Linux log management (log configuration, log rotation)

Others 2020-09-14 12:53:22 views: null

Linux log management

  For operation and maintenance personnel, no matter what system is managed, the monitoring, calling, and management of log files are an important part of it. The resolution of server problems starts from viewing the system (error) log. In this article, we will take a look at log management in Linux systems.

Log management

Introduction to log management

 Introduction to logs

  The system log is a file that records various information such as system hardware checks, kernel actions, software startups, and user actions. Through the system log, you can judge the system health status, detect system problems, find evidence of attacks, etc.

 Log Service in Linux System

  Older system logs are mainly syslogcompleted by services, and newer systems are replaced by more powerful rsyslogservices syslog, but the operation methods of the two are basically the same.

Check whether the log service is turned on, use the systemctlcommand to check and start the service

#查看服务是否启动
systemctl list-units | grep rsyslog
#若没有启动,则启动服务
systemctl start rsyslog.service

 Common logs and their functions

The system log of Linux is mainly stored in the /var/logdirectory. The main files and their functions are listed in the following table.

Log file name effect
cron System timing tasks related logs
cups Print information log
dmesg Record system boot kernel self- dmesgcheck information, use command to view
btmp Log for logging in error messages (binary files cannot be viewed with vim, use lastbcommands)
wtmp Record the log of login, logout and shutdown information (also cannot be viewed with vim, use lastcommands)
lastlog Record the last login time of each user, use the lastlogcommand to view
Maillog Record mail information
massages Record most of the important information of the system, if there is a problem, check this file (record level info, mentioned below)
secure Record verification and authorization related information, mainly related to user accounts and authorization

In addition, some system-installed application services will record logs in this directory by default, but instead of using rsyslogservice management, applications have their own log management services. The application service log installed through the source package is recorded in its installation directory

 Log file format

The basic log format mainly contains four kinds of content

  1. Time of event
  2. Host name where the event occurred
  3. The service or program (or kernel) where the event occurred, including the process PID
  4. Event content

Log management service rsyslog configuration

 Configuration format of the log management service

rsyslogThe configuration file of the service is/etc/rsyslog.conf

Configuration file format: service name [connection symbol] log level log record location

among them:

  • The service name is the name of the service installed in the system. If multiple service names use the same level, they can be separated by commas

  • Between two rules (mainly used for exclusion), use a semicolon to separate, see the sample for details

  • The connection symbol is given below, and the log level is also given below

  • Logging location is not just the absolute path of the file, there are the following ways

    Logging location Sample description
    Absolute file path / var / log / messages
    System device file /dev/lp0 (Use printer output)
    Forward to remote host @192.168.0.2:123
    username root or * (means all users)
    Ignore log (do not record) ~

 Main service name for log service management

service name Description
auth User account security and authentication information (different from authpriv)
authpriv User account security and authentication information (private)
cron System timing task
daemon Various daemons
ftp ftp daemon related logs
kern The kernel generates logs
lpr Print log
mail Mail sending and receiving log
news News server related logs
syslog Logs generated by the rsyslog service
user User category log

 Log service configuration file connector

Joiner Description
* Represents all user levels
. Logs with a higher level (including) than the log level given later will be recorded
.= Grade equal to the one given later
.! The grade is not equal to the one given later

 Log level

Log levels increase from top to bottom

Log level Description
debug General debugging information
info Basic notification information
notice General attention information
warning General warning message, currently has no effect on system operation, but problems may occur in the future
err Error message, which may affect some system functions
crit critical fatal error, more serious than the error message
alert Warning status information, if not processed, it may cause system damage
emerg System unavailable

In addition, .none means that no log is recorded, and is generally used in exclusionary situations

 Log service configuration example

auth,authpriv.*                 /var/log/auth.log #逗号分隔表示两个服务同样等级,都为所有
*.*;auth,authpriv.none          -/var/log/syslog #所有服务的所有信息,但排除了上面两个服务

Log rotation

  If all the records from the beginning are recorded in one file, it will inevitably cause slower reading and writing, increase in occupancy, and even increase the risk of losing all logs due to damage to a single file. In order to solve this problem, the Linux system adopts the log rotation method, cutting and packaging the records of a period of time ago into another archive file, and the main log file starts recording from a new start.

 Log file naming (rotation) rules

  • If there is a "dateext" parameter in the configuration file, the log will use the date as the file suffix, the log file name will not overlap, and the old file will not be renamed
  • Without this parameter, the log file will be renamed. When a new file is enabled, for example messages, the old file will be changed messages.1, the original messages.1file will be changed messages.2, and so on, the premature file may be compressed, and the old file that exceeds the maximum serial number will be deleted.

The configuration file of log rotation is /etc/logrotate.conf, and the specific information can also be saved in the /etc/logrotate.ddirectory, in which log rotation information can be set, man logrotatesee the help for specific parameters

parameter Description
daily Rotate by day
weekly Rotate by day
monthly Rotate by month
rotate n n is a number, the number of log files to be retained, 0 means no backup
compress Compress old logs
create [mode] [owner] [group] Create a new log permission mode, owner and group, such as create 0640 root adm

The settings for specific files should be included in a special syntax, for example,

# no packages own wtmp -- we'll rotate it here
/var/log/wtmp {
    
    
    missingok
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

Use braces to enclose the settings after the specific file name. The following settings only take effect for one file.

Guess you like

Origin blog.csdn.net/Zheng__Huang/article/details/108286741
log
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com