Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ Linux operating system log system     - ASM Disk Space Check (Database)

- Oracle 11g partition maintenance (two) - Coalescing Partitions (Database)

- Daemon under Linux (Linux)

- MySQL Study of --Percona Server 5.5 Upgrade 5.6 (Database)

- iOS9 new feature - stacked view UIStackView (Programming)

- How to create a new file system / partitions under Linux terminal (Linux)

- Btrfs file system creation and their characteristics in Linux (Linux)

- Nginx Module Development - get user ip (Server)

- Web cache basics: terminology, HTTP headers, and caching policies (Server)

- Binary search and modification (Programming)

- Java interview questions in nine radio (Programming)

- How to fix fatal error: security / pam_modules.h: No such file or directory (Linux)

- Jump table (skiplist) of code (Programming)

- MongoDB common optimization settings in Linux (Database)

- Linux for enterprises to build a firewall (Linux)

- Samba public folder permissions (Server)

- CentOS 6.4 dial-up Raiders (Linux)

- Installation in lxml Python module (Linux)

- Red Hat Enterprise Linux Server 6.5 installation GCC 4.9.2 (Linux)

- Ubuntu 15.04 and CentOS 7 to deploy .NET, Mono and DNX (Server)

  Linux operating system log system
  Add Date : 2018-11-21      
  The system will log every situation of our information system operation are using word recorded, this information will help us observe the fast way to locate the system is running in a normal state and system errors like the wrong position; the following overview of the major Linux operating system the log function.

Each operating system has its own powerful logging features, windows there, and also have linux; linux operating system log function is mainly achieved through service syslog (RedHat6.0 after using syslog-ng), and syslog there are two processes in service syslogd and klogd, these two processes for recording a system log information, a kernel log is used to record information; but the operating system is running will generate a lot of log information, if this information we will recorded, then our disk I / O must be very busy, this has a great impact on the performance of the system, which is contrary to our original intention, so we produce the importance of the source of logs and log information according to the system operation logs generated by the classification; log information and level of detail syslogd and klogd has recorded two processes are different:

Klogd: recording system initialization generated and display information on a physical terminal and stored in the "/ var / log / dmesg" file, we can use "cat / var / log / dmesg" view, you can also use special command "dmesg" to view it

Syslogd: During system initialization is complete, the system control to the init, log information generated at this time has syslogd records, and stored in "/ var / log / messages" file, the main information stored in the "standard system error log information, guidance information generated by the non-kernel subsystem each service program generated information, etc. "; monitoring system is running normal use" # tail -f / var / log / messages "to monitor the newly generated log information

But the information system operation produced very much, even if only to record this information, there is also a lot; this time, if we are still all of the log information is stored in a messages file, then manage it would be very difficult; that's how to do it? We have introduced another technology "log rolling"

Scroll log: When the log file size or time messages to a certain extent, this file is defined as messages.1, and re-create a new messages file, then messages.1 no longer record new content, but the content is stored before after that, if new messages file again meet this standard, and now the messages rename the file to messages.1, original messages.1 named messages.2, so and so; but this has to scroll down a long time ago log information we now have to manage not very useful, so we can define how many times just keep rolling log file; log information so we should always rolling, and typically define multiple criteria

Log rolling is to cut the log files on redhat there is a special command to complete this action: logrotate; there is a special system on the system to complete the Task Scheduler log has a cut under "/etc/cron.daily" script called logrotate, this command configuration file in "etc / logrotate.conf" (defines the log roll mechanism system)

Content format:

weekly # weekly global definition scroll

rotate 4 # keep only four scroll version

The above lines include /etc/logrotate.d # logging system is global attributes, the following are specific attributes of each small system, the implementation of local properties to prevail; local property may define multiple log

/ Var / log / wtmp {# define this subsystem own log scrolling mechanism, the log file storage

How long does a rolling monthly #

minsize 1M # log files smallest 1M

create 0664 root utmp # Create a file, permissions are 0664, the owner is root, the file name is utmp

rotate 1 # leaving only a scroll version


Log rolling script file: # vim /etc/cron.daily/logrotate

If you do not own definition, in accordance with globally defined log rolling properties can also be defined in the "/etc/logrotate.d/cups" file:

Some other subsystem generates log information storage location:

Logs / var / maillog # messages generated by the system

/ Var / log / secure # safety information when a user logs generated by each (what time to which the user who tries to log on the host from which to try a few times, always check the file)

syslog configuration file: /etc/syslog.conf

The configuration file format is: what level log Each line defines a subsystem generates record what position

facility.priority action

Facility: log sources

auth # authentication subsystem generated

authpriv # permissions Authority Subsystem generated

cron # subsystem generates the Task Scheduler

daemon # daemon subsystem generated

Record content kern # kernel subsystem generates, definition of klogd

lpr # print subsystem generated

mail # subsystem generates the message

mark # subsystem generates the mark

news # news subsystem generated

security # security subsystem generated, and similar sources of auth

syslog syslog # define yourself to be recorded

user # user subsystem generated

uucp #Unix to unix cp subsystem generated

local0 -> local7 # use user-defined

# * All sources

Priority (log level) :( Log level lower level records more detailed)

Debug information debug # program or system (very detailed records, generally can not start the system, eliminate errors when using)

info # General Information

notice # does not affect the normal function of the system, but need to pay attention to details

Important events warning / warn # may affect the system, we need to remind the user's attention; such information may cause some of the features of the run

err / error # error messages, has affected parts of the system functions; blue alert

crit # more serious information; orange alert

alert # information must be processed immediately; red alert

emerg / panic # system unusable information; this moment generally occurs, the next moment the system will fall down

* # All log level, similar to the debug

none # and * Instead, indicate what level are not

Action (action) designated logging location:

# Absolute path on the common system files, such as / var / log / ***

| # Processed through the pipeline to the other commands

# Terminal to display in which terminal (physical terminals, virtual terminals, pseudo-terminals, etc.)

@HOST # Remote host; the log information generated, they are not recorded and transmitted to other hosts record, generally used for logging server, you can enhance the security of the current server; By default, only log information for themselves

[If you want to make our server log server called, simply "/ etc / sysconfig / syslog" file "SYSLOGD_OPTIONS =" - r -m 0 "" line, add a "-r" option to restart service to open the log server function]

# User log information generated is sent to a user, such as root

* # To log on to all users on the system, the general level of emerg log is defined

syslog logging service attribute definition examples:

mail.info / var / log / maillog # will mail the relevant info and the info level above the level of information logged to / var / log / maillog file

auth. = info @ # auth info-level information will be recorded on the relevant host, provided that other hosts can receive the log information sent by the host (in this case only the info record level)

user.! = error # records associated with the user, but does not record the error level information, recorded only at all other levels

user.! error # and user.error contrary, only this time than the record low level of error log information

* .info # Record level and above all the info level log logging subsystem may produce information

All levels of mail. * # Records and mail the generated log information

* # * Record all log information

In between mail.info # cron relevant info record level and above the log information, and mail the relevant info and above the level of log information, multiple log sources; separated by a semicolon ";" cron.info

cron, mail.info # and the top is a meaning, if the same record level two log sources, can be abbreviated to "," separated by commas sources

mail *;..! mail = info # level log records all information related to the mail, but does not include all the information level info

Syslog default configuration file defines explained:

# Cat /etc/syslog.conf

* .info; Mail.none; authpriv.none; cron.none / var / log / messages # and above all the info level log information may have subsystems log information, and messages are stored in the file, but does not include mail, authpriv, cron subsystem

authpriv. * / var / log / secure # Log all user authorization information is logged to secure file

mail * -. log information / var / log / maillog # subsystem generates all messages are stored in maillog asynchronous file, "-" indicates asynchronous writes other log information to be written synchronously

cron. * / var / log / cron # All Scheduled Tasks log information are recorded to the cron file

* .emerg * # Regardless of which program generates emerg-level information systems, they are immediately to inform all users on the system, going down the machine

uucp, new.crit / var / log / spooler # crit-level information from the uucp and new subsystems are stored in the spooler file

. Local7 * /var/log/boot.log # logging their own definition, here is the definition of default system boot information stored in boot.log file; but there is no justice here and who is to fill this document, so this file is empty, we need to define the log information to be sent to local7, the file will be written boot.log in other documents, usually of little significance

After the file is saved log files and system configuration will not take effect immediately, then if we use the "service syslog restart" command to restart the Log service, you may make some other information are logging subsystem is not a complete record, so we generally use "service syslog reload" to reread the configuration file, and enter into force, comparable to send the 1st signal.
- Java garbage collection (Programming)
- Install and use automated tools Ansible in CentOS 7 (Linux)
- Linux SU command security Suggestions (Linux)
- The principle Httpclient4.4 (HttpClient Interface) (Programming)
- To use yum install VLC under CentOS (Linux)
- How to use scientific data Docker quickly configure the development environment (Server)
- How to add two-factor authentication for Linux systems SSH (Linux)
- Memcached source installation and configuration under CentOS 6.6 (Server)
- MySQL full-index scan bug (Database)
- Oracle RMAN repair logical bad blocks (Database)
- Java to create a table in the database SYBase (Database)
- TPCC-MySQL Benchmark (Database)
- History of the most complex validation e-mail address regular expression (Linux)
- Ubuntu and derivative users to install the system launcher SimDock 1.3 (Linux)
- Ubuntu 14.04 can be used to create a WIFI hotspot for Android (Linux)
- 10 example of the detection memory usage free Linux commands (Linux)
- Ubuntu 10.04 to Ubuntu 10.10 Upgrade (Linux)
- CentOS 7 How to connect to a wireless network (Linux)
- HAProxy Windows version of the compiler and its application in the CORS (Server)
- Sublime Text 3 (Linux)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.