Take you in-depth understanding of Linux file system and log analysis

Others 2020-10-27 12:34:35 views: null

Article Directory

1. Overview of inode and block

1.1 inode

1.1.1 Understanding of inode

  • Each inode has a number, and the operating system uses the inode number to identify different files
  • File name is not applicable in linux system, but the inode number is used to identify the file
  • For users, the file name is just another name for the inode number for easy identification

1.1.2 The role of inode

  • Meta-information used to store data, as meta-information refers to some attributes and characteristics of the data.
  • This area for storing file meta-information is called inode (index node), also called i-node. Therefore, a file must occupy one inode, but at least one block.
  • The inode does not contain the file name, the file name is stored in the directory
  • View the inode number of the file: ls -i [file name] or stat [file name]

1.1.3 Inode contains the meta information of the file

  • File size
  • UID of the owner of the file
  • GID of the file
  • File read, write and execute permissions
  • File timestamp

1.1.4 Inode number

When a user opens a file by file name, the process in the system is:

  1. The system finds the inode number corresponding to this file name
  2. Get inode information by inode number
  3. According to the inode information, find the block where the file data is located and read the data

1.1.5 Inode size

Inodes also consume hard disk space
. The size of each inode is generally 128 bytes or 256 bytes
. Determine the total number of inodes when formatting the file system.
Use the df -i command to view the total number of inodes and the number of inodes used in each hard disk partition.

1.1.6 Special role of inode

Due to the separation of the inode number and the file, some Unix/Linux systems have the following phenomena:

  • When the file contains special characters, the file may not be deleted normally, you can delete the file directly by deleting the inode number
  • When moving or renaming a file, only the file name is changed without affecting the inode number
  • After opening a file, the system uses the inode number to identify the file, regardless of the file name

1.1.7 Experiment of exhaustion of inode nodes

First, the experiment needs to choose a disk partition with less space

df -i 挂载点      ## 查看挂载点的inode使用情况
vi kill.sh         ## 进入文件编辑
#! /bin/bash
	i=1
	while [ $i -le 120 ]    ## 120为inode剩余可用节点
	do   
	touch /sdb1/file$i       ## 创建feil文件
	let i++
	done
./kill.sh
df -i       
rm -rf file*          ## 删除刚才无用的节点,恢复磁盘空间

1.2 Three main time attributes of Linux system files

  • ctime (change time) last time the file or directory (attribute) was changed
  • atime (access time) last time the file or directory was accessed
  • mtime (modify time) last time the file or directory (content) was modified

1.3 block

  • Files are stored on the hard disk, the smallest storage unit of the hard disk is "sector", each sector stores 512 bytes
  • Block (block): 8 consecutive sectors form a block, that is, the size is 4KB, which is the smallest unit for storing files

2. Recover accidentally deleted files

2.1 Recover XFS type files

This experiment requires CentOS7 operating environment. That is, the file recovery operation performed after the files a, b, c, and d in the disk /dev/sdb1 mounted in the /data directory were deleted by mistake.

xfsdump -f /opt/dump-sdb1 /dev/sdb1  ## 使用xfsdump备份需要备份的文件
xfsdump -I     ## 查看操作
rm -rf /data/*      ## 实验进行误删除操作
xfsrestore -f /opt/dump_sdb1 /data       ## 文件恢复

2.1.1 XFSdump usage restrictions

  • Only the mounted file system can be backed up
  • Must use root authority to operate
  • Only XFS file system can be backed up
  • The data after backup can only be parsed by xfsrestore
  • Cannot backup two systems with the same UUID

2.2 Recover EXT type files

This experiment requires CentOS6 operating environment.

yum -y install e2fsprogs-devel e2fspprogs-libs gcc gcc-c++ make  ## 安装操作环境
tar -jxvf extundelete-0.2.4.tar.bz2    ## 解压缩
cd extundelete-0.2.4
./configure --prefix= /usr/local/extundelete && make && make install
extundelete /dev/sdb1      ## 对文件备份
extundelete /dev/sdb1 --inode 2     ## 查看文件备份的结果
rm -rf a b      ## 误删除操作
umount /data         ## 卸载挂载点,防止其他用户修改文件,对文件造成无法恢复的操作
extundelete /dev/sdb1 --restore-all      ## 恢复文件
mount /dev/sdb1 /data     ## 重新挂载
cd RECOVERED_FILES/     ## 文件中 有恢复的文件
mv a b /data     ## 移动到原文件中

Three, log files

3.1 Log function

  • Used to record various events that occur during the operation of the system and programs
  • By reading the log, it is helpful to diagnose and solve system failures

3.2 Classification of log files

  • Kernel and system logs are
    managed uniformly by the system service rsyslog, and the log format is basically similar
  • User log
    Record system user login and logout related information
  • Program log
    A log file independently managed by various applications, the record format is not uniform

3.3 Introduction to main log files

Log type Storage address
Kernel and public message log ./var/log/messages
Scheduled task log ./var/log/cron
Scheduled task log ./var/log/dmesg
Mail system log ./var/log/maillog
User login log (recent login) ./var/log/lastlog
Login log (security) ./var/log/secure
Login log (login, logout, shutdown, etc. faults) ./var/log/wtmp
Login log (failed, wrong login attempt) ./var/log/btmp
Login log (issues related to each user currently logged in) ./var/log/utmp

3.4 Log message level

Log level display Explanation result
0 EMERG urgent Will cause the host system to be unavailable
1 ALERT caveat Problems that must be resolved immediately
2 CRIT serious More serious situation
3 ERR error Run error
4 WARNING remind Events that may affect system functions
5 NOTICE note Generally does not affect the system, but it is worth noting
6 INFO information General information
7 DEBUG debugging Program or system debugging information

3.5 Analysis tools

Analysis options

users、who、w、last、lastb

analyzing tool

Text viewing, grep filter retrieval, Webmin management suite viewing
awk, sed and other text filtering, formatting editing tools
Webalizer, Awstats and other special log analysis tools

Independent management by the corresponding application

service program
Web service /var/log/httpd access_log、error_log
Agency Service /var/log/squid access.log、cache.log
Ftp service / var / log / xferlog

Log management strategy

  • Timely backup and archive
  • Delayed log retention period
  • Control log access time The
    log may contain various sensitive information, such as account, password, etc.
  • Centralized management of logs
    Send server log files to a unified log file server to
    facilitate the unified collection, sorting and analysis of
    log information. Prevent accidental loss of log information, malicious tampering or deletion

Guess you like

Origin blog.csdn.net/weixin_50344820/article/details/109281710
Recommended
The “35-year-old curse” of Chinese coders
蘭雅 CorelDRAW 插件 2024.5.1 国际劳动节版,免费下载
Ranking
Methods and Practices of Manufacturing Data Quality Improvement
Serial port upgrade program for efficient transmission of large firmware
Use KITTI to run LIOSAM and complete the EVO evaluation
Calling methods on string literals (Java)
ActiveMQ and Spring integration (4)
You have to know the HTTPS! ! !
PAT whether Structures and Algorithms 7-4 with a binary search tree (40 rows streamlined structure)
el-upload brings request background
UVA - 1204 Fun Game-like pressure dp
2019-12-28
Daily
More
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)

Code World

© 2018 codetd.com