log/messages. That is, it records your own http information. Is that true? I have installed an httpd and specified the log to another file, such as/usr/website/log/httplog. Although I can see my httpd log information in/usr/website/log/httpdlog
Code:
# Cat/var/log/messages | grep HTTP
Is empty.
In addition, I once asked a friend about this problem. He said that syslogd won't record the information you didn't ask it to record. Although there is a *. info above, this * Does not include your own service. I asked, so iptables is not required in my syslog. conf. Why does it record/var/log/messages? Or you can define iptables yourself.
Therefore, I have only such an understanding of this section. If any error occurs, please point it out.
4. What is logrotate? Logrotate rotates log files. It is to name the current log as log.1, and then continue to write the log. If log.1 exists, it is named log.1 as log.2 and then named log as log.1, and so on, but it is not endless. At the end of this step is your definition in the logrotate configuration file. The default value of my system is 4. What are the operations on log.4? Delete.
Syslogd runs in daemons mode;
Logrotate runs as planned.
5. logrotate configuration instructions 5.1 location of the configuration file
/Etc/logrotate. conf
/Etc/logrotate. d
Among them,/etc/logrotate. conf is the main configuration file, and the files in/etc/logrotate. d will be read by/etc/logrotate. conf. If the configuration file in/etc/logrotate. d does not specify specific parameters, these parameters are determined by/etc/logrotate.
5.2 logrotate configuration rules
As mentioned above in 5.1, the main configuration of logrotate is in/etc/logrotate. and/etc/logrotate. the file in d is for/etc/logrotate. conf. You can also set it to prevent/etc/logrotate. conf from being too large. Logrotate statement:
Code:
Write the logfile (s) in front of the file. It contains the absolute path of the file. You can use blank characters to separate multiple logs, or use the wildcard replacement. Use {} to include all the settings. Generally, this includes:
Prerotate commands executed before logrotate is started, such as/usr/bin/charrt-a/var/log/logfile;
Postrotate: The Command executed after logrotate is executed, for example,/usr/bin/charrt + a/var/log/logfile;
You can configure or disable the above two actions, depending on your needs.
Actions between prerotate and postrotate include:
Weeky # Run once a week
Rotate 4 # retain four logs
Create # create a log after logratoe
Compress # Whether the logs after rotate are compressed
Include/etc/logrotate. d # include rotation settings under the/etc/logrotate. d directory
If you write your rotation settings under/etc/logrotate. d, you can use
Code:
Logrotate-f yourfile
To test.
5.3 The settings in this document are clear, so we will not give an example here. You can refer to the documents below/etc/logrotate. conf and/etc/logrotate. d.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
