Shulou(Shulou.com)06/01 Report--

Most people do not understand the knowledge points of this "what types of Linux log" article, so the editor summarizes the following content, detailed content, clear steps, and has a certain reference value. I hope you can get something after reading this article. Let's take a look at this "what are the types of Linux log" article.

The default log daemon for most Linux distributions is syslog, located at / etc/syslog or / etc/syslogd, and the default configuration file is / etc/syslog.conf, and any program that wants to generate logs can send information to syslog.

The Linux kernel and many programs generate a variety of error messages, warnings, and other prompts, which are very useful for administrators to understand the running status of the system, so they should be written to log files. The program that completes this process is syslog. Syslog can save logs to different files according to their category and priority. For example, for ease of reference, kernel information can be separated from other information and stored in a separate log file. By default, log files are usually saved in the "/ var/log" directory.

Log types below are common log types, but not all Linux distributions include these types:

The type describes the logs generated during auth user authentication, such as login command and su command. Authpriv is similar to auth, but can only be viewed by specific users. Console messages for the system console. Logs generated when the cron system performs scheduled tasks on a regular basis. Logs generated by some daemons in daemon. FtpFTP service. Kern system kernel messages. Local0.local7 is used by custom programs. Lpr is related to printer activity. Mail mail log. Mark generates a timestamp. The system outputs the current time to the log file at regular intervals, with each line in a format similar to May 26 11:17:09 rs2-MARK -, from which you can infer the approximate time when the system failed. Messages generated by news Network News transfer Protocol (nntp). Messages generated by ntp Network time Protocol (ntp). User user process. UucpUUCP subsystem. Log priorities common log priorities are shown in the subscript:

Priority indicates an emerg emergency, and the system is unavailable (such as a system crash), and all users are generally notified. Alert needs to be repaired immediately, such as system database corruption. Crit dangerous conditions, such as hard drive errors, may hinder some functions of the program. Err general error message. Warning warning. Notice is not an error, but it may need to be addressed. Info generic messages, which are generally used to provide useful information. Information generated by the debug debugger. None has no priority and does not log any log messages. Common log files all system applications create log files in the / var/log directory, or create subdirectories and then create log files. For example:

File / directory description / var/log/boot.log open or restart log. / var/log/cron scheduled task log / var/log/maillog mail log. / var/log/messages this log file is a summary of many process log files, from which you can see any attempted or successful intrusion. / var/log/httpd directory Apache HTTP service log. / var/log/samba directory samba software log / etc/syslog.conf file / etc/syslog.conf is the configuration file for syslog and decides where to save the log based on the log type and priority. A typical syslog.conf file format is as follows:

* .err;kern.debug Auth.notice / dev/console daemon,auth.notice / var/log/messages lpr.info / var/log/lpr.log mail.* / var/log/mail.log ftp.* / var/log/ftp.log auth.* @ see.xidian.edu.cn auth.* root Amrood netinfo.err / var/log/netinfo.log install.* / var/log/install.log * .emerg * * .alert | program_name mark.* / dev/console first lists the combination of log type and log priority The combination of each type and priority is called a selector The next column is the file, server, or terminal that outputs the log. The syslog process determines how to operate the log based on the selector.

A few notes on the configuration file:

The log type and priority are determined by the period (.) Separate, for example, kern.debug represents debugging information generated by the kernel.

Kern.debug takes precedence over debug.

The asterisk (*) indicates all, for example. Debug represents all types of debugging information, kern. Represents all messages generated by the kernel.

You can separate multiple log types with a comma (,) and multiple selectors with a semicolon (;).

Operations on the log include:

Output the log to a file, such as / var/log/maillog or / dev/console.

Send messages to users, and multiple users are separated by commas (,), such as root, amrood.

Send the message to the user program through the pipe, making sure that the program is placed after the pipe character (|).

Send the message to the syslog process on another host, where the / etc/syslog.conf file is followed by a list of hostnames that start with @, such as @ see.xidian.edu.cn.

The logger command logger is a Shell command through which you can use syslog's Syslog module and write a line of information directly to the Syslog file from the command line.

The syntax of the logger command is:

Logger [- I] [- f filename] [- p priority] [- t tag] [message...] Each option has the following meaning:

Option description-f filename uses the contents of the filename file as a log. -I record the ID of the logger process on each line. -p priority specifies the priority; the priority must be a complete selector shaped like facility.priority, and the default priority is user.notice. -t tag marks each record row with the specified label. For the log content to be written by message, multiple logs are separated by spaces; if no log content is specified and the-f filename option is empty, standard input will be used as log content. For example, write the results of the ping command to the log:

$ping 192.168.0.1 | logger-it logger_test-p local3.notice& $tail-f / var/log/userlog Oct 6 12:48:43 kevein logger_test [22484]: PING 192.168.0.1 (192.168.0.1) 56 (84) bytes of data. Oct 6 12:48:43 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=1 ttl=253 time=49.7 ms Oct 6 12:48:44 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=2 ttl=253 time=68.4 ms Oct 6 12:48:45 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=3 ttl=253 time=315 ms Oct 6 12:48:46 kevein logger_test [22484]: 64 bytes from 192. 168.0.1: icmp_seq=4 ttl=253 time=279 ms Oct 6 12:48:47 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=5 ttl=253 time=347 ms Oct 6 12:48:49 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=6 ttl=253 time=701 ms Oct 6 12:48:50 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=7 ttl=253 time=591 ms Oct 6 12:48:51 kevein logger_test [ 22484]: 64 bytes from 192.168.0.1: icmp_seq=8 ttl=253 time=592 ms Oct 6 12:48:52 kevein logger_test [22484]: 64 bytes from 192.168.0.1: icmp_seq=9 ttl=253 time=611 ms Oct 6 12:48:53 kevein logger_test [22484]: 64 bytes from 192.168.0.1: the result of the icmp_seq=10 ttl=253 time=931 msping command was successfully output to the / var/log/userlog file.

The meaning of the options of the command logger-it logger_test-p local3.notice:

-I: record the process ID on each line

-t logger_test: each line of record is labeled "logger_test"

-p local3.notice: sets the log type and priority.

A log dump is also called log rollback or log rotation. Logs in Linux usually grow rapidly, take up a lot of hard disk space, and need to be stored separately when the log files reach the specified size.

Syslog is only responsible for receiving logs and saving to the corresponding files, but does not manage the log files, so it often causes the log files to be too large, especially the WEB server, which can easily exceed 1G, which brings difficulties to retrieval.

Most Linux distributions use logrotate or newsyslog to manage logs. The logrotate program can not only compress the log file and reduce the storage space, but also send the log to the designated E-mail to facilitate the administrator to view the log in time.

For example, if you specify that the mail log / var/log/maillog is dumped once a week when the mail log / var/log/maillog exceeds 1G, then the logrotate process checks the size of the / var/log/maillog file every other week:

If there is no more than 1G, no action is taken.

If it is between 1G~2G, a new file / var/log/maillog.1 is created and the extra 1G logs are transferred to it to slim down the / var/log/maillog file.

If between 2G~3G, the new file / var/log/maillog.2 will continue to be created and the contents of / var/log/maillog.1 will be transferred to this file, and the contents of / var/log/maillog will be transferred to / var/log/maillog.1 to keep the / var/log/maillog file no more than 1G.

As you can see, each rollover creates a new file (if it does not exist) in the naming format of the log file name plus a number (automatically growing from 1) to keep the current log file and the rollover log file within the specified size.

The main configuration file for logrotate is that the / etc/logrotate.conf,/etc/logrotate.d directory complements / etc/logrotate.conf, or is set so as not to make / etc/logrotate.conf too large.

You can view its contents through the cat command:

$cat / etc/logrotate.conf # see "man logrotate" for details / / you can view the help documentation # rotate log files weekly weekly / / set up to dump once a week # keep 4 weeks worth of backlogs rotate 4 / / up to 4 times # create new (empty) log files after rotating old ones create / / when the dump Create a post-storage file when it is not stored # uncomment this if you want your log files compressed # compress / / dump # RPM packages drop log rotation information into this directory include / etc/logrotate.d / / other log files in a compressed way Contains # no packages own wtmp in this directory-- we'll rotate them here / var/log/wtmp {/ / set the dump parameter of / var/log/wtmp log file monthly / / monthly dump create 0664 root utmp / / create it when the file does not exist, the file owner is root, and the group is utmp The corresponding permission is 0664 rotate 1 / / at most one dump} Note: include allows administrators to centralize multiple scattered files into one, similar to # include in C language, to include the contents of other files in the current file.

Include is very useful, some programs will put the dump log configuration files in the / etc/logrotate.d directory, these configuration files will overwrite or add / etc/logrotate.conf configuration items, if no relevant configuration is specified, then the default configuration of / etc/logrotate.conf will be adopted.

Therefore, it is recommended that / etc/logrotate.conf be the default configuration file, and third-party programs customize the configuration file in the / etc/logrotate.d directory.

Logrotate can also be run directly as a command to modify the configuration file.

The above is about the content of this article on "what are the types of Linux logs?" I believe we all have a certain understanding. I hope the content shared by the editor will be helpful to you. If you want to know more about the relevant knowledge, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.