Linux Log
Posted nedrain
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Linux Log相关的知识,希望对你有一定的参考价值。
/var/log : where the linux put the logs
/var/log/cron | on system cron tasks |
/var/log/cups/ | something about the printer |
/var/log/dmesg/ | system self check |
/var/log/btmp | wrong login |
/var/log/lastlog | last login |
/var/log/mailog | |
... | ... |
lastb (last failed login)
┌─[root@nedrain]─[~]
└──? $lastb
admin ssh:notty 14.232.208.55 Thu Jun 18 15:05 - 15:05 (00:00)
nagesh ssh:notty 1.7.146.89 Thu Jun 18 12:50 - 12:50 (00:00)
cll ssh:notty 49.234.39.194 Wed Jun 17 21:37 - 21:37 (00:00)
admin ssh:notty 14.160.29.42 Wed Jun 17 08:41 - 08:41 (00:00)
admin ssh:notty 170.247.41.106 Wed Jun 17 08:41 - 08:41 (00:00)
lastlog (last login)
┌─[root@nedrain]─[~]
└──? $lastlog
Username Port From Latest
root pts/0 114.104.73.243 Thu Jun 18 16:20:07 +0800 2020
bin **Never logged in**
daemon **Never logged in**
adm **Never logged in**
lp **Never logged in**
sync **Never logged in**
shutdown **Never logged in**
halt **Never logged in**
mail **Never logged in**
operator **Never logged in**
games **Never logged in**
ftp **Never logged in**
nobody **Never logged in**
systemd-network **Never logged in**
dbus **Never logged in**
polkitd **Never logged in**
postfix **Never logged in**
chrony **Never logged in**
sshd **Never logged in**
ntp **Never logged in**
tcpdump **Never logged in**
nscd **Never logged in**
last (login log)
┌─[root@nedrain]─[~]
└──? $last
root pts/0 114.104.73.243 Thu Jun 18 16:20 still logged in
root pts/0 114.104.73.243 Thu Jun 18 12:35 - 14:08 (01:33)
root pts/0 114.104.73.243 Thu Jun 18 11:34 - 11:38 (00:03)
root pts/0 114.104.73.243 Thu Jun 18 11:15 - 11:27 (00:11)
root pts/0 117.136.100.100 Wed Jun 17 22:05 - 00:03 (01:57)
root pts/0 117.136.100.100 Wed Jun 17 15:22 - 19:44 (04:22)
root pts/1 36.62.46.62 Wed Jun 17 10:17 - 15:35 (05:17)
root pts/1 36.62.46.62 Wed Jun 17 10:14 - 10:17 (00:03)
root pts/0 36.62.46.62 Wed Jun 17 09:39 - 11:53 (02:14)
root pts/2 117.136.100.113 Tue Jun 16 22:36 - 01:25 (02:48)
root pts/1 36.62.46.62 Tue Jun 16 22:19 - 00:40 (02:20)
root pts/0 36.62.46.62 Tue Jun 16 22:07 - 00:22 (02:15)
root pts/2 36.62.46.62 Tue Jun 16 18:37 - 20:49 (02:11)
root pts/1 36.62.46.62 Tue Jun 16 18:32 - 20:44 (02:11)
root pts/0 36.62.46.62 Tue Jun 16 18:24 - 20:36 (02:11)
root pts/0 36.62.46.62 Tue Jun 16 18:03 - 18:05 (00:02)
root pts/0 36.62.46.62 Tue Jun 16 18:01 - 18:01 (00:00)
root pts/0 36.62.46.62 Tue Jun 16 17:59 - 18:00 (00:01)
root pts/7 36.62.46.62 Tue Jun 16 15:46 - 17:57 (02:11)
root pts/6 36.62.46.62 Tue Jun 16 15:33 - 17:51 (02:17)
root pts/5 36.62.46.62 Tue Jun 16 15:21 - 17:40 (02:18)
root pts/4 36.62.46.62 Tue Jun 16 15:16 - 17:28 (02:11)
root pts/3 36.62.46.62 Tue Jun 16 15:10 - 17:23 (02:12)
root pts/1 36.62.46.62 Tue Jun 16 14:48 - 17:02 (02:13)
root pts/0 36.62.46.62 Tue Jun 16 14:37 - 16:51 (02:13)
root pts/2 36.62.46.62 Tue Jun 16 13:23 - 15:51 (02:27)
root pts/2 36.62.46.62 Tue Jun 16 12:08 - 12:08 (00:00)
root pts/2 36.62.46.62 Tue Jun 16 11:59 - 12:08 (00:09)
root pts/3 36.62.46.62 Tue Jun 16 11:55 - 11:59 (00:03)
root pts/2 36.62.46.62 Tue Jun 16 11:52 - 11:55 (00:03)
root pts/1 36.62.46.62 Tue Jun 16 11:42 - 13:57 (02:15)
root pts/1 36.62.46.62 Tue Jun 16 11:38 - 11:39 (00:00)
root pts/0 36.62.46.62 Tue Jun 16 11:36 - 13:48 (02:12)
root pts/0 36.62.46.62 Tue Jun 16 11:31 - 11:36 (00:04)
root pts/0 36.62.46.62 Tue Jun 16 11:27 - 11:29 (00:01)
reboot system boot 3.10.0-693.2.2.e Tue Jun 16 18:51 - 16:22 (1+21:31)
/var/log/messages (IMPORTANT SYSTEM MESSAGES)
vim /var/log/messages
...
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost kernel: blk_update_request: I/O error, dev fd0, sector 0
Oct 15 23:25:16 localhost systemd: Got automount request for /proc/sys/fs/binfmt_misc, triggered by 442 (sysctl)
Oct 15 23:25:16 localhost systemd: Mounting Arbitrary Executable File Formats File System...
Oct 15 23:25:16 localhost systemd: Mounted Arbitrary Executable File Formats File System.
Oct 15 23:25:16 localhost kernel: nr_pdflush_threads exported in /proc is scheduled for removal
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpuset
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpu
Jun 16 18:51:33 localhost kernel: Initializing cgroup subsys cpuacct
Jun 16 18:51:33 localhost kernel: Linux version 3.10.0-693.2.2.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Sep 12 22:26:13 UTC 2017
Jun 16 18:51:33 localhost kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-3.10.0-693.2.2.el7.x86_64 root=UUID=eb448abb-3012-4d8d-bcde-94434d586a31 ro crashkernel=auto net.ifnames=0 console=tty0 console=ttyS0,115200n8
Jun 16 18:51:33 localhost kernel: e820: Bios-provided physical RAM map:
"/var/log/messages" 2516L, 181475C 1,1 Top
Jun 18 16:00:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:01:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:01:01 localhost systemd: Starting User Slice of root.
Jun 18 16:01:01 localhost systemd: Started Session 409 of user root.
Jun 18 16:01:01 localhost systemd: Starting Session 409 of user root.
Jun 18 16:01:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:01:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:10:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:10:01 localhost systemd: Starting User Slice of root.
Jun 18 16:10:01 localhost systemd: Started Session 410 of user root.
Jun 18 16:10:01 localhost systemd: Starting Session 410 of user root.
Jun 18 16:10:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:10:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:20:01 localhost systemd: Created slice User Slice of root.
Jun 18 16:20:01 localhost systemd: Starting User Slice of root.
Jun 18 16:20:01 localhost systemd: Started Session 411 of user root.
Jun 18 16:20:01 localhost systemd: Starting Session 411 of user root.
Jun 18 16:20:01 localhost systemd: Removed slice User Slice of root.
Jun 18 16:20:01 localhost systemd: Stopping User Slice of root.
Jun 18 16:20:05 localhost systemd: Created slice User Slice of root.
Jun 18 16:20:05 localhost systemd: Starting User Slice of root.
Jun 18 16:20:05 localhost systemd: Started Session 412 of user root.
Jun 18 16:20:05 localhost systemd-logind: New session 412 of user root.
Jun 18 16:20:05 localhost systemd: Starting Session 412 of user root.
/var/log/secure (About Verification Login)
vim var/log/secure
Jun 16 11:29:14 localhost sshd[1200]: Disconnected from 36.62.46.62 port 43904
Jun 16 11:29:14 localhost sshd[1200]: pam_unix(sshd:session): session closed for user root
Jun 16 11:31:51 localhost sshd[10429]: Accepted publickey for root from 36.62.46.62 port 44410 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:31:51 localhost sshd[10429]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:36:03 localhost sshd[10429]: Received disconnect from 36.62.46.62 port 44410:11: disconnected by user
Jun 16 11:36:03 localhost sshd[10429]: Disconnected from 36.62.46.62 port 44410
Jun 16 11:36:03 localhost sshd[10429]: pam_unix(sshd:session): session closed for user root
Jun 16 11:36:04 localhost sshd[10450]: Accepted publickey for root from 36.62.46.62 port 44838 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:36:04 localhost sshd[10450]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:38:59 localhost sshd[10468]: Accepted publickey for root from 36.62.46.62 port 45240 ssh2: RSA SHA256:lhABSUnNmpjw9lAobHY4pko7wyuVy/EtAF96PjEBGa0
Jun 16 11:38:59 localhost sshd[10468]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 16 11:39:17 localhost sshd[10468]: Received disconnect from 36.62.46.62 port 45240:11: disconnected by user
...
Rotate and Divide of log : "logrotate" Use the file : "/etc/logrotate.conf"
vim /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
// ...
/etc/logrotate.conf is the main configure file, and in the directory "/etc/logrotate.d", you have more for some softwares
You can edit both /etc/logrotate.conf or files in /etc/logrotate.d
┌─[root@nedrain]─[/etc/logrotate.d]
└──? $ls
bootlog chrony syslog wpa_supplicant yum
┌─[root@nedrain]─[/etc/logrotate.d]
└──? $vim yum
// the output of file "yum"
/var/log/yum.log {
missingok
notifempty
size 30k
yearly
create 0600 root root
}
define your own log
// at the file /etc/rsyslog.conf
vim /etc/rsyslog.conf
// all services‘ critical error will be logged in /var/log/alert.log
*.crit /var/log/alert.log
service rsyslog restart // don‘t forget restart rsyslog
以上是关于Linux Log的主要内容,如果未能解决你的问题,请参考以下文章