Log Files in centos7
Common Linux Log Files are described as follows:1./var/log/boot. log (self-check process)2./var/log/cron (actions of the child process derived from crontab daemon crond)3./var/log/maillog (activity of emails sent to or from the System)4./var/log/syslog (it only records warning information, which is often the information of system problems, so pay more attention to this file)
5./usr/local/apache/logs/error_log (which is the log directory that records apache)
6./var/log/httpd
View User Logon records in CentOS
User logon information is recorded in utmp (/var/run/utmp), wtmp (/var/log/wtmp), and btmp (/var/log/btmp) and lastlog (/var/log/lastlog) files.
Commands such as who, w, and users query the information of the currently logged on user through the utmp (/var/run/utmp) file.The last and ac commands use the wtmp (/var/log/wtmp) file to query the information of current and past
/adm-Earlier versions of Unix/var/adm-The new version uses this location/var/log-Some versions of Solaris,linux Bsd,free BSD Use this location/etc-most UNIX versions put utmp here, and some put wtmp here, syslog.conf here.Some of the following files differ depending on the directory you are in:Acct or PACCT--record the command records used by each userAccess_log--When the server is running NCSA httpd, record what site is connected to your serverAculog--Keep the modems record you're dialing out.L
kernel. When a process terminates, write a record for each process to the process statistics file (PACCT or acct). The purpose of process statistics is to provide command usage statistics for basic services in the system.
Error log – Executed by SYSLOGD (8). Various system daemons, user programs, and cores report noteworthy events to file/var/log/messages via Syslog (3). There are also many UNIX programs that create logs. Servers that provide network services, such as HTTP and FTP, also mainta
No matter ssh or the terminal obtained through rebound, there is a log. Therefore, the first thing we do after getting the terminal is to try not to record the log. generally, we will execute the following three commands: HISTFILE/dev/null, HISTFILESIZE0, and HISTSIZE0
No matter ssh or the terminal obtained through rebound, there is a log. Therefore, the first thing we do after getting the terminal is to try not to record the log. generally, we will execute the following three commands: HISTFIL
statistics for basic services in the system.Error log-executed by SYSLOGD (8). Various system daemons, user programs, and cores report noteworthy events to file/var/log/messages through Syslog (3). There are also many UNIX programs that create logs. Servers that provide network services, such as HTTP and FTP, also maintain detailed logs. The usual log files are as follows:Transmission of Access-log Record Http/webAcct/pacct Record User CommandsActivities of the Aculog record modemBtmp record of
have the log file generated by the system, add: *.warning/var/log/syslog The log file can record information such as error password, sendmail problem, su command execution failure when the user logged in/etc/syslog.conf. This log file records the most recent successful logon event and the last unsuccessful logon event that was generated by login. Each time a user logs on, the file is a binary file and needs to be viewed using the Lastlog command, whi
No matter ssh or the terminal obtained through rebound, there is a log. Therefore, the first thing we do after getting the terminal is to try not to record the log. Generally, we will execute the following three commands: HISTFILE =/dev/null, HISTFILESIZE = 0, and HISTSIZE = 0 (I usually use python scripts for rebound. It comes with the pty module and has built-in unsetenv (), so it can be left empty ), however, if you ssh to other machines in the terminal, there will be another log, such as wtm
We know that in redhat, you can use lastlog to view the last logon information of each user, and use last to view the logon information of the specified user. View user login information: detailed explanation of last command function description: lists information about users currently logged on to the system. Syntax: last [-adRx] [-f lt; Record File gt;] [-n lt; display columns gt;] [account name...] [terminal number...] note: Execute The last Co
21 :08-down (8 + 17: 46)
Devin pts/1 10.0.2.221 Mon Jul 21)
Ac command: the ac Command reports the user connection time (hours) based on the current logon entry and exit in the/var/log/wtmp file. If no sign is used, the total time is reported. In addition, you can add some parameters. For example, last-t 7 indicates that the report of the previous week is displayed.
The lastlog file of the lastlog comma
View User Logon records in Linux and user logon records in linux
User logon information is recorded in utmp (/var/run/utmp), wtmp (/var/log/wtmp), and btmp (/var/log/btmp) and lastlog (/var/log/lastlog) files.
Commands such as who, w, and users query the information of the currently logged on user through the utmp (/var/run/utmp) file.The last and ac commands use the wtmp (/var/log/wtmp) file to query the i
log file records information such as the wrong password, Sendmail issue, and su command execution failure recorded by login during user logon. This log file records the recent successful logon events and the last unsuccessful logon events, which are generated by login. This file is a binary file and needs to be viewed using the lastlog command. The username, port number, and last logon time are displayed according to the UID sorting. If a user has ne
default gateway192.168. 32.1 /etc/sysconfig/network GATEWAY=192.168. 32.1④ modifying DNSRestart effective: vim/etc/resolv.conf 202.96. 134.1337.5 lists user information currently logged into the system with the past(1) Last Order
Command name
Last
Command path
/usr/bin/last
Execute permissions
All Users
Grammar
Last
(2) Application Example: $last7.6 check when a user last
Note that logtamper can only be used to clear log traces, and is mainly used for utmp, wtmp, and lastlog. In fact, the important logs of the linux system are: lastlog, utmp, wtmp, messages, syslog, and sulog. Therefore, you cannot rely solely on tools.
In addition, various shells also record the history of commands used by users. It uses files in the user's home directory to record the history of these comm
10.0.2.221 Mon Jul 21 14:42 - 14:53 (00:11)
Ac command: the ac Command reports the user's connection time based on the current Logon Time and exit time in the/var/log/wtmp file. If no sign is used, the total time is reported. In addition, you can add some parameters. For example, last-t 7 indicates that the report of the previous week is displayed.
The lastlog file of the lastlog command is queried ev
17 total 104.29 today total 179.02 type the ac-p command, then press enter to display the total connection time of each user: ynguo 193.23 yucao 3.35 Rong 133.40 hdai 10.52 zjzhu 52.87 zqzhou 13.14 liangliu 24.34 total 5178.24 lastlog command the lastlog file is queried every time a user logs on. You can use the lastlog command to check the last logon time of a
. nic. ustc. e Thu Aug 3)
Ynguo pts/11 simba. nic. ustc. e Thu Aug 3)
Ynguo pts/0 simba. nic. ustc. e Thu Aug 3)
Ynguo pts/0 simba. nic. ustc. e Wed Aug 2 0:04-0:16 1 + 02: 12)
Ynguo pts/0 simba. nic. ustc. e Wed Aug 2)
Ynguo pts/9 simba. nic. ustc. e Thu Aug 1)
Ac: the ac Command reports the user connection time (hours) based on the logon entry and exit times in the current/var/log/wtmp file. If no signs are used, the total time is reported. Example: ac (Press ENTER): total 5177.47
Ac-d (Press
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.