linux下的syslog和/var/log
Syslog is the general standard (IETF) for logging system and program messages in the Linux environment.
This service constitutes the system log daemon, where any program can do its logging (debug, security, normal operation) through in addition the Linux kernel messages.
--該服務由其daemon程式/sbin/syslogd維護,可透過如下命令啟動
1 service syslog start
2 /etc/init.d/syslog start
--配置檔案為/etc/sysconfig/syslog,大致結構如下;其中klogd負責捕獲kernel日誌資訊
# Options to syslogd
# -m 0 disables 'MARK' messages.
# -r enables logging from remote machines
# -x disables DNS lookups on messages recieved with -r
# See syslogd(8) for more details
SYSLOGD_OPTIONS="-m 0"
# Options to klogd
# -2 prints all kernel oops messages twice; once for klogd to decode, and
# once for processing with 'ksymoops'
# -x disables all klogd processing of oops messages entirely
# See klogd(8) for more details
KLOGD_OPTIONS="-x"
#
SYSLOG_UMASK=077
# set this to a umask value to use for all log files as in umask(1).
# By default, all permissions are removed for "group" and "other".
In principle, the logs handled by syslog are available in the /var/log/ directory on Linux system:
# ls /var/log
acpid cron.1 maillog.3 rpmpkgs.3 spooler.3
anaconda.log cron.2 maillog.4 rpmpkgs.4 spooler.4
anaconda.syslog cron.3 messages sa squid
anaconda.xlog cron.4 messages.1 samba tallylog
audit cups messages.2 scrollkeeper.log vbox
boot.log dmesg messages.3 secure wtmp
boot.log.1 faillog messages.4 secure.1 Xorg.0.log
boot.log.2 gdm oracle-validated secure.2 Xorg.0.log.old
boot.log.3 httpd pm secure.3 YaST2
boot.log.4 lastlog ppp secure.4 yum.log
btmp mail prelink setroubleshoot
conman maillog rpmpkgs spooler
conman.old maillog.1 rpmpkgs.1 spooler.1
cron maillog.2 rpmpkgs.2 spooler.2
where some of the logs are dumped under a subdirectory like cups, samba, httpd. Among the logs under /var/log the /var/log/messages is the most common one as the kernel / core system logs are held there. The kernel modules generally dumps there too. So, for problem diagnosis / monitoring the /var/log/messages is the primary log file to examine.
--syslog產生的日誌位於/var/log目錄下,其中messages是最常用到的,記錄startup資訊等
The logs are rotated every week (renaming the existing log to filename.number order):
# ls -l /var/log/messages*
-rw------- 1 root root 1973 Jun 10 15:07 /var/log/messages
-rw------- 1 root root 10866 Jun 6 04:02 /var/log/messages.1
-rw------- 1 root root 19931 May 30 04:02 /var/log/messages.2
-rw------- 1 root root 238772 May 23 04:02 /var/log/messages.3
-rw------- 1 root root 171450 May 14 18:29 /var/log/messages.4
Rsyslogd可以看作是syslogd的改良版,可透過man 8 rsyslogd檢視詳細資訊。
以下是最常見的/var/log日誌介紹
- /var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
- /var/log/dmesg – Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the .
- /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.
- /var/log/boot.log – Contains information that are logged when the system boots
- /var/log/daemon.log – Contains information logged by the various background daemons that runs on the system
- /var/log/dpkg.log – Contains information that are logged when a package is installed or removed using
- /var/log/kern.log – Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
- /var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
- /var/log/maillog /var/log/mail.log – Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
- /var/log/user.log – Contains information about all user level logs
- /var/log/Xorg.x.log – Log messages from the X
- /var/log/alternatives.log – Information by the update-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
- /var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more”
- /var/log/cups – All printer and printing related log messages
- /var/log/anaconda.log – When you install Linux, all installation related messages are stored in this log file
- /var/log/yum.log – Contains information that are logged when a package is installed using yum
- /var/log/cron – Whenever (or ) starts a cron job, it logs the information about the cron job in this file
- /var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
- /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
- /var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/15480802/viewspace-733861/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Linux--SysLogLinux
- AIX 中audit 和syslogAI
- linux系統/var/log目錄下的資訊詳解Linux
- Log4j2常見使用示例及Syslog/Syslog-ng
- linux下syslog-ng日誌集中管理服務部署記錄Linux
- linux下用python寫的一個syslog服務程式指令碼薦LinuxPython指令碼
- redhat linux之/etc/syslog.conf示例及loggerRedhatLinux
- Docker centos 安裝syslogDockerCentOS
- 在 Linux 上配置一個 syslog 伺服器Linux伺服器
- syslog--unix like系統常用的log工具
- syslog:類Unix系統常用的log服務
- 【shell 指令碼】刪除/var/log 下的日誌指令碼
- Linux 上配置 syslog 伺服器過程詳解Linux伺服器
- Linux下如果/var/log/messages停止寫入內容了,如何重新啟動syslogd .Linux
- Oracle Linux 7使用syslog來管理Oracle ASM的審計檔案OracleLinuxASM
- syslog協議及rsyslog服務全解析協議
- JavaScript全域性作用域下,變數加var和不加var的區別。JavaScript變數
- linux教程:管理/var/spool/clientmqueue/下的大檔案LinuxclientMQ
- Linux下/var/spool/clientmqueue空間不足的解決LinuxclientMQ
- gz檔案檢視,syslog系統壓縮的
- Log check error: Log file /var/log/messages is not readable!Error
- Elasticsearch使用syslog傳送Watcher告警事件Elasticsearch事件
- Omnibus系列之 Syslog Probe元件安裝元件
- syslog強大而安全的日誌處理系統
- [20120810]linux使用syslog審計資料庫.txtLinux資料庫
- syslog簡介——系統日誌寫入APIAPI
- 解決syslog伺服器啟動問題伺服器
- 使用syslog-ng和stunnel建立集中式安全日誌伺服器伺服器
- 使用var和不使用var宣告變數的區別變數
- var和public的區別
- var 和 let 的區別
- centos6安裝最新syslog-ng推送hdfsCentOS
- js宣告變數帶var和不帶var的區別JS變數
- 8.var目錄下的檔案和目錄詳解
- Ubuntu 更新到 22.04.4 LTS 記錄器 syslog 出錯Ubuntu
- Go 中 type var string 和 type var = string 的區別Go
- ${VAR:=預設值}和${VAR:-預設值} 區別
- linux下weblogic新建域LinuxWeb