Shulou(Shulou.com)06/02 Report--

How to carry on the syslog analysis of Linux system, in view of this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

1. Syslog of log system

Syslog is the default log daemon in Linux systems, which defaults to syslog on RHEL5 and syslog-ng (next generation) on RHEL6. Syslog-ng not only has a major change in configuration, but also supports more powerful features. But here we will take RHEL5 as an example, introducing syslog first and then syslog-ng later.

[root@liangxu ~] # chkconfig-- list syslogsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@soysauce ~] # service syslog statussyslogd (pid 2887) is running...klogd (pid 2890) is running...syslogd: system, non-kernel generated information klogd: kernel, specially responsible for recording log information generated by the kernel

II. Detailed explanation of the configuration of Syslog service

1. Configuration file definition format: facility.priority action

[root@liangxu ~] # cat / etc/syslog.conf # Log all kernel messages to the console.# Logging much else clutters up the screen.#kern.* / dev/console# Log anything (except mail) of level info or higher.# Don't log private authentication messageshandling. Infoter.noneten news.noneten authpriv.none Cron.none / var/log/messages# The authpriv file has restricted access.authpriv.* / var/log/secure# Log all the mail messages in one place.mail.*-/ var/log/maillog # "-" indicates asynchronous write # Log Cron stuffcron.* / var/log/cron# Everybody gets emergency messages*.emerg * # Save news errors of level crit and higher in a special file.uucp News.crit / var/log/spooler# Save boot messages also to boot.loglocal7.* / var/log/boot.log## INN#news.=crit / var/log/news/news.critnews.=err / var/log/news/news.errnews.notice / var/log/news/news.notice

2. Facility of configuration file: source of log

Auth # authpriv # permissions related to authentication Authorization related cron # task planning related daemon # daemon related kern # kernel related lpr # print related mail # email related mark # tag related news # News related Security # Security related Uucp # unix to unix cp related to auth similar to syslog # syslog own user # users local0 to local7 # user-defined use of * # * to represent all facility

3. Priority of configuration file: the level of log

Debug # debugging information of the program or system info # General information notice # does not affect the normal function, the message warning/warn # that needs to be noted may affect the function of the system Important events that need to remind users err/error # error message crit # serious alert # emerg/panic # which must be dealt with immediately will cause the system to become unavailable * # indicates that all log levels are none # contrary to * It means nothing.

4. Action of configuration file: location of log record

Absolute path on the system # ordinary files such as: / var/log/xxx | # pipes are sent to other command processing terminals through pipes # terminals such as / dev/console @ HOST # remote hosts such as: @ 10.0.0.1 users # system users such as: root * # log in to all users on the system General emerg-level logs are defined in this way

5. Syslog service script configuration file

[root@liangxu ~] # cat / etc/sysconfig/syslog# Options to syslogd#-m 0 disables' MARK' messages.#-r enables logging from remote machines#-x disables DNS lookups on messages recieved with-r # See syslogd (8) for more detailsSYSLOGD_OPTIONS= "- m 0" # add "- r" here to accept log messages from other hosts and record # Options to klogd#-2 prints all kernel oops messages twice Once for klogd to decode, and# once for processing with 'ksymoops'#-x disables all klogd processing of oops messages entirely# See klogd (8) for more detailsKLOGD_OPTIONS= "- x" # SYSLOG_UMASK=077# set this to a umask value to use for all log files as in umask (1). # By default, all permissions are removed for "group" and "other".

Defining an example of a format

Mail.info / var/log/mail.log # means to record mail-related information at the info level or above in the mail.log file auth.=info @ 10.0.0.1 # means to record the auth-related, basically info-related information to the 10.0.0.1 host use. recording error # indicates recording user-related information Does not include error-level information user.invalid error # as opposed to user.error * .mail.* # indicates that all log information is recorded at info level mail.* # indicates that all levels of information related to mail are recorded *. * # all children Information at all levels of the system cron.info Mail.info # multiple log sources can be used ";" to separate cron,mail.info # from cron.info;mail.info means mail.* Mail. Recording info # means recording all levels of information related to mail, but not including info-level answers to questions on how to do syslog analysis of Linux systems. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.