cat /var/log/*.log
If the log is updated, real-time view of how tail -f / var / log / messages
May also be used watch -d -n 1 cat / var / log / messages
-d represent different highlight places, -n indicates how many seconds to refresh.
This command does not return to direct the command line, but the print log file in the newly added content in real time, this feature is useful for viewing the log is very effective. If you want to terminate the output, you can press Ctrl + C.
In the Linux system, there are three main logging subsystem :
connection time log - performed by a plurality of programs, the records written to / var / log / wtmp and / var / run / utmp, login and other updates wtmp utmp file, allowing the system administrator to track who and when logged into the system.
Statistical process - performed by the system kernel. When a process terminates, write a record for the process to process statistics for each file (pacct or acct) in. The purpose is to provide statistical process command system of basic services usage statistics.
Error Log - (8) is performed by syslogd. Various system daemons, user and kernel through the syslog (3) to the file / var / log / messages reported noteworthy events. In addition there are many UNIX programs create log. Such as HTTP and FTP servers to provide network services to maintain a detailed log.
General log files, as follows:
Access-log record HTTP / web transmission
acct / pacct record user commands
activity aculog MODEM record of
btmp record record of failure
events lastlog record of recent successful login and last unsuccessful login
messages from syslog information and error logs in the log information (some linked to the syslog file) system starts, Red Hat Linux is the most commonly used one log
sudolog record using the sudo command issued
sulog use the su command usage record
syslog recording information (generally linked to the messages file) from the syslog
utmp record for each user currently logged
wtmp every time a user logs into and exit time permanent record
xferlog record FTP session
/ var / log / secure log information related to security
/ var / log / maillog log information related to the mail
/ var / log / cron associated with the scheduled task log information
/ var / log / spooler with UUCP and news related equipment log information
/var/log/boot.log daemon start and stop related log messages
utmp, wtmp and lastlog log files are most critical to reuse UNIX log subsystem - to keep the user login record entry and exit. Information about the currently logged on user records in the file utmp; Log entry and exit records in the file wtmp; the last time the log file can be viewed with the lastlog command. Data exchange, shutdown and restart wtmp also recorded in the file. All records contain a timestamp. These files (lastlog generally small) growth in systems with large number of users very quickly. For example wtmp file can grow indefinitely, unless regularly intercepted. Many systems a day or one week to the unit configured to wtmp recycling. It is usually modified by cron script to run. These scripts to rename and recycle wtmp file. Usually, wtmp at the end of the first day named wtmp.1; day after wtmp.1 become wtmp.2 so on, until wtmp.7.
Each time a user logs in, login procedure to view the user's UID in the file lastlog. If found, put the user last logged on, exit time and host name to standard output, then the login program records the new login time in the lastlog. After the new lastlog record is written, utmp file open and insert the user's utmp record. The record has been used to delete the user logs out. utmp file is used by a variety of command file, including who, w, users and finger.
Next, login program opens the file wtmp utmp record additional users. When a user logs out, with the same time stamp update utmp record appended to the file. wtmp file used by the program last and ac.
Specific command
wtmp and utmp files are binary files, they can not be cut and paste commands such as tail or merge (using the cat command). Users need to use who, w, users, last, and ac to utilize the information contained in these two documents.
who: who command to query utmp file and reports each user currently logged on. Who's the default output, including user name, terminal type, login date and the remote host. For example: who (ENTER)
PTS Chyang / 0-Aug 18 is 15:06
ynguo PTS / 2-Aug 18 is 15:32
ynguo PTS /-Aug. 3 13:55 18 is
Lewis PTS /-Aug. 4 13:35 18 is
ynguo PTS /. 7-Aug 18 is 14:12
ylou PTS /-Aug. 8 18 14:15
If you specify the wtmp file name, who commands all previous records queries. Command who / var / log / wtmp will be reported since the wtmp file creation or deletion every time you log in.
w: w command to query utmp file and displays the current system, each user and process information which it runs. For example: w (ENTER): 3: 36pm up 1 day, 22:34, 6 users, load average: 0.23, 0.29, 0.27.
The TTY the FROM the LOGIN the IDLE @ the USER JCPU the PCPU the WHAT
Chyang PTS / 0 202.38.68.242 3:06 PM 2:04 0.08s 0.04s -bash
ynguo PTS / 2 202.38.79.47 3:32 PM 0.00s 0.14s 0.05 W
Lewis PTS / 202.38. 3. 64.233 1:55 pm 30:39 0.27s 0.22s -bash
PTS Lewis / 202.38.64.233 1:35 PM. 4 6.00 s 4.03 s 0.01s SH / Home / Users /
ynguo PTS / simba.nic.ustc.e 2:12 PM. 7 0.00s 0.47s 0.24s Telnet mail
ylou PTS / 202.38. 8. 2:15 PM. 1 64.235: 09M 0.10s 0.04s -bash
users: users print a single line of the currently logged in user, each user name is displayed corresponding to a login session. If a user has more than one login session, that his user name will show the same number of times. For example: users (Enter) display: Chyang Lewis Lewis ylou ynguo ynguo
Last: Last command searches backwards to show the wtmp file for the first time since the creation of the logged in user. For example:
Chyang PTS / 202.38.68.242. 9-Aug. 1 Tue 08:34 - 11:23 (02:49)
CFAN PTS / 202.38.64.224 Tue-Aug. 6. 1 08:33 - 08:48 (00:14)
Chyang PTS /. 4 Tue-Aug. 1 08:32 202.38.68.242 - 12:13 (03:40)
Lewis PTS / 202.38.64.233 Tue-Aug. 3. 1 08:06 - 11:09 (03:03)
Lewis PTS / 2-Aug. 1 Tue 202.38.64.233 07:56 - 11:09 (03:12)
If you specify a user, the user's last report only recent activities, such as: last ynguo (Enter) display:
ynguo PTS / 4 simba.nic.ustc.e Fri Aug 4 16:50 - 08:20 (15:30 )
ynguo PTS /-Aug. 3. 4 simba.nic.ustc.e Thu 23:55 - 04:40 (04:44)
ynguo PTS / simba.nic.ustc.e. 11-Aug. 3 Thu 20:45 - 22:02 (01 : 16)
ynguo PTS / 0-Aug. 3 simba.nic.ustc.e Thu 03:17 - 05:42 (02:25)
ynguo PTS / 0 simba.nic.ustc.e Wed-Aug 2 01:04 - 03:16 + 02. 1: 12 is)
ynguo PTS / 0 simba.nic.ustc.e Wed-Aug 2 00:43 - 00:54 (00:11)
ynguo PTS / simba.nic.ustc.e. 9-Aug. 1 Thu 20:30 - 21:26 (00:55)
AC: AC command to report the time the user link (h) according to the current / var / log / wtmp file Log entry and exit, if you do not use the logo, the total time of the report. For example: ac (ENTER): Total 5177.47
AC -d (ENTER) of the total coupling time of day
-Aug 12 is Total 261.87
-Aug 13 is Total 351.39
-Aug 14 Total 396.09
Total 462.63 15-Aug
-Aug Total 270.45 16
-Aug. 17 Total 104.29
Today Total 179.00
AC -p (ENTER) Total connect time per user
ynguo 193.23
yucao 3.35
Rong 133.40
hdai 10.52
zjzhu 52.87
zqzhou 13.14
liangliu 24.34
Total 5178.22
the lastlog: the lastlog file is queried each time a user logs in. Lastlog command to check the use time of a specific user's last login, and formatted output last login log / var / log / lastlog content. It shows the login name, the port number (tty) and last login time according to the UID order. If a user has never logged, lastlog show "** Never logged ** Note that you need to run this command as root, for example:.
Rong 5 202.38.64.187 Fri Aug 18 15:57:01 +0800 2000
DBB ** Never logged in **
Xinchen ** Never logged in **
pb9511 ** Never logged in **
xchen 0 202.38.64.190 Sun Aug 13 10:01:22 +0800 2000
In addition, a plus any parameters, e.g., lastlog -u 102 will report the user with UID 102; lastlog -t 7 represents a limiting week report.