Linux-日志管理
时间:2022-04-03 16:22
Linux-日志管理
日志的AAA认证:
- Authentication 认证
- Authorization 授权
- Account Audit 审计
dmesg
查看与系统启动有关的日志
[root@localhost ~]# dmesg
[ 0.000000] Linux version 4.18.0-193.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com) (gcc version 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Fri Mar 27 14:35:58 UTC 2020
[ 0.000000] Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-193.el8.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet
[ 0.000000] Disabled fast string operations
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: ‘x87 floating point registers‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: ‘SSE registers‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: ‘AVX registers‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x020: ‘AVX-512 opmask‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x040: ‘AVX-512 Hi256‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x080: ‘AVX-512 ZMM_Hi256‘
[ 0.000000] x86/fpu: Supporting XSAVE feature 0x200: ‘Protection Keys User registers‘
......
查看日志信息
一般情况下查看日志都是使用tail -f命令来查看,实时刷新
查看除内核之外错误的日志信息
[root@localhost ~]# tail -f /var/log/messages
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): option requested_subnet_mask => ‘1‘
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): option requested_time_offset => ‘1‘
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): option requested_wpad => ‘1‘
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): option routers => ‘192.168.237.2‘
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): option subnet_mask => ‘255.255.255.0‘
Dec 15 15:31:04 localhost NetworkManager[1122]: <info> [1608017464.0147] dhcp4 (ens160): state changed extended -> extended
Dec 15 15:31:04 localhost dbus-daemon[1033]: [system] Activating via systemd: service name=‘org.freedesktop.nm_dispatcher‘ unit=‘dbus-org.freedesktop.nm-dispatcher.service‘ requested by ‘:1.8‘ (uid=0 pid=1122 comm="/usr/sbin/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")
Dec 15 15:31:04 localhost systemd[1]: Starting Network Manager Script Dispatcher Service...
Dec 15 15:31:04 localhost dbus-daemon[1033]: [system] Successfully activated service ‘org.freedesktop.nm_dispatcher‘
Dec 15 15:31:04 localhost systemd[1]: Started Network Manager Script Dispatcher Service.
查看邮件系统产生的日志信息
[root@localhost ~]# tail -f /var/log/maillog
查看与安全相关的日志信息
[root@localhost ~]# tail -f /var/log/secure
Dec 4 15:14:04 localhost polkitd[1021]: Loading rules from directory /usr/share/polkit-1/rules.d
Dec 4 15:14:04 localhost polkitd[1021]: Finished loading, compiling and executing 2 rules
Dec 4 15:14:04 localhost polkitd[1021]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Dec 4 15:14:06 localhost sshd[1133]: Server listening on 0.0.0.0 port 22.
Dec 4 15:14:06 localhost sshd[1133]: Server listening on :: port 22.
Dec 4 15:14:15 localhost systemd[4268]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Dec 4 15:14:15 localhost login[1158]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Dec 4 15:14:15 localhost login[1158]: ROOT LOGIN ON tty1
Dec 15 14:16:49 localhost sshd[5378]: Accepted password for root from 192.168.237.1 port 65504 ssh2
Dec 15 14:16:49 localhost sshd[5378]: pam_unix(sshd:session): session opened for user root by (uid=0)
priority(log level)日志的级别
一般有以下几种级别(从低到高),级别越低,信息越详细:
定义格式例子mail.info /var/log/maillog表示将mail相关的,级别为info及info以上级别的信息同步记录到/var/log/maillog文件中 mail.* -/var/log/maillog表示将mail相关的所有日志信息异步记录到/var/log/maillog文件中,路径前的“-”表示异步模式 #同步: 一有数据立马写,时时刻刻都在等待数据,不能操作别的#异步: 等数据多一点在写,等待时间可以操作user.!=error / user.!error表示记录user相关的,不包括error级别的信息,与user.error相反 *.info表示记录所有的日志信息的info级别 mail.*表示记录mail相关的所有级别的信息 * . *表示记录所有级别的所有日志信息 cron.info;mail.info多个日志来源可以用分号隔开 cron,mail.info相当于cron.info;mail.info mail.*;mail.!=info表示记录mail相关的所有级别的信息,但是不包括info级别的 文件记录(/var/log/message)的日志的格式:事件产生的日期时间 主机 进程(pid): 事件内容
格式为二进制格式的日志记录/var/log/wtmp当前系统成功登录的日志,可使用last命令查看其内容
/var/log/btmp当前系统失败的登录尝试的日志,可使用lastb命令查看其内容
配置rsyslog服务器问:如果想要把一台主机的权限日志写到另外一台主机上应该怎么做呢?客户端: 主机名:128 IP地址:192.168.237.128服务端: 主机名:133 IP地址:192.168.237.133
相关推荐
电脑软件本类排行今日推荐热门手游 |
---|