Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux Log     - Linux port scanning (Linux)

- AFNetworking + Nginx HTTPS communication server + (Server)

- Construction CA certificate using OpenSSL command line (Server)

- Big Data Common Glossary (Linux)

- Oracle VirtualBox Problem Solving Case (Linux)

- The Linux C truncate function clears the file notes (Programming)

- Based kubernetes Construction Docker Cluster Management Comments (Server)

- Difference between TCP and UDP protocols (Linux)

- Piostat - Monitoring and Statistics Linux process (Linux)

- Debian users to install FFmpeg 2.2.2 (Linux)

- Linux system security Comments (Linux)

- HTTP and HTTPS request response process difference (Linux)

- Ubuntu the ARP (arptables) (Linux)

- File easier to compare tools under Linux (Linux)

- Zabbix installation under Linux (Server)

- Use MD5 transform algorithm to prevent exhaustive decipher passwords (Linux)

- Linux resource restriction level summary (Linux)

- After Oracle 11g dataguard failover rebuild the archive logs are not applied to be NO problem (Database)

- File permissions under Linux (Linux)

- Oracle data row split multiple lines (Database)

  Linux Log
  Add Date : 2016-06-15      
  First, we will describe what about the Linux logs is, where to find them, and they are the basics of how to create. If you already know these, please feel free to skip to the next section.

Linux system log

Many valuable log files are automatically created for you by Linux. You can find them in / var / log directory. The following is a typical Ubuntu system directory like this

Some of the most important Linux system logs include:

/ Var / log / syslog or / var / log / messages stored in all of the global system activity data, including boot information. As Ubuntu Debian based systems store them in / var / log / syslog, whereas RedHat based systems such as RHEL or CentOS which is stored in / var / log / messages in.
/var/log/auth.log or / var / log / secure storage from the Pluggable Authentication Modules (PAM) logs, including successful logins, failed login attempts and authentication. Ubuntu and Debian in /var/log/auth.log storing authentication information, RedHat and CentOS then stores this information in / var / log / secure in.
/ Var / log / kern kernel memory error and warning data, which exclude faults associated with custom kernel is especially useful.
/ Var / log / cron store information about cron jobs. Use this data to ensure that your cron jobs are successfully running.
Digital Ocean has a complete tutorial on these documents, the rsyslog describes how to create them in the common distributions such as RedHat and CentOS in.

Applications will be written to the log file in this directory. For example, like Apache, Nginx, MySQL and other common server programs can be written to a log file in this directory. Some of the log files created by the application itself, others by syslog (specifically see below) to create.

What is Syslog?

Linux system log files is how to create it? The answer is through the syslog daemon, it listens to the log information on the syslog socket / dev / log, and then write them to the appropriate log file.

The word "syslog" on behalf of several meanings, and often one of several names for the following abbreviation:

Syslog Daemon - one for receiving, processing and sending syslog information program. It can be remotely sent to a centralized syslog server or write to a local file. Common examples include rsyslogd and syslog-ng. Used in this way, often said, "is sent to the syslog".
Syslog protocol - specified log how network to transmit a transport protocol and definitions for syslog message (specifically see below) data format. It was formally defined in RFC-5424. For the text log, the standard port is 514, the encryption logs, the port is 6514. Used in this way, the phrase "the transmission by syslog."
Syslog information - syslog format log information or events, which includes a few standard header with the field. Used in this way, the phrase "the sending syslog".
Syslog information or events, including headers with a few standard fields that can make it easier to analyze and routing. They include time stamp, application name, category or location in the system of sources of information, and the priority of the event.

The following shows the log information contains a syslog message header, it comes from the sshd daemon to control the system's remote login, this description is a failed login attempt:

< 34> 1 2003-10-11T22: 14: 15.003Z server1.com sshd - - pam_unix (sshd: auth): authentication failure; logname = uid = 0 euid = 0 tty = ssh ruser = rhost =

Syslog format and fields

Each syslog message contains a header with the fields, these fields are structured data, making analysis and routing events easier. Here's what we use for generating syslog format the above example, you can match each value to the name of a particular field.

< % Pri%>% protocol-version%% timestamp ::: date-rfc3339%% HOSTNAME%% app-name%% procid%% msgid%% msg% n
Below, you will see some of the fields in the lookup syslog or troubleshooting commonly used when:



Timestamp (above examples 2003-10-11T22: 14: 15.003Z) implies that transmits the information in the system time and date. This time on another system may vary when receiving the information. In the above example can be decomposed into a time stamp:

2003-10-11 year, month, and day.
T is the timestamp of the essential elements of the date and time it separated.
22:14: 15.003 24-hour time, including access to the next second number (003) ms.
Z is an optional element refers to the UTC time, in addition to Z, this example may also include an offset, for example, -08: 00, which means that the time offset from UTC 8 hours, or PST time.

CPU name

Host name field (in the example above corresponds server1.com) refers to the name of the host system or send information.

Application name

Application name field (in the example above corresponds sshd: auth) is the name of a program to send information.


Priority fields or abbreviated as pri (in the example above corresponds to) tell us how this incident or serious emergency. It consists of two numeric fields: Field equipment and emergency field. The urgency of the field from the figures represent the debug class event number from 0 to 7 have been emergencies. Device field which describes the process of creating the event. It stands for the kernel from the digital information from 0 to 23 on behalf of the local application used.

Pri has two output modes. The first is a single digital representation, it can be calculated as follows: first with 8 multiplied by the value of field equipment, field equipment :( value plus the urgency of the field) (8) + (emergency field). The second is pri text, will be "device field. Urgency field" format string output. The latter format is more convenient to read and search, but take up more storage space.
- View processes and threads under Linux (Linux)
- 10 really interesting Linux command (Linux)
- The Samba service does not have permission to access (Server)
- Linux file compression and file system packaged with instructions (Linux)
- Python exception summary (Programming)
- crontab task scheduling Health Check (Linux)
- 20+ Best Practices article MySQL Performance Optimization (Database)
- ISO image to use offline upgrade Ubuntu (Linux)
- Linux Shell Scripting (Programming)
- Virtual Judge structures under Ubuntu 14.04 (Server)
- MongoDB uses aggregate, group, match mysql achieve in having (count (1)> 1) features (Database)
- Under Linux using Magent + Memcached cache server cluster deployment (Server)
- Protobuf compiled and used on the Ubuntu 14.04 (Programming)
- Restore database fault encountered ORA-0600 (Database)
- How to Install Apache on Linux servers (Server)
- Lazarus IDE Start Basics Tutorial (Linux)
- APR for Tomcat installation under Linux (Server)
- Can not remember how to solve the problem under Ubuntu brightness setting (Linux)
- Let Linux boot methods to enter characters interface and set FrameBuffer resolution methods (Linux)
- Linux using RAID how to use Mdadm Tool Management Software RAID (Linux)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.