journald
Service Name: systemd-journald.service
service to provide an improved log management service, may collect the error during the boot process, standard output, and system log daemon is started and run-messages from the kernel, it will write these messages to a framework of the event log.
The default storage path: / run / log; the log will be cleared after a system reboot
View System Log
to view the system log command is journalctl
usage parameters journalctl command:
journalctl log analysis command
five log journalctl -n 5 to view the most recently generated
journalctl -since view generated from a time log
journalctl --util view the log to a time
journalctl -o verbose log that can be used to view the condition parameters
journalctl -o short classic mode to display the log
journalctl -o export binary format for outgoing and backup
journalctl -o json js format output
journalctl -p display the specified level log
journalctl - serious problems p emerg system log
log journalctl -p alert system immediately want to change the
severity level journalctl -p crit will cause the system software does not work
journalctl -p err procedural error
journalctl -p warning CAUTION
journalctl -p notice of important information ordinary log
journalctl -p info log general information
journalctl -p debug program debugging information
journalctl -F PRIORITY view the log level controllable
journalctl -u specifies the name of the service to view the service
journalctl --disk-usage view log size
journalctl --vacuum-size = 1G set the log storage size
journalctl -f monitoring logs
Specify the parameters of view the log information journalctl
UID = process uid
PID = process of the above mentioned id
GID = process gid
HOSTNAME = process where the host
YSSTEMD_UNIT = service name
COMM = command name
Example:
View sshd service log
shows columns: Displays the start time of a system-generated log
shows columns: Displays the process ID of the log
shows columns: Viewer error logs
with journalctl permanent storage service logs
1. Set up a log store directory
owner is a group 2. Modify the journal directory is systemd-journal; modify permissions are 2774
3. Restart the system-journal service
rsyslog
rsyslog is an open source tool that is widely used linux system via tcp / udp protocol forwarded or accept log messages
Service Name: rsyslog.service
profile: /etc/rsyslog.conf
log storage: permanent storage of log
/var/log/messages 系统服务日志,常规信息,大多数日志信息
/var/log/secure 安装和身份认证相关日志文件
/var/log/maillog 与邮件服务器相关的日志文件
/var/log/cron 与定时任务相关的日志文件
/var/log/boot.log 系统启动日志文件
以读取文件内容的方式直接查看系统日志cat /var/log/messages
自定义日志采集路径和采集格式
日志类型
auth 用户认证
authpriv 服务认证
cron 时间任务
kem内核类型
mail 邮件
news 系统更新信息
user 用户
日志级别
emerg 系统的严重问题日志
alert 系统中立即要修改的日志
crit 严重级别会导致系统软件不能正常工作
err 程序报错
arning 程序警告
notice 重要信息的普通日志
info 普通信息
debug 程序排错信息
none 什么都不记录
自定义日志采集路径
方法:在配置文件的45行以后添加采集路径信息
第一个星号所在的字段表示日志类型,第二个星号所在字段表示日志级别,用.隔开,后面为采集路径
实例:将系统的所有日志存放在/var/log/linux文件中
实例2:把系统的所有日志文件存放在linux文件中,除了mail外
自定义日志采集格式
%FROMHOST-IP% 日志来源主机
%timegenerated% 日志生成时间
%syslogtag% 日志生成服务
%msg% 日志内容
\n 换行
1.在配置文件中编写一个名为WESTOS的模板,采集格式为“日志来源主机IP”,生成时间,服务,内容
2.对指定文件用编写的模板采集日志,比如:让linux文件以westos格式采集日志
3.重启rsyslog服务,查看linux日志文件,格式生效
4.若想要所有文件都采用westos格式,可将默认模板名改为westos
日志的远程同步
实验目的:
主机A的日志发送到主机B
1.在主机A中修改配制文件,设定发送日志到主机B,重启服务
@:udp传输
@@:tcp传输
2.在主机B修改配置文件,设定接受所有人的日志
3.查看到主机B的514端口已经打开,关闭防火墙;此时,日志同步设定已经同步完成
4.为了观察实现效果,两台主机分别清空日志文件,在主机A上执行logger linux测试命令,在主机B上可以查看到同步的日志
Time management
timedatectl commands to manage the system time
timedatectl set-time + [system setting] specific time period
timedatectl list-timezones show all time zones
timedatectl set-timezone +] [time zone setting the system time
timedatectl set-local-rtc 0/1 set the system time calculation; 0 represent hardware using UTC time calculation mode, so that the hardware represents a local time using
Example 1:
set time
shows two columns: system area setting
time synchronization service
Service Name: chronyd.service
profile: /etc/chrony.conf
experiment:
Host A as a time source
host B A time synchronization host
Experimental Procedure:
1. A modified configuration file in the host, allowing the host network synchronization hosts 192.168.1.0 and on-time services. 10 is set to level
2. A host service chrony restart, turn off the firewall
3. modify the configuration file on the host B, the time synchronization host A, restart service chronyd
4. Host B see the time, it has become host A time
5. host B using chronyc source -v command to view synchronization effect
