1. The program generates the log
rsyslog collects logs. After it is turned off, it will collect uncollected logs and collect rule configuration files.
cat /var/log/messages
> /var/log/messages #empty
vim /etc/rsyslog.conf
*. * / var / log / lin
auth #User login log
kern #kernel log
cron timed task log
lpr printer log
mail mail log
news
user user related program log
local 1-7 user-defined log
log level
debug system debugging information
info general information
warning warning information
err error (level low, preventing a function from working properly)
crit reporting an error (high level, preventing the entire software or system from working properly)
alert information that needs to be modified immediately
emerg kernel crash
none no log information collected
System common log
/var/log/messag General information of all log levels, excluding mail, service authentication, scheduled tasks/var/log/maillog mail log
/var/log/secure service authentication log
/var/log/cron scheduled task log
2. Log remote synchronization
sender
vim /etc/rsyslog.conf
*.* @172.25.254.252 #Receiver address
UDP is fast, TCP is stable
receiver
vim /etc/rsyslog.conf
Lines 15 16
systemctl stop firewalld #Close the firewall
systemctl disabled firewalld #Do not turn on the firewall at boot
test
The receiver
vim /etc/rsyslog.conf
$template format name, "log collection format"
*.info;mail.none;authpriv.none;cron.none /var/log/messages;format name
Generation time Source host ip Generation program Content Newline
cat /var/log/messages
4.journalctl #Directly view the log in memory
1) journalctl -f #monitor log
2) journalctl -n 3 #View the latest 3
3) journalctl --since time --until time #View logs for a period of time
4) journalctl -p err #View the error ctrl+c end
5) journalctl -o verbose #View detailed parameters --pid=651 journalctl _pid=651
6)journalctl _PID=81
7) Management of systend-journalBy default , this program can only be viewed and cannot be saved. If you turn it off and then turn it back on, you can only view the log after booting. Because the log is saved in the memory, it will be emptied after shutdown. How to make systend-journal Save the log to the hard disk
mkdir /var/log/journal
chgrp systemd-journal /var/log/journal
chmod g+s /var/log/journal
killall -1 systemd-journald #Refresh the process
journalctl -n 3
reboot
journalctl
The previous log is still there
shares time on the server side. To close the firewall
vim /etc/chrony.conf Line
29 local stratum 10 #Turn on the time sharing function and set the sharing level. After it is turned on, the machine will not synchronize the time of others.
Line 22 allow 172.25.254.0/24 #Which clients are allowed to access the local shared time
on client side
vim /etc/chrony.conf
chronyc sources -v
6. Time zone
1) timedatectl list-timezones #List all time zones
2) timedatectl set-timezone Asia/Shanghai #Modify time zone
timedatectl
3) timedatectl set-local-rtc 0 #Use UTC time
vim /etc/adjtime
vim /etc/adjtime
date
7.at
1) at time
2)at now+1min
3) at -l #View tasks
4) at -c 3 #View specific tasks
5) at -r 3 # undo the task
6) Blacklist
[root@node1 ~]# useradd lee
[root@node1 ~]# useradd lin
[root@node1 ~]# vim /etc/at.deny
add lin to the blacklist
[lee@node1 ~]$ at now+2min
You do not have permission to use at.
[lee@node1 ~]$ logout
[root@node1 ~]# su - lee
[lin@node1 ~]$ at now+2min
at> <EOT>
job 10 at Sat Apr 14 16:52:00 2018
[lin@node1 ~]$ logout
[root@node1 ~]# touch /etc/at.allow #Create a whitelist, the blacklist is invalid, only root can execute
[root@node1 ~]# su - lin
Last login: 6 April 14 16: 50:44 CST 2018 on pts/0
[lin@node1 ~]$ at now+2min
You do not have permission to use at.
[lin@node1 ~]$ logout
[root@node1 ~]# vim /etc/at.allow
Edit the file and add lin to the whitelist
[root@node1 ~]# su - linLast login: 六 4月 14 16:50:14 CST 2018 on pts/0
[lee@node1 ~]$ at now+2min
at> <EOT>
job 11 at Sat Apr 14 16:54:00 2018