Shulou(Shulou.com)06/02 Report--

one。 Log file

Log files are very helpful for diagnosing and resolving problems in the system, because programs running in the Linux operating system usually write system messages and error messages to the corresponding log files, so that if there is a problem with the system, it will be "documented".

In addition, log files can also help find traces left by the attackers when the host is attacked.

1. Function and classification of log files

two。 Log file saving location and file introduction

The Linux operating system itself and the log files of most server programs are placed in the directory / var/log/ by default. one

Some programs share a log file, some programs use a single log file, and some large server programs due to daily

There is more than one log file, so a corresponding subdirectory is created in the / var/log/ directory to store the log files, which ensures

It is proved that the structure of the log file directory is clear, and the log file can be located quickly. There are quite a few log files only root.

Only the user has the right to read, which ensures the security of the relevant log information.

**

3. Kernel and system log

This log data is uniformly managed by the system service rsyslog, according to its main configuration file

The settings in / etc/rsyslog.conf determine where kernel messages and various system program messages are logged. A considerable number of programs in the system will hand over their log files to rsyslog, so the log records used by these programs have a similar format.

4. Level of log messages (focus)

From the configuration file / etc/rsyslog.conf, we can see that the log files managed by the rsyslogd service are the main log files in the Linux operating system, which record the kernel, user authentication, e-mail, scheduled tasks and other basic system messages in the Linux operating system. In the Linux kernel, log messages are divided into different priorities according to their importance (the smaller the number, the higher the priority, and the more important the message).

5. General format of logging

6. User log analysis

This kind of log data is used to record the relevant information of Linux operating system users logging in and logging out of the system, including user name, login terminal, login time, source host, process operation in use and so on.

1.users to view users who can log in

2. WhoBree view users who log in online

3. LastJournal lastb to view users who have successfully logged in and users who have failed to log in

7. Program log analysis

Some applications choose to manage a log file independently instead of handing it to

Rsyslog service management), which is used to record all kinds of event information during the running of the program. Because these programs are only responsible for managing their own log files, the logging formats used by different programs may vary greatly.

In the Linux operating system, there are a considerable number of applications that do not use rsyslog services to manage logs, while

The log records are maintained by the program itself. For example, the httpd Web Service uses two log files, access_log and error_log, to record customer access events and error events, respectively.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.