Shulou(Shulou.com)06/03 Report--

1. Functions of log files

Log files are used to record all kinds of running information in the Linux system, which is equivalent to the "diary" of the Linux host. Different log files record different types of information, such as Linux kernel messages, user login events, program errors, and so on.

Log files are very helpful for diagnosing and resolving problems in the system, because programs running on Linux systems usually write system messages and error messages to the corresponding log files, so that if there is a problem with the system, it will be "documented". In addition, log files can also help find traces left by visitors.

2. Classification of log files

(1) Kernel and system log:

In system versions above 6, this kind of log data is managed by the system service rsyslog, which decides where to log kernel messages and various system program messages according to the settings in its main configuration file / etc/rsyslog.conf.

(2) user log:

It is used to record the relevant information of Linux system users logging in and out of the system, including user name, login terminal, login time, source host, process operation in use and so on.

(3) Program log:

Some applications will choose to manage a log file independently instead of handing it over to the rsyslog service to record all kinds of event information during the process of running the program.

3. Location of log files

The log files of the Linux system itself and most server programs are placed under / var/log/ by default. Some programs share a log file, and some programs use a single log file. For some large server program logs, because there is more than one log file, a corresponding subdirectory is established in the / var/log/ directory to store the log file, which not only ensures a clear structure of the log file directory, but also quickly locates the log file.

There are a considerable number of logs that only root users have the right to read, which ensures the security of the relevant log information.

4. Common log files and viewing methods

5. The level of log messages

In the Linux kernel, log messages are divided into different limited levels according to their importance (the smaller the number, the higher the priority, and the more important the message).

6. Log file analysis

(1)。 Saved the user login, exit system and other related information

(2)。 Analysis tool

Users: view users who can log in

Who,w: view online users

Last: view recently logged-in users

Lastb: view users who have recently attempted to log in and failed

(3)。 Managed independently by the corresponding application

(4)。 Analysis tool

7. Log management policy

Generally speaking, as a qualified system manager, we should be vigilant, pay attention to all kinds of suspicious situations at any time, and check all kinds of system log files regularly and randomly, including general information log, network connection log, file transfer log and user login log. When checking these logs, pay attention to whether there is any unreasonable time or operation record.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.