First reset the two virtual machines and
set the ip to +100 +200
nm-connection-editor
make settings
hostnamectl set-hostname node2或1.example.com
Exit and reconnect
Login /var/log/messages
1. Log collection rules
#vim /etc/rsyslog.conf #You can change the log collection rules after entering
* . * file name
Log type. Log level Log storage file
The configuration file needs to be re-read after the change #systemctl restart restart rsyslog.service
auth user login log (pam generated log)
authpriv service authentication log (sshd authentication)
kern kernel log
cron scheduled task log
lpr printer log
mail mail log
news news
user user related program log
local 1-7 user-defined log
For example : vim /etc /rsyslog.conf
auth.debug /var/log/westos
*.* /var/log/log.allLog
level
debug #System debugging information
info #General information
warning #Warning information
err #Error (low level, preventing a certain The function does not work properly)
crit #Error report (high level, preventing the entire software or the entire system from working properly)
alert #Information that needs to be modified immediately
energ #Kernel crash
none #Do not collect any log information Common
system logs (see the log cat /var /log/...)
/var/log/messages #General information of all log levels (excluding mail service authentication timing tasks)
/var/log/maillog #Mail log
/var/log/secure #Service authentication log
2. Remote synchronization of logs
On log sendervim /etc/rsyslog.conf
*.* @192.25.254.201 #Log receiver address
Send all logs to 192.25.254.201
systemctl restart rsyslog.service(重启)
vim /etc/rsyslog.conf
15$ModLoad imudp
16$UDPServerRun 514
systemctl restart rsyslog
systemctl stop firewalld
systemctl disable firewalld
3. Define the log collection format
Receiver
vim /etc/rsyslog.conf
$template format name, "log collection format"
*.info;mail.none;authpriv .none;cron.none
.info;mail.none;authpriv.none;cron.none /var/log/messages;westos
$template westos,"%timegenerated% %FROMHOST-IP% %syslogtag% %msg%\n"
%timegenerated% log generation time
%FROMHOST-IP% log source host ip
%syslogtag% log generator
%msg% #log content
\n #newline
After that, restart the two virtual machines systemctl restart rsyslog
then cat /var/log/messages
journalctl View log tool (without collection)
journalctl -n 3 to view the latest three
journalctl -p err View system errors
journalctl -f user ctrl+c to end monitoring
journalctl --since --until View from one period to another
journalctl -o verbose View log detailed parameters
_pid=xxx journalctl _PID=xxx view
systemctl restart sshd.service restart will change) restart reboot
By default , this program is only responsible for viewing logs without saving and collecting logs.
Then power off and then power on to view the logs. Only the logs after booting can be viewed. The previous logs of the system are stored in memory. , so after the shutdown, the sky is clear
How to keep systemd-journal on hard drive
mkdir /var/log/journal (the format of the created directory cannot be changed)
chgrp systemd-journal /var/log/journal
chmod g+s /var/log/journal
killall -1 systemd-journald
journalctl -n 3 (see the last time the journal was saved)
date (see shutdown time)
journalctlcat (see whether the log is saved before shutdown)
It can be seen that 6. Time synchronization
is saved on the server side
vim /etc/chrony.conf Line
29 local stratum 10 #Turn on the time sharing function and set the sharing level #After
this parameter is turned on, the machine will not
synchronize other people's time to this machine Machine
22 line allow 172.25.254.101 which clients are allowed to access the chrono shared time
systemctl restart chronyd
on the client
vim /etc/chrony.conf
server 172.25.254.201 iburst
systemctl restart chronyd
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.101 10 6 17 9 +15ms[ +15ms] +/- 85ms
timedatectl View time
timedatectl list-timezones ##List timetables
timedatectl set-timezone Asia/Shanghai ##Set the time to China time
timedatectl set-local-rtc 0 ###Do not use local time
vim /etc/adjtime
vim /etc/adjtime
delay
at
at time
at now+5min
at -l ####See which delay commands are available
at command user blacklist
vim /etc/at.deny
When the whitelist is established, except for the super user and other users in the list can not execute at, and the blacklist invalid
vim /etc/at.allow