Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to understand the management log in the Linux system. Many people may not know much about it. In order to make you understand better, the editor has summarized the following for you. I hope you can get something according to this article.

Managing log files on Linux systems can be easy or painful. It all depends on what you think log management is.

If you think about how to make sure that log files don't run out of disk space on your Linux server, the question is usually simple. The log files on the Linux system are automatically flipped, and only a fixed number of flipped logs are maintained. Even so, it can be overwhelming to look at a set of hundreds of files at a glance. In this article, we will look at how log rotation works, as well as some of the most relevant log files.

Automatic log rotation

Log files are often rotated. The current log gets a slightly different file name and creates a new log file. Take Syslog files as an example. For many normal system messages files, this file is an all-inclusive thing. If you cd to / var/log and check, you may see a series of Syslog files, as shown below:

Ls-l syslog*-rw-r- 1 syslog adm 28996 Jul 30 07:40 syslog-rw-r- 1 syslog adm 71212 Jul 30 00:00 syslog.1-rw-r- 1 syslog adm 5449 Jul 29 00:00 syslog.2.gz-rw-r- 1 syslog adm 6152 Jul 28 00:00 syslog.3.gz-rw-r- 1 syslog adm 7031 Jul 27 00:00 syslog.4.gz-rw-r- -1 syslog adm 5602 Jul 26 00:00 syslog.5.gz-rw-r- 1 syslog adm 5995 Jul 25 00:00 syslog.6.gz-rw-r- 1 syslog adm 32924 Jul 24 00:00 syslog.7.gz

Rotation occurs at midnight every day, and the old log files are retained for a week, and then the oldest Syslog files are deleted. The syslog.7.gz file will be deleted from the system and the syslog.6.gz will be renamed syslog.7.gz. The rest of the log file will be renamed in turn until syslog becomes syslog.1 and a new syslog file is created. Some Syslog files will be larger than others, but in general, no file may become very large, and you will never see more than eight files. This gives you more than a week to review any data they collect.

The number of files maintained by a particular log file depends on the log file itself. Some files may have 13. Notice how syslog and dpkg's old files are compressed to save space. The consideration here is that you are most interested in recent logs, while older logs can be unzipped with gunzip as needed.

Log files can be rotated according to time and size. Keep this in mind when checking log files.

Although the default values apply to most Linux system administrators, you can configure log file rotation differently if you prefer. Look at these files, such as / etc/rsyslog.conf and / etc/logrotate.conf.

Use log files

The management of log files also includes using them from time to time. The first step in using log files may include getting used to each log file to tell you about how the system works and what problems the system may encounter. Reading log files from beginning to end is hardly a good choice, but when you want to know how your system is running or need to track a problem, knowing how to get information from log files can be of great benefit. This also shows that you have a general understanding of the information stored in each file. For example:

$who wtmp | tail-10 displays recent login information $who wtmp | grep shark displays the recent login information of a specific user $grep "sudo:" auth.log to see who is using sudo$ tail dmesg to view (recent) kernel logs $tail dpkg.log to view recently installed and updated software packages $more ufw.log Check firewall activity (if you use ufw)

Some of the commands you run will also extract information from log files. For example, if you want to see a list of system reboots, you can use the following command:

$last rebootreboot system boot 5.0.0-20-generic Tue Jul 16 13:19 still runningreboot system boot 5.0.0-15-generic Sat May 18 17:26-15:19 (21th 21 still runningreboot system boot 52) reboot system boot 5.0.0-13-generic Mon Apr 29 10:55-15:34 (18504 still runningreboot system boot 39)

Use a more advanced log manager

Although you can write scripts to find information of interest in log files more easily, you should also know that there are some very complex tools available for log file analysis. Some can link information from multiple sources to get a more comprehensive picture of what's going on on your network. They can also provide real-time monitoring. These tools, such as Solarwinds Log & Event Manager and PRTG Network Monitor (including log monitoring) come to mind.

There are also some free tools to help analyze log files. These include:

Logwatch-the program used to scan the log lines of interest in the system log

Logcheck-Syslog Analyzer and Reporter

After reading the above, do you have any further understanding of how to understand the management logs in the Linux system? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.