Linux System Log Introduction (Syslogd)

zhaozj2021-02-16  90

1 Introduction:

Most of the Linux systems use Syslog tools, it is quite flexible to make the system different activities according to different log input items. The SYSLOG tool consists of a daemon. It accepts log information of the access system and processes this information according to instructions in the /etc/syslog.conf configuration file. Programs, daemons and kernels provide log information for accessing the system. Therefore, any programs that wish to generate log information can generate this information to the SYSLOG interface. Typically, syslog accepts information from the various functions of the system, each information including important levels. The /etc/syslog.conf file notifies Syslogd how to report information based on the importance of equipment and information.

2, / etc / syslog.conf

The /etc/syslog.conf file uses the following form:

Facility.Level Action

Facility specifies the syslog function, mainly including these:

Auth is reported by the PAM_PWDB.

Authpriv includes certification activities such as user names

CRON is related to CRON and AT.

DAEMON related to the inetd daemon.

KERN kernel information first passed through Klogd.

LPR related to the print service.

Mail related information related to email

Mark Syslog internal features for generating timestamps

News from news server information

Syslog is generated by syslog

User generated by the user program

UUCP information generated by UUCP

Local0 ---- Local7 uses custom programs, for example using local5 as SSH features

* Wildcard represents all functions other than MARK

The SYSLOG level is as follows:

Emerg or Panic is not available

Alert needs to be modified immediately

CRIT Blocks Error Conditions for Some Tools or Subsystem Functions

ERR blocking tool or some sub-system partial function implementation error condition

WARNING warning information

NOTICE is an important condition

INFO information message

Debug does not contain other information for function conditions or issues

None has no important level, usually used in troubleshooting

* All levels, in addition to NONE

The priority corresponding to each function is arranged in a certain order, and EMERG is the highest level, followed by Alert, and push it according to the time.

The activities represented by the Action field have many flexibility, in particular, the role of the name pipe can be used to generate the SyslogD to process information.

Syslog mainly supports the following activities

File specifies the absolute path of the file

TERMINAL or PRINT complete serial or parallel equipment flag

@Host Remote Log Server

UserName Send Information to the specified user using Write

Named Pipe Specifies the absolute path to the FIFO file that uses the mkfifo command to create.

3, syslogd daemon

The syslog daemon is called by the /etc/rc.d/init.d/syslog script, and the default is not used by default. But there are two options -R and -H useful.

If you want to use a log server, you must call syslogd -r. By default, Syslog does not accept information from the remote system. When the -r option is specified, syslogd will listen to the UDP package from the 514 port.

转载请注明原文地址:https://www.9cbs.com/read-11978.html

New Post(0)