Shulou(Shulou.com)06/01 Report--

The content of this article mainly focuses on how to analyze Linux system log files, the content of the article is clear and clear, it is very suitable for beginners to learn, it is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

Log is a very important file in the Linux system. The log file records the work of the service process in detail. When an error occurs, you can use the log file to see what happened.

There are many different logs on your Linux computer. Historically, they have generally been stored in the / var/log directory in plain text format. There are still a lot of logs that do this, and you can easily use less to view them.

On the new openSUSE Leap 42.3 and most modern operating systems, important logs are stored by the systemd initialization system. The systemd system is responsible for starting the daemon and preparing the computer for use when the system starts. Logs recorded by systemd are stored in binary format, which makes them less space-intensive, easier to browse, and easier to export to various other formats, but the downside is that you have to use specific tools to view them. Fortunately, this tool is pre-installed on your system: its name is journalctl, and by default, it logs all logs for each daemon in one place.

Just run the journalctl command to view your systemd log. It uses the less pager to display various logs. To give you an intuitive feel, here is a log record excerpted from journalctl:

Jul 06 11:53:47 aaathats3as pulseaudio [2216]: [pulseaudio] alsa-util.c: Disabling timer-based scheduling because running inside a VM.

This separate log record thus contains the date and time of the record, the computer name, the name of the process that recorded the log, the PID of the process that recorded the log, and the log content itself.

If there is something wrong with the running of a program in the system, you can view the log file and search (use / add the keyword to search) the program name. Errors that may cause problems with the program are logged in the system log. Sometimes, the error message is detailed enough to allow you to fix the problem. At other times, you need to search for solutions on Web. Google is perfect for searching for strange Linux problems. However, when searching, please note that you only enter the actual contents of the log, and the information at the beginning of the line (date, hostname, process ID) is meaningless to the search and will interfere with the search results.

The solution is usually found in the first few connections of the search results. Of course, you can't just run the commands you found on the Internet: be sure to figure out what you're going to do and what it's going to do. It is said that searching for specific entries in the system log is much more useful than directly describing the general keywords for the fault. Because there are many reasons for program errors, and the same failure performance can also be caused by a variety of problems.

For example, there are many reasons why the system cannot produce sound. It may be that the player is not plugged in, the sound system may fail, or it may be the lack of a suitable driver. If you only describe the fault performance in general, you will find a lot of irrelevant solutions, and you will waste a lot of time. If you specialize in searching for the actual content in the log file, you may find that other people have the same log content.

You can compare figure 1 with figure 2.

Figure 1 the fault performance of the search system will only show general and inaccurate results. This kind of search is usually useless.

Figure 2 searching for specific log lines shows accurate and useful results. This kind of search is usually useful.

There are also some systems that do not use journalctl to log. The most common type of log on the desktop includes / var/log/zypper.log;, which records the behavior of the openSUSE package manager, and / var/log/boot.log, which records messages at startup, which tend to scroll so fast that you can't see them at all; / var/log/ntp is used to record errors that occur when the Network Time Protocol (NTP) daemon synchronizes. Another place to store hardware failure information is the "Kernel Ring Buffer" (kernel ring buffer), which you can view by typing the demesg-H command (which also calls the less pager). "Kernel Ring Buffer" is stored in memory and will be lost when the computer is rebooted. But it contains important events in the Linux kernel, such as new hardware, loaded modules, and strange network errors.

What is Linux system Linux is a free-to-use and free-spread UNIX-like operating system, is a POSIX-based multi-user, multi-task, multi-threaded and multi-CPU operating system, using Linux can run major Unix tools, applications and network protocols.

Thank you for your reading. I believe you have some understanding of "how to analyze Linux system log files". Go to practice quickly. If you want to know more about it, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.