In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/01 Report--
This article introduces the knowledge of "Linux command to view system logs". Many people will encounter such a dilemma in the operation of actual cases, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!
There are many important log files in the Linux system, which can save a lot of log records of accessing Linux. Most of these logs are stored in the / var/log directory and / run directory, but some of these logs can not be opened with commands such as cat,vi,more, but need some special commands, which are briefly introduced here.
Linux log file description
/ var/log/message system information and error log after startup is one of the most commonly used logs in Red Hat Linux
/ var/log/secure security-related log information
/ var/log/maillog Mail-related log information
/ var/log/cron log information related to scheduled tasks
/ var/log/spooler log information related to UUCP and news devices
Log messages related to / var/log/boot.log daemon start and stop
/ var/log/wtmp this log file permanently records the events of each user logging in, logging out, and system startup and downtime
1. W command
The w command is used to display user information that is currently logged in to the system.
Execute this instruction to know who are currently logged in to the system and the programs they are executing.
Executing the w instruction alone displays all users, or you can specify a user name to display only information about a user.
Syntax: W [- fhlsuV] [user name]
Parameter description:
-f turns on or off showing where the user logs in to the system.
-h does not display the title information column of each field.
-l uses a detailed format list, which is the default value.
-s uses a concise format list and does not show the login time of the user, the CPU time spent by the terminal phase jobs and programs.
-u ignores the name of the executing program and the information that the program takes CPU time.
-V displays version information.
Example:
1. Display all the user information currently logged in to the system without any parameters
The first line of information output is the same as the output using the uptime command, and the column information is described as follows:
12-30-08-current system time.
Up 2:14-how long the system has been running.
3 users-number of logged-in users.
Load average: 0.00,0.01,0.05-the average load information of the system in the past 15 minutes. The average system load is a measure of the number of jobs currently running or waiting for disk Iripple O. It basically tells you how busy the system is in a given interval.
The second line of information includes the following field descriptions:
USER-Login user name.
TTY-the terminal name used by the logged-in user.
FROM-the hostname or IP address of the logged-in user's source.
LOGIN@-the length of time the user is logged in.
IDLE-Idle time since the user last interacted with the terminal.
JCPU-the time used by all processes attached to the tty.
PCPU-time spent by the user on the current process. The one shown in the WHAT field.
WHAT-the user's current process and options / parameters.
2. Display the information of a user who is currently logged in to the system, then the output will be limited to a given user.
II. Who command
The who command is used to show which users are on the system, including the user ID, the terminal used, which side is connected, the online time, the sluggish time, the CPU usage, the action, and so on.
Permissions: available to all users.
Syntax: who-[husfV] [user]
Parameter description:
-H or-- heading: displays the header information column of each field
-I or-u or-- idle: displays the idle time, which will be marked "." if the user takes any action within the previous minute. If the user has not taken any action for more than 24 hours, the string "old" is marked.
-m: this parameter has the same effect as the specified "am I" string
-Q or-- count: only the account name and total number of people logged in to the system are displayed.
-s: this parameter will be ignored and will not be processed, and will only solve the compatibility problem of other versions of the who directive.
-w or-T or-- mesg or-- message or-- writable: displays the user's information status bar
Example:
1. Display the users who are currently logged in to the system
[root@centos7 ~] # who
Root tty1 2020-01-11 10:15
Root pts/0 2020-01-11 10:16 (192.168.198.1)
Lisi pts/1 2020-01-11 12:30 (192.168.198.1)
2. Show only the current user
[root@centos7] # who-m-H
Name line time remarks
Root pts/0 2020-01-11 10:16 (192.168.198.1)
[root@centos7 ~] # whoami
Root
Enter whoami to display your login user name.
3. Last command
The last command is used to display the recent login of a user or terminal. By viewing the program's log through the last command, the administrator can know who has connected or attempted to connect to the system.
When the last command is executed, it reads the file named wtmp in the / var/log directory and displays the list of users logged in to the system or terminal recorded by the file. Wtmp records are displayed by default, btmp can display more details, and remote logins can be displayed, such as ssh logins.
Syntax: last [- num |-n num] [- f file] [- t YYYYMMDDHHMMSS] [- R] [- adioxFw] [username..] [tty..]
-num |-n num specifies the number of output records
-f file specifies the record file as the log file for the query
-t YYYYMMDDHHMMSS displays logins before the specified time
Username account name
Tty terminal number
Options:
-R does not display the host name or IP of the logged in system or terminal
-a display the hostname of the login system or terminal over the IP address on the last line
-d convert IP address to host name
-I displays specific IP logins.
-o read old types of wtmp files written by linux-libc5 applications
-x displays the history of system shutdown, user login, and logout
-F displays the full time of login
-w displays the full user name or domain name in the output
Example:
First column: user name
The second column: terminal location (pts/0 pseudo terminal, which means users who connect remotely from tools such as SSH or telnet, and graphical interface terminals fall into this category. Tty0 is directly connected to a computer or a locally connected user. The following number represents the connection number)
The third column: log in to the IP or kernel (if it is: 0. 0 or nothing, which means that the user connects through the local terminal. In addition to the restart activity, the kernel version is displayed in the state)
Column 4: start time
Fifth column: end time (still login in has not exited, down until normal shutdown, crash until forced shutdown)
Column 6: duration
1. Specify the number of records displayed (show the number of last logins in the record)
[root@centos7] # last-n 10
Lisi pts/1 192.168.198.1 Sat Jan 11 12:30 still logged in
Root pts/0 192.168.198.1 Sat Jan 11 10:16 still logged in
Root tty1 Sat Jan 11 10:15 still logged in
Reboot system boot 3.10.0-957.el7.x Sat Jan 11 10:15-12:53 (02:37)
Root pts/1 192.168.198.1 Fri Jan 10 22:08-23:24 (01:15)
Root pts/0 192.168.198.1 Fri Jan 10 14:07-crash (20:07)
Root tty1 Fri Jan 10 14:07-23:24 (09:17)
Reboot system boot 3.10.0-957.el7.x Fri Jan 10 14:07-12:53 (22:46)
Root pts/0 192.168.198.1 Tue Jan 7 20:33-down (02:38)
Root pts/1 192.168.198.1 Tue Jan 7 18:44-20:56 (02:11)
Wtmp begins Sun Dec 1 20:35:35 2019
2. Specify the file to be queried. The default is wtmp.
[root@centos7] # last-10-f / var/log/btmp
Root tty1 Sat Jan 4 10:06 gone-no logout
Root tty1 Fri Jan 3 15:35-10:06 (18:30)
Root tty1 Fri Jan 3 15:18-15:35 (00:17)
Root tty1 Fri Jan 3 15:18-15:18 (00:00)
Root ssh:notty 192.168.198.1 Fri Jan 3 15:18 gone-no logout
Btmp begins Fri Jan 3 15:18:01 2020
3. Display records before the specified time
[root@centos7] # last-5-t 20200111000000
Root pts/1 192.168.198.1 Fri Jan 10 22:08-23:24 (01:15)
Root pts/0 192.168.198.1 Fri Jan 10 14:07 gone-no logout
Root tty1 Fri Jan 10 14:07-23:24 (09:17)
Reboot system boot 3.10.0-957.el7.x Fri Jan 10 14:07-12:56 (22:49)
Root pts/0 192.168.198.1 Tue Jan 7 20:33-down (02:38)
Wtmp begins Sun Dec 1 20:35:35 2019
4. Lastlog command
The lastlog command is used to display the last login information for all users in the system.
The lastlog file is queried every time a user logs in. You can use the lastlog command to check when a particular user last logged in and format the contents of the last login log / var/log/lastlog output. It displays the login name, port number (tty), and last login time, sorted by UID. If a user has never logged in, lastlog displays * * Never logged**.
Note: this command needs to be run as root.
Syntax: lastlog (option)
Common parameters:
-b displays login information before the specified number of days
-t displays login information since the specified number of days
-u displays the most recent login information for the specified user
-h displays help information for the summoning order
Example:
1. Display the last login information of all users in the system
[root@centos7 ~] # lastlog
User name port from the last login time
Root pts/0 192.168.198.1 June 11 10:16:19 + 0800 2020
Bin * * never logged in * *
Daemon * * never logged in * *
Adm * * never logged in * *
Lp * * never logged in * *
Sync * * never logged in * *
Shutdown * * never logged in * *
Halt * * never logged in * *
Mail * * never logged in * *
Operator * * never logged in * *
Games * * never logged in * *
Ftp * * never logged in * *
Nobody * * never logged in * *
Systemd-network * * never logged in * *
Dbus * * never logged in * *
Polkitd * * never logged in * *
Abrt * * never logged in * *
Sshd * * never logged in * *
Postfix * * never logged in * *
Chrony * * never logged in * *
Apache * * never logged in * *
Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020
2. Display login information since the specified number of days
[root@centos7 ~] # lastlog-t 3
User name port from the last login time
Root pts/0 192.168.198.1 June 11 10:16:19 + 0800 2020
Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020
3. Display the most recent login information of the specified user
[root@centos7] # lastlog-u lisi
User name port from the last login time
Lisi pts/1 192.168.198.1 June 11 12:30:01 + 0800 2020
5. Lastb command
The lastb command is used to list information about users who failed to login to the system.
Execute the lastb instruction alone, which reads the file named btmp located in the / var/log directory and displays the list of failed login users recorded in the file contents.
Syntax: lastb [- adRx] [- f] [- n] [account name.] [terminal number.]
Parameter description:
-a displays the host name or IP address from where to log in to the system on the last line.
-d translates the IP address to the host name.
-f specifies the record file.
-n or-sets the number of display columns for the list.
-R does not display the host name or IP address logged in to the system.
-x displays information such as system shutdown, reboot, and change of execution level.
Example:
1. Show users who failed to log in
[root@centos7 ~] # lastb
Root tty1 Sat Jan 4 10:06-10:06 (00:00)
Root tty1 Fri Jan 3 15:35-15:35 (00:00)
Root tty1 Fri Jan 3 15:18-15:18 (00:00)
Root tty1 Fri Jan 3 15:18-15:18 (00:00)
Root ssh:notty 192.168.198.1 Fri Jan 3 15:18-15:18 (00:00)
Btmp begins Fri Jan 3 15:18:01 2020
Stand on the shoulders of seniors and make a little progress every day
Ends~
This is the end of the "Linux command to view system logs". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.