日志管理
- - CSDN博客系统运维推荐文章#很关键
[root@client01 ~]# ls /var/log/
anaconda.ifcfg.log. tallylog
#关键日志,大部分记录在里面
[root@client01 ~]# ls /var/log/messages
/var/log/messages. [root@client01 ~]# ps -ef|grep log
#系统日志服务
root.
#很关键 [root@client01 ~]# ls /var/log/ anaconda.ifcfg.log anaconda.xlog btmp dmesg maillog secure wtmp anaconda.log anaconda.yum.log btmp-20130805 dmesg.old maillog-20130805 secure-20130805 yum.log anaconda.program.log audit ConsoleKit dracut.log messages spooler anaconda.storage.log boot.log cron httpd messages-20130805 spooler-20130805 anaconda.syslog boot.log-20130805 cron-20130805 lastlog rhsm tallylog #关键日志,大部分记录在里面 [root@client01 ~]# ls /var/log/messages /var/log/messages #系统启动,硬件相关日志 [root@client01 ~]# ls /var/log/dmesg* /var/log/dmesg /var/log/dmesg.old #登录安全相关日志 [root@client01 ~]# ls /var/log/secure /var/log/secure #使用ssh登录,输入错误密码 [root@larrywen opt]# ssh 192.168.1.11 [email protected]'s password: Permission denied, please try again. [email protected]'s password: Permission denied, please try again. #监控文件,可以看到刚才输入的错误密码已经记录下来了 [root@client01 ~]# tail -f /var/log/secure [root@client01 ~]# tail -n 4/var/log/secure Aug 5 14:46:13 client01 sshd[2796]: pam_unix(sshd:auth): authenticationfailure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.1 user=root Aug 5 14:46:15 client01 sshd[2796]: Failed password for root from192.168.1.1 port 50116 ssh2 Aug 5 14:46:23 client01 unix_chkpwd[2800]: password check failed for user(root) Aug 5 14:46:25 client01 sshd[2796]: Failed password for root from192.168.1.1 port 50116 ssh2 #邮件相关日志 [root@larrywen opt]# ls /var/log/maillog /var/log/maillog #登录信息日志 [root@client01 ~]# ls /var/log/lastlog #最后登录的信息 [root@client01 ~]# ls /var/log/lastlog /var/log/lastlog [root@client01 ~]# last #最后登录错误的信息 [root@client01 ~]# lastb #SELINUX相关日志 [root@client01 ~]# ls /var/log/audit/ audit.log [root@client01 ~]# ls /var/log/maillog* /var/log/maillog /var/log/maillog-20130805 #之前日志的备份,一个星期切换一次,会自动备份 maillog-20130805 [root@larrywen 0805]# ls /var/log/maillog* /var/log/maillog /var/log/maillog-20130729 /var/log/maillog-20130805 [root@larrywen 0805]# ls /var/log/boot.log* /var/log/boot.log /var/log/boot.log-20130729 /var/log/boot.log-20130805
[root@client01 ~]# ps -ef|grep log #系统日志服务 root 959 1 0 08:49 ? 00:00:00 /sbin/rsyslogd -c 4 root 1133 1 0 08:49 ? 00:00:00 login -- root root 2811 2776 0 14:54 pts/0 00:00:00 grep log [root@client01 ~]# /etc/init.d/rsyslogrestart Shutting down system logger: [ OK ] Starting system logger: [ OK ] #rsyslog:日志记录的位置,指定输出文件 #日志级别:Debug Warning
[root@client01 ~]# ls /etc/*log* /etc/csh.login /etc/login.defs /etc/logrotate.conf /etc/rsyslog.conf /etc/logrotate.d: dracut httpd subscription-manager syslog up2date yum [root@client01 ~]# ls /etc/rsyslog.conf /etc/rsyslog.conf [root@client01 ~]# vim /etc/rsyslog.conf #模块:实现某个功能的程序 #不要急着写,支持异步写。等到一定量的时候才写,延迟写(负号的含义) -/var/log/maillog #修改文件 [root@client01 ~]# vim /etc/rsyslog.conf [root@client01 ~]# grep "hongyi"/etc/rsyslog.conf -n 60:local3.* /var/log/hongyi.log #重启服务 [root@client01 ~]# /etc/init.d/rsyslogrestart Shutting down system logger: [ OK ] Starting system logger: [ OK ] #可以查看到生成了这个文件 [root@client01 ~]# ls /var/log/hongyi.log /var/log/hongyi.log #写日志 [root@client01 ~]# logger -p"local3.info" "this is test" [root@client01 ~]# cat /var/log/hongyi.log Aug 5 15:17:00 client01 root: this is test #我们写local2.info,发现没有记录 [root@client01 ~]# logger -p"local2.info" "this is test" [root@client01 ~]# cat /var/log/hongyi.log Aug 5 15:17:00 client01 root: this is test [root@client01 ~]# logger --help logger: invalid option -- '-' usage: logger [-is] [-f file] [-p pri] [-ttag] [-u socket] [ message ... ] #性能 #一台机器上的文件保存到另一台机器上 [root@serv02 ~]# grep "UDP" /etc/rsyslog.conf -n -A1 12:# Provides UDP syslog reception 13-$ModLoad imudp.so 14:$UDPServerRun 514 15- [root@serv02 ~]# grep "local3.*"/etc/rsyslog.conf -n 59:local3.* /tmp/up.log [root@larrywen 0805]# man rsyslog.conf
#rsyslog.conf做如下配置 [root@serv01 ~]# grep local3/etc/rsyslog.conf -n #192.168.1.12是serv02的IP #@:UDP 服务 #@@:TCP服务 60:local3.* @192.168.1.12 #重启服务 [root@serv01 ~]# /etc/init.d/rsyslogrestart Shutting down system logger: [ OK ] Starting system logger: [ OK ] #Serv02配置完后,输出日志到第二台机器 [root@serv01 ~]# logger -p"local3.info" "hello,world"
#rsyslog.conf文件做如下配置 [root@serv02 ~]# cat -n/etc/rsyslog.conf|sed "8,9p;/local3/p" -n 8 $ModLoad imuxsock.so # provides support for local system logging(e.g. via logger command) 9 $ModLoad imklog.so # provides kernel logging support (previouslydone by rklogd) 59 local3.* /tmp/up.log #重启服务 [root@serv02 ~]# /etc/init.d/rsyslogrestart Shutting down system logger: [ OK ] Starting system logger: [ OK ] #查看文件可以看到 [root@serv02 ~]# cat /tmp/up.log Aug 5 15:31:38 serv01 root: hello,world #日志备份
[root@client01 ~]# yum install at -y [root@client01 ~]# at now +3 minutes at> echo "hello,wolrd" >/opt/aa01.txt at> <EOT> job 2 at 2013-08-05 16:20 Can't open /var/run/atd.pid to signal atd.No atd running? [root@client01 ~]# /etc/init.d/atd start Starting atd: [ OK ] #相对当前时间 [root@client01 ~]# at now +3 minutes at> echo "hello,wolrd" >/opt/aa01.txt at> <EOT> job 3 at 2013-08-05 16:21 [root@client01 ~]# at -l 3 2013-08-0516:21 a root: 2 2013-08-0516:20 a root root@client01 opt]# ll total 20 -rw-r--r--. 1 root root 12 Aug 5 16:20 aa01.txt drwx------. 2 root root 16384 Jul 23 00:54lost+found #支持分钟 小时 天 [root@client01 ~]# at now +1 days [root@client01 opt]# at 16:28 08/05/2013 at> echo "hello,uplooking"> /opt/aa02.txt at> <EOT> job 4 at 2013-08-05 16:28 [root@client01 opt]# at -l 4 2013-08-0516:28 a root [root@client01 opt]# at 18:20 08/06/2013 at> rm -rf /*<EOT> job 5 at 2013-08-06 18:20 [root@client01 opt]# at -l 5 2013-08-0618:20 a root 4 2013-08-0516:28 a root [root@client01 opt]# at --help at: invalid option -- '-' Usage: at [-V] [-q x] [-f file] [-mldbv]time at -c job ... atq [-V] [-q x] atrm [-V] job ... batch #移除 [root@client01 opt]# atrm 5 #列出详细的任务 [root@client01 opt]# at -l 4 2013-08-0516:28 a root #执行完后自动清除,本次有效 #crontab:循环有效 [root@client01 opt]# vim /etc/crontab ** * * * echo `date` >> /opt/aa03.txt #添加规则 [root@client01 opt]# crontab -e no crontab for root - using an empty one crontab: installing new crontab 30 18 * * * init 0 1 */2 10-20 7,8 5 wall "Have aholiday" #列出所有的任务 [root@client01 opt]# crontab -l * * * * * echo `date` >>/opt/aa03.txt 30 18 * * * init 0 [root@client01 opt]# crontab --help crontab: invalid option -- '-' crontab: usage error: unrecognized option usage: crontab[-u user] file crontab[-u user] [ -e | -l | -r ] (defaultoperation is replace, per 1003.2) -e (edit user's crontab) -l (list user's crontab) -r (delete user's crontab) -i (prompt before deleting user's crontab) -s (selinux context) #查看编写的文件 [root@client01 opt]# cd /var/spool/ [root@client01 spool]# ls anacron at cron lpd mail plymouth postfix up2date [root@client01 spool]# cd cron/ [root@client01 cron]# ll total 4 -rw-------. 1 root root 58 Aug 5 16:37 root [root@client01 cron]# cat root * * * * * echo `date` >>/opt/aa03.txt 30 18 * * * init 0 [root@client01 cron]# cd /etc/cron. cron.d/ cron.daily/ cron.deny cron.hourly/ cron.monthly/cron.weekly/ #每天执行的 [root@client01 cron]# cat/etc/cron.d/0hourly SHELL=/bin/bash PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root HOME=/ 01 * * * * root run-parts /etc/cron.hourly #每个小时执行的 [root@client01 cron]# cat/etc/cron.hourly/0anacron #!/bin/bash #in case file doesn't exist if test -r /var/spool/anacron/cron.daily;then day=`cat /var/spool/anacron/cron.daily` fi if [ `date +%Y%m%d` = "$day" ];then exit 0; fi # in case anacron is already running, # there will be log (daemon won't berunning twice). if test -x /usr/bin/on_ac_power; then /usr/bin/on_ac_power &> /dev/null if test $? -eq 1; then exit 0 fi fi /usr/sbin/anacron -s #查看每天执行的配置文件 [root@client01 cron]# cat/etc/cron.daily/logrotate #!/bin/sh /usr/sbin/logrotate /etc/logrotate.conf>/dev/null 2>&1 EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with[$EXITVALUE]" fi exit 0 #查看syslog文件,可以看到日志的创建过程 [root@client01 logrotate.d]# cat syslog /var/log/messages /var/log/secure/var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron { sharedscripts postrotate /bin/kill-HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true endscript } #可以对日志的相关文件进行配置 [root@client01 cron]# cat/etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files afterrotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log filescompressed #compress # RPM packages drop log rotationinformation into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'llrotate them here /var/log/wtmp { monthly create 0664 root utmp minsize1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also beconfigured here.
#从man中进行示例的拷贝 [root@client01 logrotate.d]# manlogrotate.conf #编辑文件 [root@client01 logrotate.d]# vim/etc/logrotate.conf [root@client01 logrotate.d]# cat/etc/logrotate.conf /opt/hongyi.log { monthly rotate 2 olddir /opt/old missingok create 0600 root hongyi nocompress } #创建用户 [root@client01 logrotate.d]# useradd hongyi #创建目录 [root@client01 logrotate.d]# mkdir /opt/old #创建文件 [root@client01 logrotate.d]# touch/opt/hongyi.log #编辑文件 [root@client01 logrotate.d]# vim/opt/hongyi.log [root@client01 logrotate.d]# ls /opt aa03.txt hongyi.log old [root@client01 logrotate.d]# logrotate--help Usage: logrotate [OPTION...]<configfile> -d,--debug Don't do anything,just test (implies -v) -f,--force Force file rotation -m,--mail=command Command to sendmail (instead of `/bin/mail') -s,--state=statefile Path of state file -v,--verbose Display messagesduring rotation Help options: -?,--help Show this helpmessage —usage Displaybrief usage message #强制使配置文件生效 [root@client01 logrotate.d]# logrotate -f/etc/logrotate.conf [root@client01 logrotate.d]# ls /opt aa03.txt hongyi.log old #可以看到已经生成了文件 [root@client01 logrotate.d]# ls /opt/old/ hongyi.log-20130805 #日志轮寻 #日志切换 [root@client01 ~]# ls /etc/cron.d cron.d/ cron.daily/ cron.deny #查看每天切换的 [root@client01 ~]# ls /etc/cron.daily/ logrotate makewhatis.cron rhsm-complianced [root@client01 ~]# cat/etc/cron.daily/logrotate #!/bin/sh /usr/sbin/logrotate /etc/logrotate.conf>/dev/null 2>&1 EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with[$EXITVALUE]" fi exit 0 [root@client01 ~]# cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files afterrotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log filescompressed #compress # RPM packages drop log rotationinformation into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'llrotate them here /var/log/wtmp { monthly create 0664 root utmp minsize1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } /opt/hongyi.log { monthly rotate 2 olddir /opt/old missingok create 0600 root hongyi nocompress } # system-specific logs may be also beconfigured here. [root@client01 ~]# cd /etc/lo localtime login.defs logrotate.conf logrotate.d/ [root@client01 ~]# cd /etc/logrotate.d/ [root@client01 logrotate.d]# ll total 24 -rw-r--r--. 1 root root 103 Apr 27 2011 dracut -rw-r--r--. 1 root root 185 Jun 24 2010 httpd -rw-r--r--. 1 root root 71 May 5 2011 subscription-manager -rw-r--r--. 1 root root 228 May 20 2009 syslog -rw-r--r--. 1 root root 32 Apr 8 2010 up2date -rw-r--r--. 1 root root 100 Apr 29 2011 yum #程序切换 日志切换 #日志:很重要 #设置日期 [root@client01 opt]# date -s"2013-08-07" Wed Aug 7 00:00:00 CST 2013 #强制使文件生效,v显示过程 [root@client01 opt]# logrotate -fv/etc/logrotate.conf reading config file /etc/logrotate.conf including /etc/logrotate.d reading config file dracut reading config info for /var/log/dracut.log reading config file httpd reading config info for /var/log/httpd/*log reading config file subscription-manager reading config info for /var/log/rhsm/*.log reading config file syslog reading config info for /var/log/messages/var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log/var/log/cron reading config file up2date reading config info for /var/log/up2date reading config file yum reading config info for /var/log/yum.log reading config info for /var/log/wtmp reading config info for /var/log/btmp reading config info for /opt/hongyi.log olddir is now /opt/old Handling 9 logs rotating pattern: /var/log/dracut.log forced from command line (4 rotations) empty log files are not rotated, old logsare removed considering log /var/log/dracut.log logdoes not need rotating rotating pattern: /var/log/httpd/*log forced from command line (4 rotations) empty log files are not rotated, old logsare removed considering log /var/log/httpd/access_log logdoes not need rotating considering log /var/log/httpd/error_log logdoes not need rotating not running postrotate script, since nologs were rotated rotating pattern: /var/log/rhsm/*.log forced from command line (4 rotations) empty log files are not rotated, old logsare removed considering log /var/log/rhsm/rhsmcertd.log logdoes not need rotating considering log /var/log/rhsm/rhsm.log logdoes not need rotating rotating pattern: /var/log/messages/var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log/var/log/cron forced from command line(4 rotations) empty log files are rotated, old logs areremoved considering log /var/log/messages logneeds rotating considering log /var/log/secure logneeds rotating considering log /var/log/maillog logneeds rotating considering log /var/log/spooler logneeds rotating considering log /var/log/boot.log logneeds rotating considering log /var/log/cron logneeds rotating rotating log /var/log/messages,log->rotateCount is 4 dateext suffix '-20130807' glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/secure,log->rotateCount is 4 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/maillog,log->rotateCount is 4 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/spooler,log->rotateCount is 4 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/boot.log,log->rotateCount is 4 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' rotating log /var/log/cron,log->rotateCount is 4 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:var_log_t:s0 renaming /var/log/messages to/var/log/messages-20130807 creating new /var/log/messages mode = 0600uid = 0 gid = 0 fscreate context set tosystem_u:object_r:var_log_t:s0 renaming /var/log/secure to/var/log/secure-20130807 creating new /var/log/secure mode = 0600uid = 0 gid = 0 fscreate context set tosystem_u:object_r:var_log_t:s0 renaming /var/log/maillog to/var/log/maillog-20130807 creating new /var/log/maillog mode = 0600uid = 0 gid = 0 fscreate context set tosystem_u:object_r:var_log_t:s0 renaming /var/log/spooler to/var/log/spooler-20130807 creating new /var/log/spooler mode = 0600uid = 0 gid = 0 fscreate context set tosystem_u:object_r:var_log_t:s0 renaming /var/log/boot.log to/var/log/boot.log-20130807 creating new /var/log/boot.log mode = 0644uid = 0 gid = 0 fscreate context set tosystem_u:object_r:var_log_t:s0 renaming /var/log/cron to/var/log/cron-20130807 creating new /var/log/cron mode = 0600 uid= 0 gid = 0 running postrotate script rotating pattern: /var/log/up2date forced from command line (4 rotations) empty log files are rotated, old logs areremoved considering log /var/log/up2date log/var/log/up2date does not exist -- skipping rotating pattern: /var/log/yum.log forced from command line (4 rotations) empty log files are not rotated, old logsare removed considering log /var/log/yum.log logdoes not need rotating rotating pattern: /var/log/wtmp forced from command line (1 rotations) empty log files are rotated, only log files>= 1048576 bytes are rotated, old logs are removed considering log /var/log/wtmp logneeds rotating rotating log /var/log/wtmp,log->rotateCount is 1 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:wtmp_t:s0 renaming /var/log/wtmp to/var/log/wtmp-20130807 creating new /var/log/wtmp mode = 0664 uid= 0 gid = 22 removing old log /var/log/wtmp-20130806 rotating pattern: /var/log/btmp forced from command line (1 rotations) empty log files are rotated, old logs areremoved considering log /var/log/btmp logneeds rotating rotating log /var/log/btmp,log->rotateCount is 1 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set to system_u:object_r:faillog_t:s0 renaming /var/log/btmp to/var/log/btmp-20130807 creating new /var/log/btmp mode = 0600 uid= 0 gid = 22 removing old log /var/log/btmp-20130806 rotating pattern: /opt/hongyi.log forced from command line (2 rotations) olddir is /opt/old, empty log files arerotated, old logs are removed considering log /opt/hongyi.log logneeds rotating rotating log /opt/hongyi.log,log->rotateCount is 2 dateext suffix '-20130807' glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]' fscreate context set tounconfined_u:object_r:usr_t:s0 renaming /opt/hongyi.log to/opt/old/hongyi.log-20130807 creating new /opt/hongyi.log mode = 0600uid = 0 gid = 500 removing old log/opt/old/hongyi.log-20130805 #可以查看old目录下的文件 [root@client01 opt]# ls old/ hongyi.log-20130806 hongyi.log-20130807 [root@client01 opt]# cat hongyi.log #查看文件的权限 [root@client01 opt]# ll total 8 -rw-r--r--. 1 root root 2436 Aug 7 00:01 aa03.txt -rw-------. 1 root hongyi 0 Aug 7 00:00 hongyi.log drwxr-xr-x. 2 root root 4096 Aug 7 00:00 old
#延时执行,系统启动后,检测还没有执行的任务。计划任务 #什么时候启动机器,什么时候检测 [root@client01 opt]# cat /etc/anacrontab # /etc/anacrontab: configuration file foranacron # See anacron(8) and anacrontab(5) fordetails. SHELL=/bin/sh PATH=/sbin:/bin:/usr/sbin:/usr/bin MAILTO=root # the maximal random delay added to thebase delay of the jobs RANDOM_DELAY=45 # the jobs will be started during thefollowing hours only START_HOURS_RANGE=3-22 #period in days delay in minutes job-identifier command 1 5 cron.daily nicerun-parts /etc/cron.daily 7 25 cron.weekly nicerun-parts /etc/cron.weekly @monthly 45 cron.monthly nice run-parts /etc/cron.monthly #crontab:列出和删除 [root@client01 opt]# crontab -l * * * * * echo `date` >>/opt/aa03.txt 30 18 * * * init 0 [root@client01 opt]# crontab --help crontab: invalid option -- '-' crontab: usage error: unrecognized option usage: crontab[-u user] file crontab[-u user] [ -e | -l | -r ] (defaultoperation is replace, per 1003.2) -e (edit user's crontab) -l (list user's crontab) -r (delete user's crontab) -i (prompt before deleting user's crontab) -s (selinux context) [root@client01 opt]# crontab -r [root@client01 opt]# crontab -l no crontab for root
我的邮箱: [email protected] 新浪微博: @Wentasy27 微信公众平台:JustOracle(微信号:justoracle) 数据库技术交流群:336882565(加群时验证 From CSDN XXX) Oracle交流讨论组: https://groups.google.com/d/forum/justoracle By Larry Wen
@Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客] |