Linux學習(三十一)系統日誌
阿新 • • 發佈:2018-01-24
them 故障 linux學習 format nco kernel cgroup package 很多
一、前言
linux的系統日誌用的不多,我們就挑幾個比較常用的大概講一下。
二、分類講解
2.1 /var/log/messages
這是個雜項日誌,記錄很多服務的日誌。我們打開看一下。
系統日誌會默認自動切割,比如在我的機器上就被切割成這樣了:
[root@ruanwenwu-001 log]# ls /var/log/messages* /var/log/messages /var/log/messages-20171219 /var/log/messages-20180122 /var/log/messages-20171215 /var/log/messages-20171224
控制切割的配置文件是/etc/logrotate.conf
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information intothis directory include /etc/logrotate.d # no packages own wtmp and btmp -- we‘ll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 }
...
2.2 dmesg
這個命令的內容存放在內存中。之所以講到這個命令,是因為當硬件出現故障時,會寫日誌到這裏。
[root@ruanwenwu-001 log]# dmesg|head -n 10 [ 0.000000] Initializing cgroup subsys cpuset [0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] Linux version 3.10.0-514.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) ) #1 SMP Tue Nov 22 16:42:41 UTC 2016 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-514.el7.x86_64 root=UUID=604bc673-7f8d-4355-919f-ed6740a8efc8 ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8 [ 0.000000] Disabled fast string operations [ 0.000000] e820: BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved
註意/var/log/dmesg和dmesg沒有任何關系。/var/log/dmesg存放系統的一些啟動日誌。
2.3 last
last命令用來記錄服務器上的成功登陸。
[root@ruanwenwu-001 log]# last|head -n 10 root pts/0 192.168.38.1 Wed Jan 24 17:23 still logged in root pts/0 192.168.38.1 Wed Jan 24 17:23 - 17:23 (00:00) root pts/2 192.168.38.1 Mon Jan 22 15:22 - 16:19 (2+00:57) root pts/3 192.168.38.1 Mon Jan 22 15:22 - 15:22 (00:00) root pts/2 192.168.38.1 Mon Jan 22 15:21 - 15:22 (00:00) root pts/1 192.168.38.1 Mon Jan 22 15:16 - 18:00 (02:43) root pts/0 192.168.38.1 Tue Dec 26 15:53 - 17:56 (27+02:03) root tty1 Tue Dec 26 09:03 still logged in reboot system boot 3.10.0-514.el7.x Tue Dec 26 09:03 - 18:03 (29+09:00) root pts/1 192.168.38.1 Sun Dec 24 12:16 - 17:47 (05:31)
last命令實際上調用的是/var/log/wtmp。
2.4 lastb
lastb用來記錄失敗的登錄。
[root@ruanwenwu-001 log]# lastb|head -n 10 root pts/2 Wed Jan 24 11:44 - 11:44 (00:00) root pts/2 Wed Jan 24 11:44 - 11:44 (00:00) root pts/2 Wed Jan 24 11:43 - 11:43 (00:00)
當我們的服務器遭遇到暴力破解時,就要看看這裏了。
2.5 /var/log/secure
系統的安全日誌。比如我們登錄成功和失敗,都會在這裏記錄。
Linux學習(三十一)系統日誌