Linux Log

Posted nedrain

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux Log相关的知识,希望对你有一定的参考价值。

/var/log : where the linux put the logs

/var/log/cron on system cron tasks
/var/log/cups/ something about the printer
/var/log/dmesg/ system self check
/var/log/btmp wrong login
/var/log/lastlog last login
/var/log/mailog mail
... ...

lastb (last failed login)

┌─[root@nedrain]─[~]
└──? $lastb
admin    ssh:notty    14.232.208.55    Thu Jun 18 15:05 - 15:05  (00:00)
nagesh   ssh:notty    1.7.146.89       Thu Jun 18 12:50 - 12:50  (00:00)
cll      ssh:notty    49.234.39.194    Wed Jun 17 21:37 - 21:37  (00:00)
admin    ssh:notty    14.160.29.42     Wed Jun 17 08:41 - 08:41  (00:00)
admin    ssh:notty    170.247.41.106   Wed Jun 17 08:41 - 08:41  (00:00)

lastlog (last login)

┌─[root@nedrain]─[~]
└──? $lastlog
Username         Port     From             Latest
root             pts/0    114.104.73.243   Thu Jun 18 16:20:07 +0800 2020
bin                                        **Never logged in**
daemon                                     **Never logged in**
adm                                        **Never logged in**
lp                                         **Never logged in**
sync                                       **Never logged in**
shutdown                                   **Never logged in**
halt                                       **Never logged in**
mail                                       **Never logged in**
operator                                   **Never logged in**
games                                      **Never logged in**
ftp                                        **Never logged in**
nobody                                     **Never logged in**
systemd-network                            **Never logged in**
dbus                                       **Never logged in**
polkitd                                    **Never logged in**
postfix                                    **Never logged in**
chrony                                     **Never logged in**
sshd                                       **Never logged in**
ntp                                        **Never logged in**
tcpdump                                    **Never logged in**
nscd                                       **Never logged in**

last (login log)

┌─[root@nedrain]─[~]
└──? $last
root     pts/0        114.104.73.243   Thu Jun 18 16:20   still logged in
root     pts/0        114.104.73.243   Thu Jun 18 12:35 - 14:08  (01:33)
root     pts/0        114.104.73.243   Thu Jun 18 11:34 - 11:38  (00:03)
root     pts/0        114.104.73.243   Thu Jun 18 11:15 - 11:27  (00:11)
root     pts/0        117.136.100.100  Wed Jun 17 22:05 - 00:03  (01:57)
root     pts/0        117.136.100.100  Wed Jun 17 15:22 - 19:44  (04:22)
root     pts/1        36.62.46.62      Wed Jun 17 10:17 - 15:35  (05:17)
root     pts/1        36.62.46.62      Wed Jun 17 10:14 - 10:17  (00:03)
root     pts/0        36.62.46.62      Wed Jun 17 09:39 - 11:53  (02:14)
root     pts/2        117.136.100.113  Tue Jun 16 22:36 - 01:25  (02:48)
root     pts/1        36.62.46.62      Tue Jun 16 22:19 - 00:40  (02:20)
root     pts/0        36.62.46.62      Tue Jun 16 22:07 - 00:22  (02:15)
root     pts/2        36.62.46.62      Tue Jun 16 18:37 - 20:49  (02:11)
root     pts/1        36.62.46.62      Tue Jun 16 18:32 - 20:44  (02:11)
root     pts/0        36.62.46.62      Tue Jun 16 18:24 - 20:36  (02:11)
root     pts/0        36.62.46.62      Tue Jun 16 18:03 - 18:05  (00:02)
root     pts/0        36.62.46.62      Tue Jun 16 18:01 - 18:01  (00:00)
root     pts/0        36.62.46.62      Tue Jun 16 17:59 - 18:00  (00:01)
root     pts/7        36.62.46.62      Tue Jun 16 15:46 - 17:57  (02:11)
root     pts/6        36.62.46.62      Tue Jun 16 15:33 - 17:51  (02:17)
root     pts/5        36.62.46.62      Tue Jun 16 15:21 - 17:40  (02:18)
root     pts/4        36.62.46.62      Tue Jun 16 15:16 - 17:28  (02:11)
root     pts/3        36.62.46.62      Tue Jun 16 15:10 - 17:23  (02:12)
root     pts/1        36.62.46.62      Tue Jun 16 14:48 - 17:02  (02:13)
root     pts/0        36.62.46.62      Tue Jun 16 14:37 - 16:51  (02:13)
root     pts/2        36.62.46.62      Tue Jun 16 13:23 - 15:51  (02:27)
root     pts/2        36.62.46.62      Tue Jun 16 12:08 - 12:08  (00:00)
root     pts/2        36.62.46.62      Tue Jun 16 11:59 - 12:08  (00:09)
root     pts/3        36.62.46.62      Tue Jun 16 11:55 - 11:59  (00:03)
root     pts/2        36.62.46.62      Tue Jun 16 11:52 - 11:55  (00:03)
root     pts/1        36.62.46.62      Tue Jun 16 11:42 - 13:57  (02:15)
root     pts/1        36.62.46.62      Tue Jun 16 11:38 - 11:39  (00:00)
root     pts/0        36.62.46.62      Tue Jun 16 11:36 - 13:48  (02:12)
root     pts/0        36.62.46.62      Tue Jun 16 11:31 - 11:36  (00:04)
root     pts/0        36.62.46.62      Tue Jun 16 11:27 - 11:29  (00:01)
reboot   system boot  3.10.0-693.2.2.e Tue Jun 16 18:51 - 16:22 (1+21:31)

/var/log/messages (IMPORTANT SYSTEM MESSAGES)

vim /var/log/messages

...
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost systemd: Got automount request for /proc/sys/fs/binfmt_misc, triggered by 442 (sysctl)
Oct 15 23:25:16 localhost systemd: Mounting Arbitrary Executable File Formats File System...
Oct 15 23:25:16 localhost systemd: Mounted Arbitrary Executable File Formats File System.
Oct 15 23:25:16 localhost kernel: nr_pdflush_threads exported in /proc is scheduled for removal
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpuset
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpu
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpuacct
Jun 16 18:51:33 localhost kernel: Linux version 3.10.0-693.2.2.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Sep 12 22:26:13 UTC 2017
Jun 16 18:51:33 localhost kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-693.2.2.el7.x86_64 root=UUID=eb448abb-3012-4d8d-bcde-94434d586a31 ro crashkernel=auto net.ifnames=0 console=tty0 console=ttyS0,115200n8
Jun 16 18:51:33 localhost kernel: e820: Bios-provided physical RAM map:
"/var/log/messages" 2516L, 181475C                            1,1           Top
Jun 18 16:00:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:01:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:01:01 localhost systemd: Starting User Slice of root.
Jun 18 16:01:01 localhost systemd: Started Session 409 of user root.
Jun 18 16:01:01 localhost systemd: Starting Session 409 of user root.
Jun 18 16:01:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:01:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:10:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:10:01 localhost systemd: Starting User Slice of root.
Jun 18 16:10:01 localhost systemd: Started Session 410 of user root.
Jun 18 16:10:01 localhost systemd: Starting Session 410 of user root.
Jun 18 16:10:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:10:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:20:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:20:01 localhost systemd: Starting User Slice of root.
Jun 18 16:20:01 localhost systemd: Started Session 411 of user root.
Jun 18 16:20:01 localhost systemd: Starting Session 411 of user root.
Jun 18 16:20:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:20:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:20:05 localhost systemd: Created slice User Slice of root.
Jun 18 16:20:05 localhost systemd: Starting User Slice of root.
Jun 18 16:20:05 localhost systemd: Started Session 412 of user root.
Jun 18 16:20:05 localhost systemd-logind: New session 412 of user root.
Jun 18 16:20:05 localhost systemd: Starting Session 412 of user root.

/var/log/secure (About Verification Login)

vim var/log/secure

Jun 16 11:29:14 localhost sshd[1200]: Disconnected from 36.62.46.62 port 43904
Jun 16 11:29:14 localhost sshd[1200]: pam_unix(sshd:session): session closed for user root
Jun 16 11:31:51 localhost sshd[10429]: Accepted publickey for root from 36.62.46.62 port 44410 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:31:51 localhost sshd[10429]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:36:03 localhost sshd[10429]: Received disconnect from 36.62.46.62 port 44410:11: disconnected by user
Jun 16 11:36:03 localhost sshd[10429]: Disconnected from 36.62.46.62 port 44410
Jun 16 11:36:03 localhost sshd[10429]: pam_unix(sshd:session): session closed for user root
Jun 16 11:36:04 localhost sshd[10450]: Accepted publickey for root from 36.62.46.62 port 44838 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:36:04 localhost sshd[10450]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:38:59 localhost sshd[10468]: Accepted publickey for root from 36.62.46.62 port 45240 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:38:59 localhost sshd[10468]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:39:17 localhost sshd[10468]: Received disconnect from 36.62.46.62 port 45240:11: disconnected by user
...

Rotate and Divide of log : "logrotate" Use the file : "/etc/logrotate.conf"

vim /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
// ...

/etc/logrotate.conf is the main configure file, and in the directory "/etc/logrotate.d", you have more for some softwares

You can edit both /etc/logrotate.conf or files in /etc/logrotate.d

┌─[root@nedrain]─[/etc/logrotate.d]
└──? $ls
bootlog  chrony  syslog  wpa_supplicant  yum

┌─[root@nedrain]─[/etc/logrotate.d]
└──? $vim yum
// the output of file "yum"
/var/log/yum.log {
    missingok
    notifempty
    size 30k
    yearly
    create 0600 root root
}

define your own log

// at the file /etc/rsyslog.conf
vim /etc/rsyslog.conf

// all services‘ critical error will be logged in /var/log/alert.log
*.crit  /var/log/alert.log

service rsyslog restart // don‘t forget restart rsyslog

以上是关于Linux Log的主要内容,如果未能解决你的问题,请参考以下文章

python常用代码片段总结

前端开发常用js代码片段

vs code 自定义代码片段

sublime text 3 添加 javascript 代码片段 ( snippet )

jacript var let const 区别

ES7-Es8 js代码片段