Windows to Linux Tour: Linux log
Use log
Level: primary
Chris Walden (cmwalden-at-us.ibm.com) e-commerce architect, IBM Developer Relations 2004 January
IBM e-commerce architect Chris Walden will pass him
The nine series of articles published on DeveloperWorks guides you how to use your Windows operation skills in your Linux environment. In this section, we track, handle, and round logs to enhance system security and collect information.
One of the key to successfully manageing any system is to know what happens in the system. Exception logs are provided in Linux, and the details of the log are configurable.
The Linux log is stored in a clear text, so you don't need a special tool to search and read them. You can also write scripts to scan these logs and automatically perform certain features based on their content.
Linux logs are stored in the / var / log directory. There are several log files maintained by the system, but other services and programs may also put their logs here. Most logs only root can read, but only the access rights to modify the file can be read.
The / var / log / messagesmessages log is a core system log file. It contains boot messages at the time of system startup, and other status messages at the system run. IO errors, network errors, and other system errors are recorded in this file. Other information, such as someone's identity is switched to root, and is listed here. If the service is running, such as a DHCP server, you can observe its activities in the Messages file. Usually, / var / log / messages is the file you want to view when you are doing troubleshooting.
/var/log/xfree86.0.log This log is a result of the last execution of the XFree86 XWINDOWS server. If you encounter problems when starting to graphics mode, the general situation will find failed from this file.
Other logs There are other log files in / var / log directory based on your Linux distribution and different services you run. For example, there may be logs related to mail servers, resource sharing, automatic tasks, and more.
Ready to start the rotation wheel. You will see that there are some files at the end of the / var / log directory, which is the rounded archive. The log file will become very large, especially cumbersome. Linux provides a command to round these logs so that your current log information will not be submerged in the old unrelated information. Logrotate is usually run automatically, but it can also be manually run. When executed, logrotate will get the current version of the log file and then add one ".1" in this file name. Other earlier banks are ".2", ". 3", and push it according to next time. The bigger the number after the file name, the more the log is.
You can configure the automatic behavior of logrotate by editing the /etc/logrotate.conf file. Learn all the details of Logrotate through Man Logrotate.
Log Tools Any text tool can be used to process log files. Here are some particularly useful tools.
Dmesg Use the DMESG command to quickly view the boot log for the last system boot. Usually there will be a lot of content, so you tend to transfer them to a reader through pipes.
Dmesg | More
The above command will display boot information in a paging manner.
TAIL Sometimes, when some behavior occurs, you will want to pay close attention to a log file. The TAIL command is designed to display the last few lines of the text file. Using the -f switch, TAIL will continue to display new outputs when logs add new content.
Tail -f / var / log / messages
The above command will display the last 10 lines of the / var / log / messages file, then continue to monitor the file and output a new behavior. To stop the TAIL -F command, use Ctrl C to abort the process. Moremore's work mode is the same as DOS versions. You can view it to a file or via pipe output information to view information in a paging manner. For example, display the contents of the XFree86 launching the log file in paging mode:
More /var/log/xfree86.0.log
Use "Q" or [Ctrl] -c to stop the viewing file.
Lessless is another text reader, but it also allows you to scroll browse and retrieve information in the file.
Less / var / log / messages
The above command will display the contents of the / var / log / messages file. Use "Q" to stop the viewing file. Use "H" to get the use of LESS.
Logger You may want to record your messages to the log file. You can just attach the log message to the appropriate text file, but you must have a log information format. Similarly, if the log system is customized, you will have to modify your code. The llogger command allows you to send your messages to the log tool. Use it in the script to provide messages about execution and errors.
Customized logs have two services, or referred to as a background program, in the control log, is Klogd and syslogd, respectively. Klogd only processes kernel messages, Syslogd processes other system messages, such as applications. You can configure their behavior by editing /et/syslog.conf and / etc / sysconfig / syslog. The fully customized log exceeds the scope of this article, but detailed information can be found in the last reference list of this article. You can also view the Manet of /etc/syslogd.conf to learn further.
Essentially, each message produced by the software provides some information to determine where the message is from and what this message is. The /etc/syslog.conf file allows you to specify how to handle the type of message. You can dump it to a message file or dump it to a custom file. You can send it to a remote host, processed by the remote host according to its own syslogd configuration. The remote log is a very good security feature. By placing your log into a remote system, you can prevent some people from covering their traces by changing the log files.
Here is an example of a custom log in the man /etc/syslog.conf page:
Customized log
# Kernel Messages Are First, Stored In The Kernel # file, critical messages and higher ones also go # to another host and to the console # kern. * / Var / adm / kernel kern.crit @finlandia kern.crit / dev / console Kern.info; kern.! Err / VAR / ADM / KERNEL-INFO
The first rule directed all kernel messages to / var / adm / kernel file.
The second statement directed all priorities to CRIT or higher kernel messages to a remote host called Finlandia. This is useful because if the host crash and disk error cannot be recovered, you will not be able to read the stored message. If those messages also exist on the remote host, you can still find the cause of the crash.
The third rule directed these messages to the actual console, so that people working on this machine can also see them.
The fourth line tells syslogd to save all priorities to the kernel messages of INFO to Warning to / var / adm / kernel-Info file. All priority is ERR and higher messages are not included.
Ability to this custom log provides great flexibility and controlability for the Linux environment. The log configures webmin has a module for operating the log file.
Figure 1. Webmin system log view
The log files are displayed. Click on a log file to edit its configuration.
Figure 2. Webmin log editing screen
Or you can click on View to view the contents of the log file.
Webmin module is associated with the /etc/syslog.conf file, so you have one of these
The modification of doing will affect the other.
Viewing the log file in the console Since the log file in Linux is recorded in a clear text, there is no need for a special tool to explain them. No text file reader can display Linux log files. Browser, such as Mozilla, you can display log files and provide search capabilities. Linux also has a console tool to view text files. MORE, like the MS DOS version is displayed in paging mode. The LESS command will display files in read-only readers, which has two-way scrolling and search features. Now, enter LESS / VAR / LOG / Messages in the command line, and experience this command.
The log file in your life is critical to the system's troubleshooting and maintenance. The Linux log is recorded to a text file, so it does not require a special tool to view these files. Text files are also easy to customize scripts and programs.
The log is round to avoid too much, and the current information can be separated from the old data. The log rings are configurable.
The log is a highly configurable, in order to secure and back up, the log can even store it in a separate system. You can make your script and program generate system log messages, which will be identified by the syslogd background process.
Source: http://www-900.ibm.com/developerWorks/cn/linux/l-roadmap/part5/index.shtml
HREF = "/ lwqj / services / pingback.aspx" Rel = "pingback">
HREF = "/ lwqj / services / pingback.aspx" Rel = "pingback">