Use log
Level: primary
Chris Walden (cmwalden-at-us.ibm.com) e-commerce architect, IBM Developer Relations 2004 January
IBM E-commerce architect Chris Walden will guide you how to use your Windows operation skills in the Linux environment through the nine series of articles published on DeveloperWorks. In this section, we track, handle, and round logs to enhance system security and collect information.
One of the key to successfully manageing any system is to know what happens in the system. Exception logs are provided in Linux, and the details of the log are configurable.
The Linux log is stored in a clear text, so you don't need a special tool to search and read them. You can also write scripts to scan these logs and automatically perform certain features based on their content.
Linux logs are stored in the / var / log directory. There are several log files maintained by the system, but other services and programs may also put their logs here. Most logs only root can read, but only the access rights to modify the file can be read.
The / var / log / messagesmessages log is a core system log file. It contains boot messages at the time of system startup, and other status messages at the system run. IO errors, network errors, and other system errors are recorded in this file. Other information, such as someone's identity is switched to root, and is listed here. If the service is running, such as a DHCP server, you can observe its activities in the Messages file. Usually, / var / log / messages is the file you want to view when you are doing troubleshooting.
/var/log/xfree86.0.log This log is a result of the last execution of the XFree86 XWINDOWS server. If you encounter problems when starting to graphics mode, the general situation will find failed from this file.
Other logs There are other log files in / var / log directory based on your Linux distribution and different services you run. For example, there may be logs related to mail servers, resource sharing, automatic tasks, and more.
Ready to start the rotation wheel. You will see that there are some files at the end of the / var / log directory, which is the rounded archive. The log file will become very large, especially cumbersome. Linux provides a command to round these logs so that your current log information will not be submerged in the old unrelated information. Logrotate is usually run automatically, but it can also be manually run. When executed, logrotate will get the current version of the log file and then add one ".1" in this file name. Other earlier banks are ".2", ". 3", and push it according to next time. The bigger the number after the file name, the more the log is.
You can configure the automatic behavior of logrotate by editing the /etc/logrotate.conf file. Learn all the details of Logrotate through Man Logrotate.
Log Tools Any text tool can be used to process log files. Here are some particularly useful tools.
Dmesg Use the DMESG command to quickly view the boot log for the last system boot. Usually there will be a lot of content, so you tend to transfer them to a reader through pipes.
Dmesg | More
The above command will display boot information in a paging manner.
TAIL Sometimes, when some behavior occurs, you will want to pay close attention to a log file. The TAIL command is designed to display the last few lines of the text file. Using the -f switch, TAIL will continue to display new outputs when logs add new content.
Tail -f / var / log / messages
The above command will display the last 10 lines of the / var / log / messages file, then continue to monitor the file and output a new behavior. To stop the TAIL -F command, use Ctrl C to abort the process. Moremore's work mode is the same as DOS versions. You can view it to a file or via pipe output information to view information in a paging manner. For example, display the contents of the XFree86 launching the log file in paging mode:
More /var/log/xfree86.0.log
Use "Q" or [Ctrl] -c to stop the viewing file.
Lessless is another text reader, but it also allows you to scroll browse and retrieve information in the file.
Less / var / log / messages
The above command will display the contents of the / var / log / messages file. Use "Q" to stop the viewing file. Use "H" to get the use of LESS.
Logger You may want to record your messages to the log file. You can just attach the log message to the appropriate text file, but you must have a log information format. Similarly, if the log system is customized, you will have to modify your code. The llogger command allows you to send your messages to the log tool. Use it in the script to provide messages about execution and errors.
Customized logs have two services, or referred to as a background program, in the control log, is Klogd and syslogd, respectively. Klogd only processes kernel messages, Syslogd processes other system messages, such as applications. You can configure their behavior by editing /et/syslog.conf and / etc / sysconfig / syslog. The fully customized log exceeds the scope of this article, but detailed information can be found in the last reference list of this article. You can also view the Manet of /etc/syslogd.conf to learn further.
Essentially, each message produced by the software provides some information to determine where the message is from and what this message is. The /etc/syslog.conf file allows you to specify how to handle the type of message. You can dump it to a message file or dump it to a custom file. You can send it to a remote host, processed by the remote host according to its own syslogd configuration. The remote log is a very good security feature. By placing your log into a remote system, you can prevent some people from covering their traces by changing the log files.
Here is an example of a custom log in the man /etc/syslog.conf page:
Customized log
# Kernel Messages Are First, Stored in The Kernel
# File, Critical Messages and Higher ONES Also Go
# to another host and to the console
#
Kern. * / var / adm / kernel
Kern.crit @finlandia
Kern.crit / dev / console
Kern.info; kern.! Err / VAR / ADM / KERNEL-INFO
The first rule directed all kernel messages to / var / adm / kernel file.
The second statement directed all priorities to CRIT or higher kernel messages to a remote host called Finlandia. This is useful because if the host crash and disk error cannot be recovered, you will not be able to read the stored message. If those messages also exist on the remote host, you can still find the cause of the crash.
The third rule directed these messages to the actual console, so that people working on this machine can also see them.
The fourth line tells syslogd to save all priorities to the kernel messages of INFO to Warning to / var / adm / kernel-Info file. All priority is ERR and higher messages are not included. Ability to this custom log provides great flexibility and controlability for the Linux environment.
The log configures webmin has a module for operating the log file.
Figure 1. Webmin system log view
The log files are displayed. Click on a log file to edit its configuration.
Figure 2. Webmin log editing screen
Or you can click on View to view the contents of the log file.
Viewing the log file in the console Since the log file in Linux is recorded in a clear text, there is no need for a special tool to explain them. No text file reader can display Linux log files. Browser, such as Mozilla, you can display log files and provide search capabilities. Linux also has a console tool to view text files. MORE, like the MS DOS version is displayed in paging mode. The LESS command will display files in read-only readers, which has two-way scrolling and search features. Now, enter LESS / VAR / LOG / Messages in the command line, and experience this command.
The Webmin module is associated with the /etc/slog.conf file, so you will affect the other.
The log file in your life is critical to the system's troubleshooting and maintenance. The Linux log is recorded to a text file, so it does not require a special tool to view these files. Text files are also easy to customize scripts and programs.
The log is round to avoid too much, and the current information can be separated from the old data. The log rings are configurable.
The log is a highly configurable, in order to secure and back up, the log can even store it in a separate system. You can make your script and program generate system log messages, which will be identified by the syslogd background process.
Reference
Read the other parts of Windows to Linux Tour Series (DeveloperWorks, November 2003). There is an excellent description of how to configure logs in the MAN page of syslog.conf. To access it, enter the command info syslog.conf. Syslogd's MAN page is well summarized in describing the working principle of syslogd, including security issues. Please enter the command info syslogd. IBM DeveloperWorks LPI Certification 101 Exam PREP, PART 2: Basic Administration introduces the shell pipe, redirect, and this text processing command. The system log is also introduced in the IBM DeveloperWorks tutorial "LPI Certification 101 Exam PREP, PART 4: Advanced Administration". IBM DeveloperWorks Articles "Addressing Security Issues in Linux" will help you get a preliminary understanding of Linux security. In the IBM DeveloperWorks article, you will find more information about the .config file in the IBM DeveloperWorks article. "Linux User Technology FAQ" (DEVELOPERWORKS, July 2001) can also help you transition from Windows to Linux smoothly. To start using IBM software products on Linux, develop refueling for your Linux application will provide you with the best reference. You can find installation prompts and reference information about DB2, Lotus Domino, WebSphere Application Server, WebSphere Studio, etc. You can also log in to get the free Linux Software Evaluation Kit, with trial software and training materials. More reference materials for Linux developers can be found in the developerWorks Linux zone. About the author Chris Walden is an e-commerce architect in IBM Developer Relations Technical Consulting (also known as Dragonslayers) in Austin, Texas, which provides education, implementation and consulting for IBM business partners. He is committed to Linux related work, and an opportunity to promote the benefits of Linux from people around you. In addition to completing his architect's responsibilities, he is also proficient in various fields of Linux infrastructure servers, including files, prints, and other application services in a hybrid platform user environment. Chris has 10 years of experience in computer industry, supporting Web application development and consultants from site, and he has been involved in various fields. You can contact CHRIS with CMWALDEN-AT-us.ibm.com.