| |
The system will log every situation of our information system operation are using word recorded, this information will help us observe the fast way to locate the system is running in a normal state and system errors like the wrong position; the following overview of the major Linux operating system the log function.
Each operating system has its own powerful logging features, windows there, and also have linux; linux operating system log function is mainly achieved through service syslog (RedHat6.0 after using syslog-ng), and syslog there are two processes in service syslogd and klogd, these two processes for recording a system log information, a kernel log is used to record information; but the operating system is running will generate a lot of log information, if this information we will recorded, then our disk I / O must be very busy, this has a great impact on the performance of the system, which is contrary to our original intention, so we produce the importance of the source of logs and log information according to the system operation logs generated by the classification; log information and level of detail syslogd and klogd has recorded two processes are different:
Klogd: recording system initialization generated and display information on a physical terminal and stored in the "/ var / log / dmesg" file, we can use "cat / var / log / dmesg" view, you can also use special command "dmesg" to view it
Syslogd: During system initialization is complete, the system control to the init, log information generated at this time has syslogd records, and stored in "/ var / log / messages" file, the main information stored in the "standard system error log information, guidance information generated by the non-kernel subsystem each service program generated information, etc. "; monitoring system is running normal use" # tail -f / var / log / messages "to monitor the newly generated log information
But the information system operation produced very much, even if only to record this information, there is also a lot; this time, if we are still all of the log information is stored in a messages file, then manage it would be very difficult; that's how to do it? We have introduced another technology "log rolling"
Scroll log: When the log file size or time messages to a certain extent, this file is defined as messages.1, and re-create a new messages file, then messages.1 no longer record new content, but the content is stored before after that, if new messages file again meet this standard, and now the messages rename the file to messages.1, original messages.1 named messages.2, so and so; but this has to scroll down a long time ago log information we now have to manage not very useful, so we can define how many times just keep rolling log file; log information so we should always rolling, and typically define multiple criteria
Log rolling is to cut the log files on redhat there is a special command to complete this action: logrotate; there is a special system on the system to complete the Task Scheduler log has a cut under "/etc/cron.daily" script called logrotate, this command configuration file in "etc / logrotate.conf" (defines the log roll mechanism system)
Content format:
weekly # weekly global definition scroll
rotate 4 # keep only four scroll version
The above lines include /etc/logrotate.d # logging system is global attributes, the following are specific attributes of each small system, the implementation of local properties to prevail; local property may define multiple log
/ Var / log / wtmp {# define this subsystem own log scrolling mechanism, the log file storage
How long does a rolling monthly #
minsize 1M # log files smallest 1M
create 0664 root utmp # Create a file, permissions are 0664, the owner is root, the file name is utmp
rotate 1 # leaving only a scroll version
}
Log rolling script file: # vim /etc/cron.daily/logrotate
If you do not own definition, in accordance with globally defined log rolling properties can also be defined in the "/etc/logrotate.d/cups" file:
Some other subsystem generates log information storage location:
Logs / var / maillog # messages generated by the system
/ Var / log / secure # safety information when a user logs generated by each (what time to which the user who tries to log on the host from which to try a few times, always check the file)
syslog configuration file: /etc/syslog.conf
The configuration file format is: what level log Each line defines a subsystem generates record what position
facility.priority action
Facility: log sources
auth # authentication subsystem generated
authpriv # permissions Authority Subsystem generated
cron # subsystem generates the Task Scheduler
daemon # daemon subsystem generated
Record content kern # kernel subsystem generates, definition of klogd
lpr # print subsystem generated
mail # subsystem generates the message
mark # subsystem generates the mark
news # news subsystem generated
security # security subsystem generated, and similar sources of auth
syslog syslog # define yourself to be recorded
user # user subsystem generated
uucp #Unix to unix cp subsystem generated
local0 -> local7 # use user-defined
# * All sources
Priority (log level) :( Log level lower level records more detailed)
Debug information debug # program or system (very detailed records, generally can not start the system, eliminate errors when using)
info # General Information
notice # does not affect the normal function of the system, but need to pay attention to details
Important events warning / warn # may affect the system, we need to remind the user's attention; such information may cause some of the features of the run
err / error # error messages, has affected parts of the system functions; blue alert
crit # more serious information; orange alert
alert # information must be processed immediately; red alert
emerg / panic # system unusable information; this moment generally occurs, the next moment the system will fall down
* # All log level, similar to the debug
none # and * Instead, indicate what level are not
Action (action) designated logging location:
# Absolute path on the common system files, such as / var / log / ***
| # Processed through the pipeline to the other commands
# Terminal to display in which terminal (physical terminals, virtual terminals, pseudo-terminals, etc.)
@HOST # Remote host; the log information generated, they are not recorded and transmitted to other hosts record, generally used for logging server, you can enhance the security of the current server; By default, only log information for themselves
[If you want to make our server log server called, simply "/ etc / sysconfig / syslog" file "SYSLOGD_OPTIONS =" - r -m 0 "" line, add a "-r" option to restart service to open the log server function]
# User log information generated is sent to a user, such as root
* # To log on to all users on the system, the general level of emerg log is defined
syslog logging service attribute definition examples:
mail.info / var / log / maillog # will mail the relevant info and the info level above the level of information logged to / var / log / maillog file
auth. = info @ 10.0.0.1 # auth info-level information will be recorded on the relevant host 10.0.0.1, 10.0.0.1 provided that other hosts can receive the log information sent by the host (in this case only the info record level)
user.! = error # records associated with the user, but does not record the error level information, recorded only at all other levels
user.! error # and user.error contrary, only this time than the record low level of error log information
* .info # Record level and above all the info level log logging subsystem may produce information
All levels of mail. * # Records and mail the generated log information
* # * Record all log information
In between mail.info # cron relevant info record level and above the log information, and mail the relevant info and above the level of log information, multiple log sources; separated by a semicolon ";" cron.info
cron, mail.info # and the top is a meaning, if the same record level two log sources, can be abbreviated to "," separated by commas sources
mail *;..! mail = info # level log records all information related to the mail, but does not include all the information level info
Syslog default configuration file defines explained:
# Cat /etc/syslog.conf
* .info; Mail.none; authpriv.none; cron.none / var / log / messages # and above all the info level log information may have subsystems log information, and messages are stored in the file, but does not include mail, authpriv, cron subsystem
authpriv. * / var / log / secure # Log all user authorization information is logged to secure file
mail * -. log information / var / log / maillog # subsystem generates all messages are stored in maillog asynchronous file, "-" indicates asynchronous writes other log information to be written synchronously
cron. * / var / log / cron # All Scheduled Tasks log information are recorded to the cron file
* .emerg * # Regardless of which program generates emerg-level information systems, they are immediately to inform all users on the system, going down the machine
uucp, new.crit / var / log / spooler # crit-level information from the uucp and new subsystems are stored in the spooler file
. Local7 * /var/log/boot.log # logging their own definition, here is the definition of default system boot information stored in boot.log file; but there is no justice here and who is to fill this document, so this file is empty, we need to define the log information to be sent to local7, the file will be written boot.log in other documents, usually of little significance
After the file is saved log files and system configuration will not take effect immediately, then if we use the "service syslog restart" command to restart the Log service, you may make some other information are logging subsystem is not a complete record, so we generally use "service syslog reload" to reread the configuration file, and enter into force, comparable to send the 1st signal. |
|
|
|