linux foundation of log management

Log Management

Divided into two categories
1.rsyslog system log management
2.logrotate log rotation
. A process to handle logs
rsyslogd: full-time logger system. Most of the logging process, information about the operation of the system, such as login information, the program starts to close, and error status
II. Common Log File

tail   -10   /var/log/messages   //系统主日志文件
tail -f /var/log/messages    //动态查看日志文件的尾部
tailf /var/log/secure    //认证、安全
tail /var/log/yum.log     //yum
tail /var/log/maillog      //跟邮件postfix相关
tail /var/log/cron     //crond、at进程产生的日志
tail /var/log/dmesg    //和系统启动相关

Three. Rsyslog configuration

yum install rsyslog logrotate    //默认已安装
systemctl  start    rsyslog.service        //启动
/etc/rsyslog.conf      //rsyslogd的主配置文件

IV. The main configuration file

#vim /etc/rsyslog.conf

Log Rotation

I. Introduction
logging program runs a variety of information
can analyze user behavior through the log, recording a trajectory and look for procedural issues. Limited disk space, log rotation can only record what happened last period of time, in order to save space and easy to organize, such as log files often need to press the i time or size dimensions into multiple copies, long time to delete log files.
Second works
carried out in accordance with the configuration cycle
master file: /etc/logrotate.conf (determine how each log file rotation)
subfolders: /etc/logrotate.d/*

ls /etc/logrotate.conf /etc/logrotate.d/
/etc/logrotate.conf
/etc/logrotate.d/:
acpid cups iscsiuiolog ppp rpm subscription-manager up2date wpa_supplicant
conman httpd mgetty psacct setroubleshoot syslog vsftpd.log yum

III. Describes the main configuration file

[root@localhost ~]# vim /etc/logrotate.conf 
=========全局设置==========
weekly 		//轮转的周期，一周轮转
rotate 4 		//保留4份
create 		//轮转后创建新文件
dateext 		//使用日期作为后缀
#compress	 //是否压缩
include /etc/logrotate.d	//包含该目录下的子配置文件
/var/log/wtmp { 	//对某日志文件设置轮转的方法
monthly 				//一月轮转一次
minsize 1M 		//最小达到1M才轮转,monthly and  minsize
create 0664 root utmp	 //轮转后创建新文件，并设置权限
rotate 1 		//保留一份
}
/var/log/btmp {
missingok 		//丢失不提示
monthly 			//每月轮转一次
create 0600 root utmp 	//轮转后创建新文件，并设置权限
rotate 1 		//保留一份
}

IV. Examples log rotation

vim /etc/logrotate.d/yum 
/var/log/yum.log {
missingok		//丢失不执行
notifempty		//空文件不论转
size 30k		//达到30k轮转, daily or  size
yearly		//或者一年一轮转
daily		//缩小周期到1天
rotate 3		//轮转保留3次
create 0777 root root
}

Modification time, triggered manually rotate

/usr/sbin/logrotate  -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf

ls /var/log/yum*`

Time will rotate several revisions

date 04011000