1.系统日志架构
/var/log/messages #大多数系统日志消息记录
/var/log/secure#记录安全和身份验证相关的消息和错误的
/var/log/maillog#邮件服务器消息日志
/var/log/cron#计划任务日志
/var/log/boot.log#系统启动日志dmesg
[root@dsrw ~]# ls /var/log
anaconda glusterfs spooler
audit hawkey.log spooler-20221218
boot.log hawkey.log-20221229 spooler-20221229
boot.log-20221215 httpd sssd
boot.log-20221218 insights-client swtpm
btmp lastlog tuned
chrony libvirt vmware-network.1.log
cron maillog vmware-network.2.log
cron-20221218 maillog-20221218 vmware-network.3.log
cron-20221229 maillog-20221229 vmware-network.4.log
cups messages vmware-network.5.log
dnf.librepo.log messages-20221218 vmware-network.6.log
dnf.librepo.log-20221218 messages-20221229 vmware-network.7.log
dnf.librepo.log-20221229 private vmware-network.8.log
dnf.log qemu-ga vmware-network.9.log
dnf.log-20221218 README vmware-network.log
dnf.log-20221229 rhsm vmware-vgauthsvc.log.0
dnf.rpm.log samba vmware-vmsvc.log
dnf.rpm.log-20221218 secure vmware-vmusr.log
dnf.rpm.log-20221229 secure-20221218 wtmp
firewalld secure-20221229 Xorg.9.log
gdm speech-dispatcher2.审核日志
[root@dsrw ~]# vim /etc/rsyslog.conf
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit 3.日志级别:
0:系统不可用,优先级emerg
1:必须立即采取措施,优先级alert
2:临界情况,优先级crit
3:严重错误情况,优先级err
4:警告情况,优先级warning
5:正常但重要的事件,优先级notice
6:信息性事件,优先级info
7:调试级别信息,优先级debug4.日志滚动
[root@dsrw ~]# vim /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# system-specific logs may be also be configured here.5.systemd日志功能
[root@dsrw ~]# journalctl -f
-- Logs begin at Sat 2022-12-17 10:59:02 CST. --
12月 29 13:05:31 dsrw.com dbus-daemon[918]: [system] Successfully activated service 'net.reactivated.Fprint'
12月 29 13:05:31 dsrw.com systemd[1]: Started Fingerprint Authentication Daemon.
12月 29 13:05:33 dsrw.com gdm-password][72304]: gkr-pam: unlocked login keyring
12月 29 13:05:33 dsrw.com NetworkManager[1026]: <info> [1672290333.4806] agent-manager: req[0x7f4f800070d0, :1.168/org.gnome.Shell.NetworkAgent/0]: agent registered6.保存系统日志
[root@dsrw ~]# journalctl | head -2
-- Logs begin at Sat 2022-12-17 10:59:02 CST, end at Thu 2022-12-29 13:14:02 CST. --
12月 17 10:59:02 dsrw.com kernel: Linux version 4.18.0-80.el8.x86_64 (mockbuild@x86-vm-08.build.eng.bos.redhat.com) (gcc version 8.2.1 20180905 (Red Hat 8.2.1-3) (GCC)) #1 SMP Wed Mar 13 12:02:46 UTC 2019
[root@dsrw ~]# mkdir /var/log/journal
[root@dsrw ~]# chown root:systemd-journal /var/log/journal
[root@dsrw ~]# chmod 2775 /var/log/journal
[root@dsrw ~]# killall -USR1 systemd-journald © 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
