Shulou(Shulou.com)06/01 Report--

Editor to share with you the example analysis of syslogd and syslog.conf files under linux, I believe that most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's go to know it!

1: introduction to syslog.conf

For different types of Unix, the standard UnixLog system settings, in fact, except for some keywords, the syslog.conf format of the system is the same. Syslog adopts a configurable and unified system registration program to accept log requests from all parts of the system at any time, and then write the log information into the corresponding file, mail it to a specific user or send it directly to the console according to the preset settings in / etc/syslog.conf. It is worth noting that in order to prevent the intruder from modifying or deleting the recorded information in the messages, the intruder's attempt can be thwarted by recording it with a printer or by means of it.

2: format of syslog.conf

You can refer to man [5] syslog.conf. Here is a brief introduction to syslog.conf.

A configuration record in the / etc/syslog.conf file consists of two parts, "selector" and "action", separated by tab tabs (it is not valid to use space intervals). The "option" consists of one or more reserved fields in the form of "type." the reserved fields are separated by semicolons. As shown in the following line:

Type. Level [/ type]. Level] `TAB` action

2.1 Typ

The "type" in the reserved field represents the source of the information, which can be:

Auth authentication system, that is, asking for a user name and password

Cron system timing system information sent when the timing system executes timing tasks

Daemon the syslog of the daemon of some systems, such as the log generated by in.ftpd

Syslog information of kern kernel

Syslog Information for lpr Printer

Syslog information of mail mail system

A time scale program for mark to send messages at regular intervals

Syslog Information of news News system

Syslog information for user local user applications

Syslog information of uucp uucp subsystem

Local0..7 local type of syslog information, which can be defined by the user

* represents the above equipment

2.2 level

The "level" in the reserved field represents the importance of the information, which can be:

Emerg is urgent and is in Panic state. Should usually be broadcast to all users

Alert alert, the current state must be corrected immediately. For example, the system database crashes

Warning of crit critical status. For example, hardware failure

Err other errors

Warning warning

Notice note; reports of non-error status, but should be handled specially

Info Notification Information

Information when debugging programs in debug

None is usually used when debugging programs, indicating that information generated by types with a none level does not need to be sent. For example, * .debug; mail.none means that all messages except email messages are sent during debugging.

2.3 Action

The Action field indicates the destination to which the message is sent. It can be:

/ filename log file. The file name indicated by the absolute path, which must be established in advance

The @ host remote host; the @ symbol can be followed by an ip or a domain name. By default, the alias loghost has been assigned to the local machine under the / etc/hosts file.

User1,user2 specifies the user. If the specified user is logged in, they will receive a message

* all users. All logged-in users will receive a message.

3: specific examples

Let's look at the example in the / etc/syslog.conf file:

……

* .err;kern.debug;daemon.notice;mail.crit [TAB] / var/adm/messages

……

The "action" in this line is the / var/adm/messages file we often care about, and the source of the information output to it is "selector":

* .err-all general error messages

Kern.debug-debugging information generated by the core

Daemon.notice-attention information for the daemon

Mail.crit-key warning message for the mail system

4:syslog.conf content

The log files are controlled by the system log and kernel log monitors syslogd and klogd, and the default activity of these two monitors is configured in the / etc/syslog.conf file.

Log files are organized as described in the / etc/syslog.conf configuration file. The following is the contents of the / etc/syslog.conf file:

[root@localhost ~] # cat / etc/syslog.conf# Log all kernel messages to the console.# Logging much else clutters up the screen.#kern.* / dev/console# Log anything (except mail) of level info or higher.# Don't log private authentication messagesmail.noneten authpriv.none Cron.none / var/log/messages# The authpriv file has restricted access.authpriv.* / var/log/secure# Log all the mail messages in one place.mail.*-/ var/log/maillog# Log cron stuffcron.* / var/log/cron# Everybody gets emergency messages*.emerg * # Save news errors of level crit and higher in a special file.uucp,news.crit / var/log/spooler# Save boot messages also to boot.loglocal7.* / var/log/boot.log

5. Version

Syslog mechanism is a kind of logging method which is often used in unix-like systems. It can record all kinds of log information during the operation of the system at multiple levels. For example, the log of kernel running information, the log of program running output and so on. When developing for an embedded system, writing some important information when the program is running into the log is very helpful for program debugging and error diagnosis. Important information includes important variables when the program is running, function running results, error records, and so on. For embedded systems, due to the limited system resources, and cross-development, debugging and diagnosis and inconvenience. Using the syslog mechanism, this work can be greatly simplified.

Not all embedded systems can use syslog. First of all, the system uses a unix-like operating system, commonly used is linux. Secondly, in order to support remote logging, the system must support network communication. Fortunately, most embedded systems are based on linux and support network. The following discusses the specific implementation.

When compiling busybox, select the syslog application and add busybox to the file system of linux. After the embedded system is started, the client side of syslog can be configured. The configuration of syslog's service process, syslogd, varies depending on the busybox version. Early syslogd ignored the configuration items in the syslog.conf file and configured them directly with command parameters. The new version of syslogd supports configuration using syslog.conf files. You can view the help information through syslogd-h to determine the current version of syslogd.

When the syslog.conf configuration is not supported, directly use the command parameters and enter the following command to start syslogd:

Syslogd-n-m 0-L-R 192.190.1.88

The-n option indicates that the process is running in the foreground.

The-m option specifies the cycle interval.

The-L option means that while remote logging is made, it is also recorded locally. If this option is not added, only remote logging is performed.

-R means to log remotely and send syslog logs to the target server. It is assumed that the IP address of the target server is 192.190.1.88. If no port is specified, UDP port 514 is used by default. So make sure that the port on the server is not occupied.

After startup, all log information is sent to UDP port 514 of the server.

When syslog.conf configuration is supported, you only need to modify the configuration file. Add the following statement to the file:

*. @ 192.190.1.88

The above is all the contents of the article "sample Analysis of syslogd and syslog.conf Files under linux". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.