下面我給大家介紹一下linux裡面的日志檔案:
windows
像在windows裡面我們需要檢視日志需要從,“管理”目錄下面找到事件檢視器,而這些都屬于在window日志檢視器
linux
首先我們要檢視我們的linux 裡面是否存在sysklogd-1.4.1-44.e15
這個軟體包,也就是一些關于日志的一些檔案,然後我們進行檢視這個軟體包
像一些軟體包裡面帶有d都是一些服務軟體的包“sysklogd”
其中裡面有這兩個軟體包(1)/sbin/klogd 是針對核心産生日志資訊
dmesg 這個指令可以檢視針對核心硬體的資訊
dmesg | grep -i cpu 可以檢視cpu的資訊
dmesg | grep -imem 可以檢視記憶體的資訊
dmesg | grep -ietho 可以檢視網卡的資訊
(2)/sbin/syslogd 是針對系統的服務日志資訊
系統包括:我們平時安裝的某些軟體,網絡裝置等
/sbin/syslogd會産生一個分類的檔案而這個分類的檔案就是/etc/syslong.conf我們打開這個檔案會看到分類檔案
每一行表示一個規則,前一個是一個選擇域後一個是動作域 *表示是每個人,動作域就表示我們需要把這些的資訊發到哪裡去
選擇裡面包括應用和級别而動作包括檔案每個人@主機名稱或位址
前面帶(#)都是注釋的意思
不帶注釋的每一行前面的表示一種應用服務,後面可以跟它的級别,而在應用裡面有身份驗證計劃任務某一種應服務核心列印郵件标志新聞安全使用者在安全的情況下我們一般不用的
.後面跟着級别最低debug info(提醒) notice(注意),warning warn err error crit (嚴重)alert emerg panic 由低到進階别
我們先從第7行開始給大家說明一下:所有應用軟體的大于等于info都要被記錄下來,除了關于mail 驗證計劃任務相關的都要寄到這個檔案裡面 /var/log/messages
第10行 authpriv.*驗證這些驗證的資訊都記錄到/var/log/secure
例:我從第四個終端進去,故意輸錯密碼,這是再檢視日志檔案提示
第13行郵件相關‘-’表示異步,表示等系統空閑了再把資訊寫到這個檔案裡面去
第17行計劃任務
第20行所有嚴重的資訊發個每一個人
第23行 uucp 新聞的大于crit大于這個級别的都會存放到
我給大家舉個例子:我安裝一個dhcp伺服器
安裝失敗,在這個時候我們就可以通過查找日志檔案來檢視哪裡安裝錯誤
這個時候它提示我們,你這裡多了一個“i:我們把這裡删除
日志檔案還有許多的強大功能我給大家列舉了一些:
the facility is one of the followingkeywords: auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security
(same as auth), syslog, user, uucp and local0 through local7. the keyword security should not be usedanymore and mark
is only for internal use and therefore should not be used inapplications. anyway, you may want tospecify and redi-
rect these messages here. the facility specifies the subsystem thatproduced the message, i.e. all mail programs log
with the mail facility (log_mail) if they log using syslog.
# store critical stuff incritical
#
*.=crit;kern.none /var/adm/critical
所有的除了核心相關的crit這個級别的都會寄到/var/adm/critical
this will store all messages with the priority crit in the file/var/adm/critical, except for any kernel message.
# kernel messages are first, storedin the kernel
# file, critical messages andhigher ones also go
# to another host and to theconsole
kern.* /var/adm/kernel
kern.crit @finlandia
kern.crit /dev/console
kern.info;kern.!err /var/adm/kernel-info
歎号是取反,也就是info到warning級别的會寄到
the first rule direct any message that has the kernel facility to thefile /var/adm/kernel.
the second statement directs all kernel messages of the priority critand higher to the remote host finlandia. this is
useful, because if the hostcrashes and the disks get irreparable errors you might not be able to read thestored mes-
sages. if they're on a remotehost, too, you still can try to find out the reason for the crash.
the third rule directs these messages to the actual console, so theperson who works on the machine will get them, too.
the fourth line tells the syslogdto save all kernel messages that come with priorities from info up to warningin the
file /var/adm/kernel-info. everything from err and higher is excluded.
# the tcp wrapper loggs withmail.info, we display
# all the connections on tty12
mail.=info /dev/tty12
this directs all messages that uses mail.info (in source log_mail |log_info) to /dev/tty12, the 12th console. for
example the tcpwrapper tcpd(8) uses this as it's default.
# store all mail concerning stuffin a file
mail.*;mail.!=info /var/adm/mail
this pattern matches all messages that come with the mail facility,except for the info priority. these willbe stored
in the file /var/adm/mail.
# log all mail.info and news.infomessages to info
mail,news.=info /var/adm/info
this will extract all messages that come either with mail.info or with news.info and store them in the file
/var/adm/info.