Advanced log management under linux

View log

1. Usage of journalctl command

journalctl
-n 3 ##The last 3 entries of the journal

–Since "2020-01-01 11:11:01" ##Display log 11:11:0 Log after time
–until "2020-01-01 11:00:00" ##Display log until 11:00

-o ##Set log display mode
# short classic mode display log
# verbose displays all the bytes of the log
# export Binary format suitable for outgoing and backup
# json js format display output

-p ## Display the log of the specified level
#0 emerg system's serious problem log (kernel)
#1 alert the information to be changed immediately in the system
#2 crit severity level will cause the system software to not work properly
#3 err program error
#4 warning Program warning
#5 notice Common log of important information
#6 info Common message
#7 debug Program shooting error message

-F PRIORITY      #查看可控日志级别
-u   sshd        #指定查看服务
--disk-usage     ##查看日志大小
 --vacuum-size=1G ##设定日志存放大小
--vacuum-time=1W ##日志在系统中最长存放时间
-f               ##监控日志
journalctl   _PID=     _SYSTEM_UNIT=sshd.service

[root@westoslinux Desktop]# journalctl  -F PRIORITY
3
2
4
7
6
5

[root@westoslinux Desktop]# journalctl --disk-usage
Archived and active journals take up 6.1M in the file system.
查看日志大小
[root@westoslinux Desktop]# journalctl  --vacuum-size=1G
Vacuuming done, freed 0B of archived journals from /run/log/journal/ea6e1822adaf414891a444e2a3fa22d4.
设置日志存放大小为1G

#####[root@westoslinux Desktop]# journalctl --vacuum-time=1w
Vacuuming done, freed 0B of archived journals from /run/log/journal/ea6e1822adaf414891a444e2a3fa22d4.
设置日志最长存放时间

Experiment two. Use journalctl service to store logs permanently #####The
default log in the system is in: /run/log/journal

The default mode after the system reboots log log stored permanently complete the following:
mkdir / var / log / TECHNOLOGY
chgrp systemd-TECHNOLOGY / var / log / TECHNOLOGY
the chmod 2775 / var / log / TECHNOLOGY
systenctl systemd-journald.service the restart
when The storage path of the service restart log will be assigned to: /var/log/journal

2.rsyslog

Service name: rsyslog.service
log storage
/var/log/messages ##System service log, general information, service error
/var/log/secure ##System authentication information log
/var/log/maillog ##System mail log information
/ var/log/cron ##System timing task information/var/log/
boot.log ##System startup log information
Configuration file: /etc/rsyslog.conf

###Experiment 1. Custom log collection path ######
Log type
auth
#User authentication authpriv #Service authentication
cron
#Time task kern #Kernel task
mail #Mailnews #System
update information
user #User

Log level
debug ##program debugging information
info ##program regular operation information
notice ##common log of important information
waring ##program warning
err ##program report error
crit ##Severity level will cause the system software to not work properly
alert ##system Information to be changed immediately in
emerg ##System's serious problem log
none ##Do not collect
(from top to bottom, the collected data is less and less)

###############Experiment 2. How to change the log collection format #############
1 Define the log collection format
$template WESTOS_FORMAT, “%FROMHOST -IP% %timegenerated% %syslogtag% %msg%\n"

#WESTOS_FORMAT: format name
#%FROMHOST-IP%: log source host IP
#%timegenerated%: log generation time
#%syslogtag% log generation service
#%msg% log content
#\n: line break

2. Set the log collection format
. ;authpriv.none /var/log/westos;WESTOS

module(load=“builtin:omfile” Template=“WESTOS_FORMAT”) ##WESTOS_FORMAT format is used by default,
built-in template format

Experimental environment configuration

Two hosts (replaced with two virtual machines)

3.timedatectl

timedatectl set-time “2020-02-13 10:00:00” ##Set the system time

timedatectl list-timezones ##Display all time zones in the system
timedatectl set-timezone “Asia/Shanghai” ##Set system time zone

timedatectl set-local-rtc 0|1 ##Set system time calculation method
##0 means using utc time

Calculation

timedatectl View time Eastern time is earlier than base time

The benchmark is London Time Standard (Universal)
bios RTC hardware time
practice

[root@linux1 ~]# timedatectl list-timezones  查看所有的时区
[root@linux1 ~]# timedatectl set-time "2020-01-21 10:15:00"   修改系统时间


[root@linux1 ~]# clock -w     将系统时间同步硬件时间
[root@linux1 ~]# clock -s     将硬件时间同步到系统时间

hostnamectl set-hostname linux.westos.org
modify user name

##################Experiment 3. Remote synchronization of logs######################## #
westos_node1:172.25.254.125 Store logs as the log receiver, all logs are stored on this host
westos_linux:172.25.254.225 Send logs to westos_node1 host

4. Time synchronization service

Experimental environment configuration

#Service name: chronyd.service #Configuration
file: /etc/chrony.conf
The path of the file changed by the client and the client is the same

Synchronize the system time
Modify the server time management configuration file /etc/chrony.conf
The firewall of the server needs to be closed in advance

allow 0.0.0.0/0 (host ip allowed to access)
local stratum 10 (set time sharing on)
and restart the system

Client
modify the time configuration file /etc/chrony.conf
pool 172.25.254.225 iburst (host ip to synchronize time)

Restart the service (both hosts need to restart the service)
Restart the service command:
[root@linux1 ~]# systemctl restart chronyd.service