【CentOS 7筆記51】,Linux系統日誌#
阿新 • • 發佈:2019-07-04
shallow丿ove
Linux系統日誌
- var/log/messages #系統日誌
- /etc/logrotate.conf #日誌切割配置檔案
- 參考http://my.oschina.net/u/2000675/blog/908189
- dmesg命令
- /var/log/dmesg #日誌
- last命令,呼叫的檔案時/var/log/wtmp
- blast命令檢視登入失敗的使用者,對應檔案時/var/log/btmp
- /var/log/secure
[root@localhost ~]# less /var/log/messages Dec 5 03:44:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="694" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 5 03:50:01 localhost systemd: Started Session 33 of user root. Dec 5 03:50:01 localhost systemd: Starting Session 33 of user root. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/wpa_supplicant.service is marked executable. Please remove executable permission bits. Proceeding anyway. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. Dec 5 04:00:01 localhost systemd: Started Session 34 of user root. Dec 5 04:00:01 localhost systemd: Starting Session 34 of user root. Dec 5 04:01:01 localhost systemd: Started Session 35 of user root. Dec 5 04:01:01 localhost systemd: Starting Session 35 of user root. Dec 5 04:10:01 localhost systemd: Started Session 36 of user root. Dec 5 04:10:01 localhost systemd: Starting Session 36 of user root. /var/log/messages [root@localhost ~]# du -sh !$ du -sh /var/log/messages 312K /var/log/messages [root@localhost ~]# ls /var/log/messages* /var/log/messages /var/log/messages-20171121 /var/log/messages-20171205 /var/log/messages-20171113 /var/log/messages-20171127
[root@localhost ~]# cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here.
每週切割一次,保留四個,並建立一個新的檔案,dateext為字尾,是否壓縮,並且也會對/var/log/wtmp和/var/log/btmp進行切割,不過只保留一個,而月切割
[root@localhost ~]# ls /etc/logrotate.d/
named ppp samba syslog vsftpd wpa_supplicant yum
[root@localhost ~]# cat /etc/logrotate.d/syslog /var/log/cron /var/log/maillog /var/log/messages /var/log/secure /var/log/spooler { sharedscripts postrotate /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript }
系統錯誤日誌
[root@localhost ~]# dmesg
.
.
.
[root@localhost ~]# dmesg -c
.
.
.
[root@localhost ~]# dmesg
系統啟動日誌
[root@localhost ~]# ls /var//log/dmesg
/var//log/dmesg
[root@localhost ~]# less /var//log/dmesg
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-123.el7.x86_64 ([email protected]) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon Jun 30 12:09:22 UTC 2014
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=915e2a85-8d48-4667-9001-eae59adccb98 ro vconsole.keymap=us crashkernel=auto vconsole.font=latarcyrheb-sun16 rhgb quiet LANG=en_US.UTF-8
[ 0.000000] Disabled fast string operations
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved
[ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fedffff] usable
[ 0.000000] BIOS-e820: [mem 0x000000007fee0000-0x000000007fefefff] ACPI data
[ 0.000000] BIOS-e820: [mem 0x000000007feff000-0x000000007fefffff] ACPI NVS
[ 0.000000] BIOS-e820: [mem 0x000000007ff00000-0x000000007fffffff] usable
/var//log/dmesg
[root@localhost ~]# last
root pts/1 192.168.9.1 Thu Dec 7 08:06 still logged in
root pts/0 192.168.9.1 Thu Dec 7 04:30 - 08:10 (03:39)
root tty1 Thu Dec 7 04:24 still logged in
reboot system boot 3.10.0-123.el7.x Thu Dec 7 04:23 - 09:30 (05:06)
root pts/0 192.168.9.1 Tue Dec 5 09:23 - down (11:14)
root pts/1 192.168.9.1 Tue Dec 5 02:50 - 11:19 (08:28)
root pts/0 192.168.9.1 Mon Dec 4 23:47 - 03:26 (03:39)
root tty1 Mon Dec 4 23:40 - 20:37 (20:56)
reboot system boot 3.10.0-123.el7.x Mon Dec 4 23:40 - 20:37 (20:57)
root pts/1 192.168.9.1 Sat Dec 2 10:22 - down (03:30)
root tty1 Sat Dec 2 04:38 - 13:52 (09:14)
root pts/0 192.168.9.1 Sat Dec 2 02:51 - 11:40 (08:48)
root tty1 Sat Dec 2 02:49 - 04:38 (01:49)
reboot system boot 3.10.0-123.el7.x Sat Dec 2 02:46 - 13:53 (11:06)
root tty1 Fri Dec 1 23:56 - 00:06 (00:10)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 23:53 - 13:53 (13:59)
root tty1 Fri Dec 1 23:44 - 23:53 (00:08)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 23:43 - 23:53 (00:09)
root pts/0 192.168.9.1 Fri Dec 1 22:34 - crash (01:09)
root tty1 Fri Dec 1 22:34 - 22:45 (00:11)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 22:33 - 23:53 (01:19)
root pts/0 192.168.9.1 Fri Dec 1 22:24 - crash (00:09)
root tty1 Fri Dec 1 22:23 - 22:33 (00:09)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 22:22 - 23:53 (01:30)
root pts/0 192.168.9.1 Fri Dec 1 09:29 - down (00:48)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 09:28 - 10:17 (00:49)
root pts/0 192.168.9.1 Fri Dec 1 07:14 - down (02:09)
root tty1 Fri Dec 1 07:13 - 09:23 (02:09)
reboot system boot 3.10.0-123.el7.x Fri Dec 1 07:12 - 09:23 (02:11)
root pts/0 192.168.9.1 Tue Nov 28 21:50 - down (04:01)
root pts/2 192.168.9.1 Tue Nov 28 07:45 - 18:36 (10:50)
root pts/2 192.168.9.1 Tue Nov 28 07:44 - 07:45 (00:01)
root pts/3 192.168.9.1 Tue Nov 28 06:41 - 18:41 (12:00)
root tty1 Tue Nov 28 06:40 - 01:52 (19:12)
root pts/2 192.168.9.1 Tue Nov 28 06:12 - 07:44 (01:32)
root pts/1 192.168.9.1 Tue Nov 28 00:36 - 07:56 (07:20)
root pts/0 192.168.9.1 Mon Nov 27 20:23 - 08:03 (11:40)
root pts/1 192.168.9.1 Mon Nov 27 10:41 - 21:59 (11:18)
root pts/0 192.168.9.1 Mon Nov 27 01:23 - 11:22 (09:59)
reboot system boot 3.10.0-123.el7.x Mon Nov 27 01:21 - 01:52 (2+00:31)
root pts/0 192.168.9.1 Fri Nov 24 05:28 - crash (2+19:52)
reboot system boot 3.10.0-123.el7.x Fri Nov 24 05:28 - 01:52 (4+20:24)
root pts/0 192.168.9.1 Fri Nov 24 03:50 - down (01:37)
reboot system boot 3.10.0-123.el7.x Fri Nov 24 03:50 - 05:27 (01:37)
root pts/0 192.168.9.1 Thu Nov 23 15:34 - crash (12:15)
root pts/0 192.168.9.1 Thu Nov 23 04:05 - 11:54 (07:49)
reboot system boot 3.10.0-123.el7.x Thu Nov 23 04:03 - 05:27 (1+01:24)
root pts/1 192.168.9.1 Tue Nov 21 09:49 - crash (1+18:14)
root pts/0 192.168.9.1 Mon Nov 20 22:20 - 11:38 (13:18)
reboot system boot 3.10.0-123.el7.x Mon Nov 20 22:20 - 05:27 (3+07:07)
root pts/2 192.168.9.1 Thu Nov 16 22:34 - down (14:18)
root tty1 Thu Nov 16 16:19 - down (20:33)
root pts/1 192.168.9.1 Thu Nov 16 15:51 - 23:10 (07:19)
root pts/1 192.168.9.1 Thu Nov 16 15:49 - 15:51 (00:02)
root pts/0 192.168.9.1 Thu Nov 16 13:01 - 23:20 (10:18)
root pts/0 192.168.9.1 Thu Nov 16 07:11 - 11:51 (04:39)
reboot system boot 3.10.0-123.el7.x Thu Nov 16 07:11 - 12:53 (1+05:41)
root pts/0 192.168.9.1 Thu Nov 16 04:07 - down (03:03)
root pts/0 192.168.9.1 Thu Nov 16 02:51 - 04:06 (01:15)
reboot system boot 3.10.0-123.el7.x Thu Nov 16 02:50 - 07:10 (04:19)
root pts/1 192.168.9.1 Tue Nov 14 22:03 - crash (1+04:47)
root pts/0 192.168.9.1 Tue Nov 14 15:06 - 23:55 (08:48)
root pts/1 192.168.9.1 Tue Nov 14 09:36 - 11:36 (02:00)
root pts/0 192.168.9.1 Mon Nov 13 22:26 - 11:15 (12:48)
reboot system boot 3.10.0-123.el7.x Mon Nov 13 22:26 - 07:10 (2+08:44)
root pts/0 192.168.9.1 Mon Nov 13 22:10 - down (00:03)
reboot system boot 3.10.0-123.el7.x Mon Nov 13 22:09 - 22:14 (00:04)
root pts/0 192.168.9.1 Sun Nov 12 21:27 - down (08:16)
reboot system boot 3.10.0-123.el7.x Sun Nov 12 21:26 - 05:44 (08:17)
root pts/0 192.168.9.1 Sun Nov 12 05:38 - 10:47 (05:09)
root pts/0 192.168.9.1 Sat Nov 11 18:53 - 05:37 (10:44)
reboot system boot 3.10.0-123.el7.x Sat Nov 11 18:51 - 05:44 (1+10:52)
root pts/1 192.168.9.1 Thu Nov 9 09:53 - down (00:07)
root pts/0 192.168.9.1 Wed Nov 8 17:23 - down (16:36)
root pts/1 192.168.9.1 Wed Nov 8 06:25 - 19:03 (12:38)
root pts/0 192.168.9.1 Wed Nov 8 00:56 - 08:10 (07:14)
root pts/0 192.168.9.1 Tue Nov 7 22:45 - 00:56 (02:10)
root pts/0 192.168.9.1 Tue Nov 7 19:32 - 22:45 (03:12)
root pts/1 192.168.9.1 Tue Nov 7 08:57 - 21:06 (12:08)
root pts/0 192.168.9.1 Tue Nov 7 05:28 - 10:28 (04:59)
root tty1 Tue Nov 7 03:29 - down (2+06:31)
reboot system boot 3.10.0-123.el7.x Tue Nov 7 03:28 - 10:00 (2+06:31)
reboot system boot 3.10.0-123.el7.x Tue Nov 7 00:42 - 03:28 (02:45)
reboot system boot 3.10.0-123.el7.x Mon Nov 6 07:53 - 08:00 (00:06)
reboot system boot 3.10.0-123.el7.x Mon Nov 6 07:52 - 07:53 (00:01)
reboot system boot 3.10.0-123.el7.x Mon Nov 6 06:11 - 06:11 (00:00)
reboot system boot 3.10.0-123.el7.x Mon Nov 6 06:10 - 06:11 (00:00)
root tty1 Mon Nov 6 06:09 - down (00:00)
root pts/0 192.168.9.1 Mon Nov 6 05:11 - 06:08 (00:57)
reboot system boot 3.10.0-123.el7.x Mon Nov 6 05:11 - 06:10 (00:59)
root tty1 Mon Nov 6 04:57 - down (00:11)
root pts/0 192.168.9.1 Sun Nov 5 20:35 - down (08:33)
reboot system boot 3.10.0-123.el7.x Sun Nov 5 20:35 - 05:09 (08:34)
root pts/0 192.168.9.1 Sat Nov 4 04:43 - down (03:54)
root pts/0 192.168.9.1 Fri Nov 3 21:58 - 04:43 (06:45)
root pts/1 192.168.9.1 Fri Nov 3 09:15 - 22:23 (13:08)
root pts/0 192.168.9.1 Fri Nov 3 07:01 - 10:54 (03:52)
root tty1 Fri Nov 3 06:59 - down (1+01:38)
reboot system boot 3.10.0-123.el7.x Fri Nov 3 06:58 - 08:38 (1+01:39)
root pts/0 192.168.9.1 Fri Nov 3 05:17 - down (01:11)
root tty1 Fri Nov 3 05:17 - down (01:12)
reboot system boot 3.10.0-123.el7.x Fri Nov 3 05:17 - 06:29 (01:12)
root tty1 Fri Nov 3 05:06 - down (00:10)
root pts/0 192.168.9.1 Fri Nov 3 03:55 - down (01:21)
reboot system boot 3.10.0-123.el7.x Fri Nov 3 03:52 - 05:17 (01:24)
root pts/0 192.168.9.1 Thu Nov 2 14:59 - down (00:00)
root pts/1 192.168.9.1 Thu Nov 2 09:29 - 14:59 (05:29)
root pts/0 192.168.9.1 Thu Nov 2 07:40 - 11:20 (03:39)
reboot system boot 3.10.0-123.el7.x Thu Nov 2 07:36 - 15:00 (07:24)
root pts/0 192.168.9.1 Wed Nov 1 03:43 - crash (1+03:52)
root pts/0 192.168.9.1 Tue Oct 31 11:52 - 23:00 (11:08)
root tty1 Tue Oct 31 08:29 - crash (1+23:06)
reboot system boot 3.10.0-123.el7.x Tue Oct 31 08:29 - 15:00 (2+06:31)
root pts/0 192.168.9.1 Mon Oct 30 10:06 - 17:47 (07:40)
root tty1 Mon Oct 30 09:22 - down (08:24)
reboot system boot 3.10.0-123.el7.x Mon Oct 30 07:04 - 17:47 (10:43)
root pts/0 192.168.9.1 Sat Oct 28 18:12 - 11:00 (16:47)
root tty1 Sat Oct 28 18:04 - crash (1+12:59)
reboot system boot 3.10.0-123.el7.x Sat Oct 28 18:04 - 17:47 (1+23:42)
root pts/0 192.168.9.1 Sat Oct 28 04:31 - down (00:23)
root tty1 Fri Oct 27 23:11 - down (05:44)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 23:10 - 04:55 (05:44)
root tty1 Fri Oct 27 23:09 - down (00:00)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 23:09 - 23:10 (00:01)
root tty1 Fri Oct 27 09:16 - down (00:00)
root pts/2 192.168.9.1 Fri Oct 27 09:14 - 09:15 (00:01)
root pts/1 192.168.9.1 Fri Oct 27 04:21 - down (04:54)
root pts/0 192.168.9.1 Fri Oct 27 04:21 - down (04:54)
root tty1 Fri Oct 27 03:23 - 09:15 (05:52)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:23 - 09:16 (05:52)
root tty1 Fri Oct 27 03:22 - down (00:00)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:22 - 03:22 (00:00)
root tty1 Fri Oct 27 03:21 - down (00:00)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:21 - 03:21 (00:00)
root tty1 Fri Oct 27 03:20 - down (00:00)
reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:20 - 03:21 (00:00)
root pts/3 192.168.9.1 Wed Oct 25 21:29 - down (04:53)
root pts/2 192.168.9.1 Wed Oct 25 21:29 - down (04:53)
root pts/1 192.168.9.1 Wed Oct 25 15:48 - 22:58 (07:09)
root pts/0 192.168.9.1 Wed Oct 25 15:48 - 22:57 (07:09)
root pts/0 192.168.9.1 Wed Oct 25 15:48 - 15:48 (00:00)
root pts/3 192.168.9.1 Wed Oct 25 10:19 - 15:48 (05:28)
root pts/2 192.168.9.1 Wed Oct 25 10:19 - 15:48 (05:29)
root pts/1 192.168.9.1 Wed Oct 25 04:17 - 11:40 (07:23)
root pts/0 192.168.9.1 Wed Oct 25 04:17 - 11:41 (07:23)
root tty1 Wed Oct 25 04:16 - down (22:07)
reboot system boot 3.10.0-123.el7.x Wed Oct 25 04:15 - 02:23 (22:07)
root tty1 Tue Oct 24 22:17 - crash (05:58)
reboot system boot 3.10.0-123.el7.x Tue Oct 24 22:17 - 02:23 (1+04:05)
root pts/1 192.168.9.1 Tue Oct 24 08:52 - down (00:25)
root pts/0 192.168.9.1 Tue Oct 24 08:52 - down (00:25)
root tty1 Mon Oct 23 23:45 - down (09:33)
reboot system boot 3.10.0-123.el7.x Mon Oct 23 23:43 - 09:18 (09:34)
root tty1 Sun Oct 22 07:43 - down (01:43)
reboot system boot 3.10.0-123.el7.x Sun Oct 22 07:42 - 09:26 (01:44)
root tty1 Sun Oct 22 03:31 - down (02:27)
reboot system boot 3.10.0-123.el7.x Sun Oct 22 03:31 - 05:59 (02:27)
root tty1 Sat Oct 21 02:57 - down (03:27)
reboot system boot 3.10.0-123.el7.x Sat Oct 21 02:48 - 06:25 (03:37)
root tty1 Fri Oct 20 16:53 - crash (09:55)
reboot system boot 3.10.0-123.el7.x Fri Oct 20 16:53 - 06:25 (13:32)
root tty1 Fri Oct 20 07:47 - crash (09:05)
reboot system boot 3.10.0-123.el7.x Fri Oct 20 07:47 - 06:25 (22:38)
root tty1 Fri Oct 20 07:31 - down (00:00)
root tty1 Fri Oct 20 04:36 - 07:30 (02:54)
reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:34 - 07:31 (02:57)
reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:33 - 07:31 (02:58)
root tty1 Fri Oct 20 04:19 - down (00:00)
reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:18 - 04:19 (00:00)
root tty1 Wed Oct 18 05:20 - down (06:59)
reboot system boot 3.10.0-123.el7.x Wed Oct 18 05:19 - 12:20 (07:00)
wtmp begins Wed Oct 18 05:19:30 2017
last呼叫/var/log/wtmp二進位制檔案
[root@localhost ~]# lastb
btmp begins Fri Dec 1 08:08:01 2017
lastb呼叫/var/log/btmp二進位制檔案
登入系統驗證成功就會記錄日誌
[root@localhost ~]# less /var/log/secure
Dec 5 04:44:24 localhost polkitd[958]: Registered Authentication Agent for unix-process:4204:1824850 (system bus name :1.138 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 5 04:44:24 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4204:1824850 (system bus name :1.138, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 5 04:44:30 localhost polkitd[958]: Registered Authentication Agent for unix-process:4230:1825476 (system bus name :1.139 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 5 04:44:30 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4230:1825476 (system bus name :1.139, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 5 04:44:58 localhost polkitd[958]: Registered Authentication Agent for unix-process:4256:1828186 (system bus name :1.140 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 5 04:44:58 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4256:1828186 (system bus name :1.140, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale e/var/log/secure
登入系統驗證成功就會記錄日誌,例如:暴力破解,不停嘗試登入
A
[root@localhost ~]# tail -f /var/log/secure
Dec 7 04:30:37 localhost sshd[2863]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 7 04:52:50 localhost polkitd[1010]: Registered Authentication Agent for unix-process:2975:175583 (system bus name :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 04:52:50 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:2975:175583 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:22 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 08:06:23 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:24 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 08:06:25 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:45 localhost sshd[4013]: Accepted password for root from 192.168.9.1 port 21445 ssh2
Dec 7 08:06:45 localhost sshd[4013]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 7 08:10:34 localhost sshd[2863]: pam_unix(sshd:session): session closed for user root
Dec 7 09:37:09 localhost sshd[4444]: pam_unix(sshd:session): session opened for user root by (uid=0)
B
[root@centos11233 ~]# ssh 192.168.9.134
[email protected]'s password:
Last login: Thu Dec 7 08:06:45 2017 from 192.168.9.1
A
[root@localhost ~]# tail -f /var/log/secure
Dec 7 04:30:37 localhost sshd[2863]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 7 04:52:50 localhost polkitd[1010]: Registered Authentication Agent for unix-process:2975:175583 (system bus name :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 04:52:50 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:2975:175583 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:22 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 08:06:23 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:24 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
Dec 7 08:06:25 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus)
Dec 7 08:06:45 localhost sshd[4013]: Accepted password for root from 192.168.9.1 port 21445 ssh2
Dec 7 08:06:45 localhost sshd[4013]: pam_unix(sshd:session): session opened for user root by (uid=0)
Dec 7 08:10:34 localhost sshd[2863]: pam_unix(sshd:session): session closed for user root
Dec 7 09:36:38 localhost sshd[4442]: Connection closed by 192.168.9.233 [preauth]
Dec 7 09:37:09 localhost sshd[4444]: Accepted password for root from 192.168.9.233 port 51284 ssh2
Dec 7 09:37:09 localhost sshd[4444]: pam_unix(sshd:session): session opened for user root by (uid=0)
B
[root@localhost ~]# logout
Connection to 192.168.9.134 clo