Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to view the contents of the log file under CentOS". The content in the article is simple and clear, and it is easy to learn and understand. Please follow the editor's train of thought to study and learn "how to view the contents of the log file under CentOS".

1. Primary log file

The Linux system itself and the log files for most service programs are placed in the directory "/ var/log" by default. Some programs share a log file, some programs use a single log file, and some larger programs create subdirectories in the "/ var/log" directory to store log files because there is more than one log file. There are a considerable number of log files that only root users have the right to read, which ensures the security of the relevant log information.

Example: check various log files and subdirectories in the "/ var/log" directory.

Among these log files, the most important or frequently used are:

/ var/log/messages: record Linux kernel messages and common log information of various applications, including startup, Imax O errors, network errors, program failures, etc. For applications or services that do not use stand-alone log files, you can generally obtain relevant event logging information from that log file.

/ var/log/cron: record the event information generated by the crond scheduled task.

/ var/log/dmesg: record various event information of the Linux system during the boot process.

/ var/log/maillog: record the email activity that enters or sends out the system.

/ var/log/lastlog: recent successful login events and the last unsuccessful login event.

/ var/log/rpmpkgs: record the list information of each rpm package installed in the system.

/ var/log/secure: record all security-related and user login authentication process event information.

/ var/log/wtmp: log each user login, logout, and system startup and downtime events.

/ var/run/utmp: records the details of each user who is currently logged in.

two。 View the contents of the log file

Most log files can be viewed using tail, more, less, cat and other text processing tools, most of which use the tail command, so you can easily view the most recent log information. And if you add the "- f" option to the tail command, you can view the latest information in the log file in real time.

Typically, kernel and most system messages are logged to the common log file "/ var/log/messages", while other program messages are logged to different files. Log messages can also be logged to a specific storage device or sent directly to the user.

Example: real-time monitoring of log information in / var/log/messages.

[root@localhost] # tail-f / var/log/messages

Oct 21 04:48:35 localhost avahi-daemon [3152]: Joining mDNS multicast group on interface eth0.IPv4 with address 192.168.80.130.

Oct 21 04:48:35 localhost avahi-daemon [3152]: Registering new address record for 192.168.80.130 on eth0.

Oct 21 04:48:35 localhost NET [4094]: / sbin/dhclient-script: updated / etc/resolv.conf

Oct 21 04:48:35 localhost dhclient: bound to 192.168.80.130-renewal in 760 seconds.

Oct 21 05:01:15 localhost dhclient: DHCPREQUEST on eth0 to 192.168.80.254 port 67

Oct 21 05:01:15 localhost dhclient: DHCPACK from 192.168.80.254

Oct 21 05:01:15 localhost dhclient: bound to 192.168.80.130-- renewal in 723 seconds.

Oct 21 05:13:18 localhost dhclient: DHCPREQUEST on eth0 to 192.168.80.254 port 67

Oct 21 05:13:18 localhost dhclient: DHCPACK from 192.168.80.254

Oct 21 05:13:18 localhost dhclient: bound to 192.168.80.130-- renewal in 749 seconds.

Oct 21 05:22:58 localhost kernel: Installing knfsd (copyright (C) 1996 okir@monad.swb.de)

Oct 21 05:22:58 localhost kernel: NFSD: Using / var/lib/nfs/v4recovery as the NFSv4 state recovery directory

Oct 21 05:22:58 localhost kernel: NFSD: starting 90-second grace period

The logging format used in most log files is the same. Let's take the public log file "/ var/log/messages" as an example to illustrate the basic format of logging.

Each line in the log file represents a message, and each message consists of a fixed format of four fields.

Time tag: the date and time the message was sent.

Hostname: the name of the computer that generated the message.

Subsystem name: the name of the application that sent the message.

Message: the specific content of the message.

For example, the last message shown above:

Oct 21 05:22:58 localhost kernel: NFSD: starting 90-second grace period

The meaning of this message is:

05:22:58 on the host localhost, the message generated by the nfsd service in the kernel kernel reads "starting 90-second grace period". Manage Log Service

The kernel and Syslog functions in the RHEL system are mainly provided by the rsyslogd service, whose configuration file is "/ etc/rsyslog.conf".

The rsyslogd service is installed by default and runs automatically, and the / etc/rsyslog.conf configuration file sets the log to specify which information needs to be recorded and where it is recorded.

Example: view the main contents of the / etc/rsyslog.conf configuration file.

Each line in the / etc/rsyslog.conf file represents a setting value, and the syntax for each setting value is as follows:

Message type execution action

The message type specifies which messages need to be logged, and the execute Action tells the Syslog service how to handle these messages.

Message Type must specify the type of message in the following format:

A source of information. Priority

"Source" indicates the subsystem from which the message was delivered. The main sources are the following:

Authpriv: messages related to user security and authentication

Cron: messages related to scheduled tasks

Daemon: messages related to general services

Kern: messages from the system kernel

Mail: messages from the mail system

LocalN: reserved

"priority" is used to indicate the priority of the message, that is, the importance of the message. The priority is as follows (the smaller the number, the higher the priority, and the more important the message):

0 EMERG (emergency): a condition that can cause the host system to become unavailable.

1 ALERT (warning): problems that must be solved immediately.

2 CRIT (serious): a relatively serious condition.

3 ERR (error): an error occurred in the operation.

4 WARNING (reminder): important events that may affect the function of the system and need to remind users.

5 NOTICE (Note): events that do not affect normal functionality, but require attention.

6 INFO (information): general information.

7 DEBUG (debugging): program or system debugging information.

In addition, sources and priorities can use asterisks (*) to represent all, so *. * represents messages from all levels of all subsystems.

The execute Action field is used to define how to handle received messages, and you can specify the following:

/ PATH/FILENAME: stores the message in the specified file, which must be named with an absolute path beginning with a slash (/)

USERNAME: sends a message to a specified logged-in user

@ HOSTNAME: forwards the message to the specified log server

*: send a message to all users who have logged in.

Therefore, the setting value in the file:

Authpriv.* / var/log/secure

It means that messages at all levels related to user security and authentication are stored in the specified file / var/log/secure.

When setting the message Type, there are three ways:

L ".": means that higher priorities (including that priority) are recorded than later. For example, mail.info represents that as long as the message is mail and the priority of the message is higher than info (including info itself), it will be recorded.

L ". =": it means that the priority you need is the next priority, and don't do anything else.

L ".!": represents not equal, that is, all priorities except that priority are recorded.

For example, the following settings:

Mail.info / var/log/maillog_info

Indicates that the information generated by the mail service that is greater than or equal to the info priority is recorded in the / var/log/maillog_info file.

In addition, if you need to use the same "execute action" for different types of messages, syslog.conf allows you to connect multiple messages using semicolons, such as setting values:

* .info;mail.none;authpriv.none;cron.none / var/log/messages

It means that all messages above the info level (excluding messages from the mail system related to user security, authentication, and scheduled tasks) are stored in the specified file / var/log/messages.

Thank you for your reading, the above is the content of "how to view the contents of the log file under CentOS". After the study of this article, I believe you have a deeper understanding of how to view the contents of the log file under CentOS. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.