##日誌記錄系統每天發生的各種各樣的事情,比如監控系統的狀況,排查系統的故障等。你可以通過日誌來檢查錯誤發生的原因,或者受到***時留下的痕跡。日誌的主要功能是審計和監測,還有實時的監測系統狀態,監測和追蹤***者
## 經常查看的系統文件是 /var/log/message,它是系統核心日誌文件
Linux系統日誌
./var/log/messages
./etc/logrotate.conf 日誌分割文件
./var/log/dmesg
./last 命令,調用的是/var/log/wtmp
./lastb命令查看登錄失敗的用戶,對應的文件是/var/log/btmp
./var/logsecure
/var/log/messages 這個是經常查看的日誌文件 核心系統日誌文件,包含啓動時間的引導消息,以及系統運行的其他狀態消息,I/O錯誤 網絡錯誤和其他系統錯誤都會記錄到這個文件下
[root@yzllinux123 ~]# less /var/log/messages #查看系統日誌文件的信息
Jan 29 07:01:01 yzllinux123 systemd: Started Session 3 of user root.
Jan 29 07:01:01 yzllinux123 systemd: Starting Session 3 of user root.
Jan 29 07:12:33 yzllinux123 systemd-logind: Removed session 1.
Jan 29 07:12:33 yzllinux123 systemd: Removed slice User Slice of root.
Jan 29 07:12:33 yzllinux123 systemd: Stopping User Slice of root.
Jan 29 07:12:40 yzllinux123 systemd: Created slice User Slice of root.
Jan 29 07:12:40 yzllinux123 systemd: Starting User Slice of root.
Jan 29 07:12:40 yzllinux123 systemd: Started Session 4 of user root.
Jan 29 07:12:40 yzllinux123 systemd-logind: New session 4 of user root.
/etc/logrotate.conf #日誌切割配置文件
[root@yzllinux123 ~]# cat /etc/logrotate.conf #查看日誌切割配置文件內容
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
[root@yzllinux123 ~]# cat /etc/logrotate.conf #查看日誌切割配置文件
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
[root@yzllinux123 ~]# du -sh /etc/logrotate.conf #du -sh 查看切割文件的大小
4.0K /etc/logrotate.conf
dmesg 命令 它可以顯示系統的啓動信息,如果你的某個硬件有問題(比如有網卡),這個命令也可以看到
[root@yzllinux123 ~]# dmesg |head #列出系統硬件信息
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-123.el7.x86_64 ([email protected]) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon Jun 30 12:09:22 UTC 2014
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=50cdeab8-cfd2-475a-b77a-8f9e904b4fa6 ro vconsole.keymap=us crashkernel=auto vconsole.font=latarcyrheb-sun16 rhgb quiet.UTF-8
[ 0.000000] Disabled fast string operations
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009f000-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000ca000-0x00000000000cbfff] reserved
[root@yzllinux123 ~]# ^C
/var/log/dmesg 日誌 # 記錄系統啓動的日誌
[root@yzllinux123 ~]# cat /var/log/dmesg |head #系統啓動日誌
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-123.el7.x86_64 ([email protected]) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon Jun 30 12:09:22 UTC 2014
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=50cdeab8-cfd2-475a-b77a-8f9e904b4fa6 ro vconsole.keymap=us crashkernel=auto vconsole.font=latarcyrheb-sun16 rhgb quiet.UTF-8
[ 0.000000] Disabled fast string operations
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009efff] usable
[ 0.000000] BIOS-e820: [mem 0x000000000009f000-0x000000000009ffff] reserved
[ 0.000000] BIOS-e820: [mem 0x00000000000ca000-0x00000000000cbfff] reserved
last 命令 查看正確的登錄
[root@yzllinux123 ~]# last |head #查看正確的登錄歷史 誰 怎麼登錄 時間 等
root pts/0 192.168.12.1 Thu Feb 1 05:00 still logged in
reboot system boot 3.10.0-123.el7.x Thu Feb 1 04:59 - 06:04 (01:05)
root pts/0 192.168.12.1 Mon Jan 29 07:12 - crash (2+21:46)
root pts/0 192.168.12.1 Mon Jan 29 05:01 - 07:12 (02:10)
reboot system boot 3.10.0-123.el7.x Mon Jan 29 05:01 - 06:04 (3+01:03)
root pts/0 192.168.12.1 Fri Jan 26 08:00 - crash (2+21:00)
reboot system boot 3.10.0-123.el7.x Fri Jan 26 07:58 - 06:04 (5+22:05)
root tty1 Fri Jan 26 07:58 - 07:58 (00:00)
root pts/0 192.168.12.1 Fri Jan 26 07:29 - down (00:28)
reboot system boot 3.10.0-123.el7.x Fri Jan 26 07:28 - 07:58 (00:29)
lastb #記錄的是登錄失敗的信息
[root@yzllinux123 ~]# lastb |head #登錄錯誤的信息
btmp begins Thu Feb 1 05:32:02 2018
/var/log/secure #記錄驗證和授權等方面的信息
[root@yzllinux123 ~]# cat /var/log/secure
Jan 29 07:12:33 yzllinux123 sshd[2131]: pam_unix(sshd:session): session closed for user root
Jan 29 07:12:40 yzllinux123 sshd[2538]: Accepted password for root from 192.168.12.1 port 52861 ssh2
Jan 29 07:12:40 yzllinux123 sshd[2538]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 1 04:59:25 yzllinux123 polkitd[677]: Loading rules from directory /etc/polkit-1/rules.d
Feb 1 04:59:25 yzllinux123 polkitd[677]: Loading rules from directory /usr/share/polkit-1/rules.d
Feb 1 04:59:25 yzllinux123 polkitd[677]: Finished loading, compiling and executing 2 rules
Feb 1 04:59:25 yzllinux123 polkitd[677]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Feb 1 04:59:31 yzllinux123 sshd[1107]: Server listening on 0.0.0.0 port 22.
Feb 1 04:59:31 yzllinux123 sshd[1107]: Server listening on :: port 22.
Feb 1 05:00:11 yzllinux123 sshd[2128]: Accepted password for root from 192.168.12.1 port 51159 ssh2
Feb 1 05:00:11 yzllinux123 sshd[2128]: pam_unix(sshd:session): session opened for user root by (uid=0)
screen 工具 (虛擬終端)
爲了不讓一個任務中斷 除了我們一直在線 還可以把任務丟在後臺運行 使用:nohup +運行的日誌 +&
還有一個辦法 就是 screen 虛擬終端
首先我們需要安裝screen # yum install -y screen
安裝完成之後,我們只需要輸入#screen 然後回車 就進入虛擬終端
然後按Ctrl +A鍵 在按d 鍵退出screen會話
#screen -ls #是查看已經打開的screen 會話
#screen -r +編號 #是再次打開screen會話
#exit 是結束screen會話