Linux System Administration 12-Linux file system and log

Others 2019-08-14 10:53:22 views: null

Linx a deep understanding of the file system and block -inode

Files are stored on the hard disk, hard disk smallest unit of memory called a "sector" (Sector). Storage 512 bytes per sector (corresponding to 0.5KB).
Operating system reads the hard disk, it does not read a sector, so that efficiency is too low, but a plurality of disposable continuous reading of sectors, i.e., a one-time read "block" (block). This "block" composed of a plurality of sectors, is a minimum unit of file access. Size "chunks", the most common is 4KB, namely eight consecutive sector to form a block.
File data is stored in the "block", then it is clear that we must find a place to store meta-information file, such as the creator of the file, the file creation date, file size, and so on. This meta-information file storage area is called the inode, Chinese translation of "inode."

inode: Record file attributes of a file occupies one inode, while recording the block number of file data is located.

block: Record the contents of the file, if the file too large occupy more than bolck blocks. Usually the size of 1k, 2k, 4k.

The special role of the inode
Since the inode number and file name separated, this mechanism has led to some Unix / Linux system-specific phenomenon.
  1. Sometimes, the file name contains special characters, it can not be deleted properly. In this case, delete the inode, it can play the role of deleted files.
  2. Move the file or rename the file, just change the file name, does not affect the inode number.
  3. Open a file in the future, the system to inode number to identify the file, the file name will not be considered. Therefore, generally speaking, the system does not know the file name from the inode number.
      The third point enables easy software update can be updated without shutting down the software without restarting. Because the system through the file inode number to identify the running, not the file name. Update, the new version of the file with the same file name, create a new inode, it will not affect the file operation. Wait until the next time you run the software, the file name will automatically point to the new file, inode legacy files were recovered

English

nickname

Chinese translation

When to modify

View command

Access

Atime

interview time

Read. Write

Ls -lu

Modify

Mtime

Change the time

Write. modify

ls -l

Change/Create

Ctime

Changing the time / Created

Modify the file name. Write. modify. Change permissions. Do Links

Ls  -lc

Important Find / tmp directory under the modified file within three days, and moved to the / opt under

find / tmp -type f -a -mtime -3 -exec mv {} / opt \; (+3 within three days, three days ago -3)

inode number (2) View file

ls -i filename

stat filename

5. Delete specified file corresponding to the inode number

find  ./  -inum  inode号  -exec  rm  -i  {}  \;

6. Check the file system information of the inode and block

df -i device names (mounted file system can only check in)

dumpe2fs -h device name (no need to mount the file system)

tune2fs -l device name (no need to mount the file system)

7. When formatting specified file system inode number and block size

Method: mkfs.ext4 -N number inode -b block size (in bytes, is generally 4k size may be altered, but in general may be omitted) the device name

8 resolved inode depletion caused by disk failure

<1 delete unused files

<2 file backup, reformat the file system, inode number designated more

 

Two in-depth understanding of Linux file systems --- Links

1 hard link 

Methods: ln source destination file

Features: The specified target and source files inode same, but not hard links for directories, must be in the same file system. Delete a file name, does not affect another visit

2 soft links 

Methods: ln -s source file or directory target file or directory

Features: soft link to the file name, a new generation of soft link different inode number and source files, directories can also generate soft links, soft links and source files may no longer be in the same file system, the contents of the soft link file is the source file route, the system will automatically guide reading source files, but when the source file is moved or the same name, given soft link

Three recover accidentally deleted files (CentOS 7 does not have this feature, CentOS 6 also this feature)

Four analyze log files

1. The classification of the log file

(1) the kernel and system log to a log file final #

(2) The user log

(3) log

Position 2 log files are located

Log Files

Content storage

View command

/ Var / log / messages

Kernel messages and public information log a variety of applications, including startup. I / O error. Network Error. Program failure

Cat etc.

/ Var / log / lastlog

Each user has recently logged events

Last  lastlog

/ Var / log / secure

User authentication information related to the safety time

Cat etc.

/ Var / log / wtmp

Each user login, logout and system startup and shutdown events

Users、who、w、

/ Var / log / btmp

Failed, incorrect login attempts and authentication events

lastb

file View File Types

5. Level log messages

level

Representation and English translation

significance

0

EMERG (emergency)

Causing the host is unavailable

1

ALERT (warning)

We must immediately take measures to solve

2

CRIT (severe)

More serious cases

3

ERR (error)

Runtime error

Command: last: the query was successful login to the system's user record, recent logins on top

-a: from the host name or IP address where the log is displayed in the last line

-n: n sign indicates the most recent record of

lastlog command: used to display all system users last logged information

lastb command: used to display the user's login error list, this command can be found in the system login exception

(3) log

Storage location: not fixed

7 log files for protection

chattr + a log file

chattr + a -R a recursive increase permissions

8 Log Management

<1 for logs, regular backups, off-site backup (retention logging 1-3 days)

<2 for permission to strictly (to prevent the disclosure of sensitive information), do log for centralized management

<3 for cutting the log periodic mv / var / log / messages / / var / log / messages - $ (date -d "-1 days" +% F) the day before

date +% F Current time

Guess you like

Origin www.cnblogs.com/maoyanqing/p/11349975.html
Recommended
Rushing to the GitHub hot list——How can open source programming languages and frameworks be so cute?
Beijing Humanoid Robot Innovation Center launches Tiangong, the world's first full-size humanoid robot with purely electric drive for anthropomorphic running
Ranking
8个无需编写代码即可使用 Python 内置库的方法
Java collections interview knowledge Lite
Machine learning algorithms foundation - Introduction a (watermelon materials for the book)
(Easy) Ransom Note - LeetCode
[Five days] Qt from entry to actual combat: the second day
Remember once extremely pit father can not download Maven Jar package of issues: IDEA question
The minimum cost Shortest
OSPF study map (the most complete version)
Network Takeaways
GnuPG
Daily
More
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

Code World

© 2018 codetd.com