Routing / log management Author: Zhang Yanfeng, please indicate the source pseudonym: clouds dreams
51CTO course address: https://edu.51cto.com/lecturer/12750547.html
table of Contents:
One, static routing and dynamic routing
Two, Linux routing operation
Three, actual combat
1. Network port
2. Common service management operations
Four, log
1. The importance of logs
2. Common system logs
3. rsyslog log management
3.1, log type
3.2, log priority
3.3, custom log
4. Logrotate log rotation
4.1, log rotation
4.2. Log rotation example
4.3, the importance of restarting the service in log rotation
Five, actual combat
One, static routing and dynamic routing
When the router forwards data, it needs to find the corresponding route in the routing table. There are three ways
(1) Directly connected route: The router automatically adds a route directly connected to itself
(2) Static route: route manually added by the administrator
(3) Dynamic routing: routing established dynamically by routing protocol
Static routing
Disadvantages: The network topology cannot be dynamically reflected. When the network changes, the administrator must manually change the route.
Advantages: It does not take up too much CPU and RAM resources of the router, nor does it take up too much bandwidth.
If you want to hide certain parts of the network for security reasons or the administrator wants to control the data forwarding path, you can also use static routing. Small networks can also be configured with static routing because it is convenient.
Default route
(1) In fact, the default route is a special static route, which refers to the routing table can make a choice when there is no matching entry in the routing table with the destination address of the packet. If there is no default route, the packet whose destination address does not have a matching entry in the routing table will be discarded.
(2) Default route. If the destination address in the IP data packet cannot find other routes that exist, the router will choose the route by default.
The default route is 0.0.0.0
When matching an IP address, 0 means wildcard, any value is possible, all 0.0.0.0 matches with any destination address will succeed, resulting in the effect of the default routing requirement. It means that 0 can match any IP address.
Dynamic routing
Dynamic routing is a concept opposite to static routing. It means that routers can automatically establish their own routing tables based on specific routing information exchanged between routers, and can automatically adjust them in a timely manner according to changes in links and nodes. When nodes or links between nodes in the network fail, or there are other available routes, dynamic routing can select the best available route by itself and continue forwarding packets.
Two, Linux routing operation
ip method (rhel7)
View routing table
[root@localhost ~]# ip route
default via 192.168.43.1 dev ens33 proto static metric 100
192.168.43.0/24 dev ens33 proto kernel scope link src 192.168.43.101 metric 100
Delete the default gateway
[root@localhost ~]# ip route delete default
Delete static route
[root@localhost ~]# ip r d 192.168.43.0/24
Add default gateway
[root@localhost ~]# ip r add default via 192.168.43.1 dev ens33
via: gateway's exit
Add static route
[root@localhost ~]# ip r add 192.168.42.0/24 via 192.168.43.1 dev ens33
Three, actual combat
1. Network port
In network technology, Port has several meanings. The ports of hubs, switches, and routers refer to interfaces that connect other network devices, such as RJ-45 ports, serial ports, and so on. The port deployment we are referring to here refers to the port in the physical sense, but specifically refers to the port in the TCP/IP protocol, which is the port in the logical sense.
If you compare the IP address to a house, the port is the door to and from the house. There are only a few doors in a real house, but 65536 (ie: 2^16) ports are available for an IP address! Ports are marked by port numbers, which are only integers, ranging from 0 to 65535 (2^16-1).
On the Internet, each host sends and receives data packets through the TCP/IP protocol. Each data packet is routed in the Internet according to the ip address of its destination host, and the data packet is smoothly transmitted to the destination host. Most operating systems support multiple programs (processes) running at the same time, so which one of the many concurrently running processes should the destination host transfer the received data packet to? Obviously, this problem needs to be solved, and the port mechanism is thus introduced.
The local operating system will assign protocol ports (protocol ports, which we often call ports) to processes that have requirements. Each protocol port is identified by a positive integer, such as 80, 139, 445, and so on. When the destination host receives the data packet, it will send the data to the corresponding port according to the destination port number in the header of the message, and the process corresponding to this port will receive the data and wait for the next set of data to arrive. Having said that, the concept of ports still seems to be abstract, so continue with me and don't go away.
The port is actually a team. The operating system assigns different pairs to each process. Data packets are pushed into the corresponding team according to the destination port, waiting to be taken by the process. Under very special circumstances, this team may also overflow. However, the operating system allows each process to specify and adjust the size of its own team.
Not only the process of receiving the data packet needs to open its own port, but the process of sending the data packet also needs to open the port. In this way, the active port will be identified in the data packet so that the receiver can smoothly return the data packet to this port.
2. Common service management operations
[root@localhost ~]# systemctl list-units //View system service status
[root@localhost ~]# systemctl list-unit-files //Check whether the service is enabled and self-starting
[root@localhost ~]# systemctl start httpd //Start the service
[root@localhost ~]# systemctl status httpd //View service status
[root@localhost ~]# systemctl status httpd -l //Check the service status and check the log
[root@localhost ~]# systemctl stop httpd //Close the service
[root@localhost ~]# systemctl restart httpd //Restart the service
[root@localhost ~]# systemctl reload httpd //Reload configuration file
[root@localhost ~]# systemctl enable httpd //Set the service to start automatically after booting
[root@localhost ~]# systemctl disable httpd //Set the service to shut down after booting
Four, log
1. The importance of logs
The Linux system log is the main way for administrators to understand the operation of the system, so a detailed understanding of the Linux log system is required.
The Linux system kernel and many programs will generate various error messages, warning messages and other prompt messages. These various messages should be recorded in the log file. The program that completes this process is rsyslog, which can be based on the type and priority of the log. Save the log to a different file.
2. Common system logs
/var/log/message: Record common system and service error messages of the Linux operating system.
/var/log/boot.log: Records the events that occur during the boot process of the system, which is the information displayed during the boot self-check process of the Linux system.
/var/log/lastlog: Record the last time the user successfully logged in, the login IP and other information (usually viewed through the command lastlog).
/var/log/secure: Linux system security log, recording the deterioration of users and workgroups, and user login authentication.
/var/log/btmp: Record the user, time, and remote IP address of the Linux login failure.
/var/log/wtmp: This log file permanently records the events of each user login, logout, system startup and shutdown, and can be viewed with the last command.
3. rsyslog log management
3.1, log type
auth pam: generated log
authpriv ssh, ftp: authentication information such as login information
cron: time task related
kern: kernel
lpr: print
mail: mail
mark(syslog)-rsuslog: service internal information, time stamp
news: news group
user: related information generated by the user program
3.2, log priority
The log level is divided into 7 log levels: code 0-7
0: For debug information, the log information is the most
1: Info log of general information, the most commonly used
2: Notice the most important general condition information
3: warning warning level
4: err error level, information that prevents a function or module from working properly
5: Crit severity level, information that prevents the entire system or the entire software from working
6: Alert the information that needs to be modified immediately
7: serious information such as emerg kernel crash
none record nothing
3.3, custom log
[root@localhost ~]# vi /etc/rsyslog.conf
Log object (device): what do you want to log
Log level: the lower the level, the more information
Log file: The file that stores the log
Log object. Log level log file
.Greater than or equal to the log level specified later
.=Equal to the log level specified later
.!non
Example:
*. * / var / log / mylog
kern.err /var/log/kernel.log
*.info;mail.none /var/log/big.log
mail.info /var/log/mail.log
cron.info;cron.!err /var/log/newcron
cron.info / var / log / newcron
Restart the log service:
[root@localhost ~]# systemctl restart rsyslog
4. Logrotate log rotation
4.1, log rotation
[root@localhost ~]# vi /etc/logrotate.conf
//Global configuration
weekly: rotation cycle, the default rotation is once a week
rotate 4: rotate at this time, rotate 4 times by default
create: Create a new file
deteext: Use the time of the polling moment as the end of the rotation file
//Partial configuration
include /etc/logrotate.d
missingok does not report an error when the file does not exist
create 0644 root utmp
Forced rotation:
[root@localhost ~]# logrotate -s /var/lib/logrotate/logrotate.status
-s specifies the final log rotation record file as /var/lib/logrotate/logrotate.status
Actual combat: rotation file /var/log/yum.log
[root@localhost etc]# ls /var/log/yum*
/var/log/yum.log
[root@localhost ~]# vi /etc/logrotate.conf
/var/log/yum.log {
missingok
#notifempty
#maxsize 30k
#yearly
daily
rotate 3
create 0777 root root
}
[root@localhost ~]# date
Thu Nov 12 20:21:34 EST 2020
[root@localhost ~]# date 11132024
Wed Mar 13 20:24:00 EST 2020
[root@localhost ~]# logrotate /etc/logrotate.conf
[root@localhost ~]# ls /var/log/yum*
/var/log/yum.log /var/log/yum.log-20201112
/var/log/yum.log-20201111 /var/log/yum.log-20201113
4.2. Log rotation example
1: Log security: hidden permissions for operation logs
/etc/logrotate.d/messages
It is recommended to delete the messages in /etc/logrotate.d/syslog before testing
[root@localhost ~]# vi /etc/logrotate.d/syslog
/ var / log / messages
{
prerotate
chattr -a /var/log/messages
endscript
#notifempty
daily
create 0600 root root
missingok
rotate 5
postrotate
chattr +a /var/log/messages
endscript
}
[root@localhost ~]# date
Thu Nov 12 20:21:34 EST 2020
[root@localhost ~]# date 11132024
Wed Mar 13 20:24:00 EST 2020
[root@localhost ~]# logrotate /etc/logrotate.conf
2: Configure log rotation for multiple log files
[root@localhost ~]# vi /etc/logrotate.d/syslog
/ var / log / cron
/ var / log / maillog
/ var / log / secure
/ var / log / spooler
{
missingok
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || t
rue
endscript
}
[root@localhost ~]# date
Thu Nov 12 20:21:34 EST 2020
[root@localhost ~]# date 11132024
Wed Mar 13 20:24:00 EST 2020
[root@localhost ~]# logrotate /etc/logrotate.conf
4.3, the importance of restarting the service in log rotation
The script for restarting the service in the log rotation configuration file is to write the new log content into the new log file, because the old log file is rotated only by changing its name, and INODE has not changed, but the log program is based on the log file. The inode number identifies the file, so you need to restart the log to change the log file to a new file.
Five, actual combat
1. Use rsyslog to customize the log
2. Use Logrotate to rotate logs