1. The journal command #View the
log (the log in the memory, there will be no after restart)
journalctl -n number#The latest few
entries of the journal journalctl --since “2021-1-20 10:00:00”# Display the journals after ten o’clock in the morning
journalctl --until “2021-1-20 10:01:00”
#Display the log before 10:01 in the morning journalctl -F PRIORITY #View the controllable log level
journalctl -u sshd #Specify the viewing service
journalctl --disk-usage #View log size
journalctl --vacuum-size=1G #Set the log storage size
journalctl --vacuum-time=1w/d/h #The longest log storage time in the system
journalctl -f #Monitor log (real-time monitoring)
journalctl _PID=2186 #Monitor files with pid 2186
journalctl -o #Set the log display mode: short is the classic mode; verbose is the display of all the bytes of the log; export is the binary format for outgoing and backup; json:js format display output
journalctl -p #Display the log of the specified level
journalctl -p 0 #emerge the serious problem log of the system
journalctl -p 1 #alert the information to be changed immediately in the system
journalctl -p 2 #crit severity level will cause the system software to not work properly
journalctl- p 3 #err program error
journalctl -p 4 #warning program warning
journalctl -p 5 #notice general log of important information
journalctl -p 6 #info general information
journalctl -p 7 #debug program error message
2. Use journald service to save logs permanently
. The default log in the system is /var/log/journal, and the default log will be deleted after the system restarts.
If you want to save the log permanently:
mkdir /var/log/journal
ls -ld /var/log /journal
chgrp systemd-journal /var/log/journal/
ls -ld /var/log/journal
chmod 2775 /var/log/journal/
cd /var/log/journal/
At this point you will find a file under the newly created directory, then restart the systemctl restart systemd-journald.service this service (when this service restarts, the log storage path will be assigned to the newly created directory /var/log/journal
Test: After completion, we can restart the system (you can check the time before restarting the system). After restarting,
we can use journalctl to see that the record started before the restart, which indicates that the permanent storage log has been successfully modified.
3. rsyslog #Collect
logs, log collection tool
Service name: rsylog.service
Log storage:
/var/log/messages #System service log, general information, service error
/var/log/secure #System authentication information log
/var/log/maillog #System mail log information
/var/log/cron #System timing Task information/
var/log/boot.log #System startup log information
Configuration file: /etc/rsyslog.conf
Log type:
auth
#User authentication authpriv #Service authentication
cron
#Time task kern #Kernel type
mail #Mailnews #System
update information
user #User
Log level:
debug #program troubleshooting information
info #program regular operation information
notice
#common log of important information waring #program warning
err #program error
crit #severity level will cause the system software to not work properly
alert #information that needs to be changed immediately in the system
emerg #Serious problem log of the system
none #Do not collect
Test 1: All log types and log levels are placed in the /var/log/westos file
When logging in to this host remotely, /var/log/westo will display service authentication information and user authentication information
Test 2: Change the log collection format
Custom log collection format: Time host name source content
WESTOS_FORMAT #format name
%FROMHOST-IP% #Log source host IP
%timegenerated% #Log generation time
%syslogtag% #Log generation service
%msg% #Log content
\n #New line
can Observe changes in the acquisition format
If you want the collection format of all files to follow the format defined by you, you can set the default log
module(load="builtin:omfile"
Template="format name") #The default format is adopted.
At this time, it is found that the format of other files has also become The format you defined
Test 3: Remote synchronization of logs
Log sender:
vim /etc/rsyslog.conf
@ means use udp to transmit logs
@@ means use tcp to transmit logs
@172.25.25.xxx #Send the local log to the log receiving end by udp transmission
systemctl restart rsyslog.service #Reload it
Log receiving end:
Open the log receiving plug-in, and specify the plug-in to use the port
systemctl restart rsyslog.service #Reload it
systemctl disable --now firewalld #Turn off the firewall
Test:
First delete the previous logs on both sides, and then do a series of operations in the log sending end, and the generated logs will be synchronously sent to the log receiving end
4. timedatectl
#CST China Time
#UTC London Time
#RTC Hardware Time
# Time zone time zone (London time + time zone = China time)
timedatectl set-time "2020-xx-xx xx:xx:xx" #Set system time
timedatectl list-timezones #Display all time zones of the system
timedatectl set-timezone “Asia/Shanghai” #Set the system time zone
timedatectl set-local-rtc 0 #Set the system time calculation method, 0 means use utc time calculation method
timedatectl set-local-rtc 1 #1 means do not use utc calculation method
5. Time synchronization service
Service name: chronyd.service
Configuration file: /etc/chrony.conf
Server: (Allow time to be synchronized, turn on time synchronization service and set the level to 10)
vim /etc/chrony.conf
allows all ip Synchronization time, the level is 10
systemctl enable --now chronyd #Make the setting effective
systemctl status chronyd.service #Confirm that the service is turned on
systemctl stop firewalld #Turn off the firewall
watch -n1 timedatectl #Monitor
client: (synchronize server time)
vim /etc/chrony.conf
systemctl restart chronyd.service#Make the setting effective
clock -w #System time is synchronized to hardware
clock -s #Hardware time is not the same as the system
chronyc sources -v #monitoring method