Windows system >> Linux system Tutorial >> Linux Tutorial

Do a good job in Linux log management

  

In order to ensure the normal operation of the Linux system and accurately solve various system problems encountered, it is a very important task for system administrators to carefully read the log files. This article will briefly explain what is a log file, where to find the log files, and how to handle them.

The Linux kernel consists of many subsystems, including network, file access, memory management, and more. The subsystem needs to send some messages to the user, including the source of the message and its importance. All subsystems send messages to a public message area that can be maintained, so there is a program called Syslog.

What is the use of the Syslog program?

System cores and many system programs generate error messages, warnings, and other information. This information is important, so they should be written to a file. The program that performs this process is Syslog, which can be set to sort information into different files based on the program or importance of the output information. For example, since the core information is more important and needs to be read regularly to determine where the problem is, separate the core information from the other information and direct it to a separate file.

Log files are usually stored in the “/var/log” directory. In order to view the contents of the log file, you must have the <;Root" permission. The information in the log file is important and only allows superusers access to these files.

Viewing the log file

The log file is actually a plain text file, and each line is a message. Any tool that can handle plain text under Linux can be used to view log files. The log files are always large, because the messages are accumulated in the log file since you first started Linux. A good way to look at the log file is to use a pagination display program like More or Less, or use Grep to find a specific message. We first use Less to display “/var/log/messages”, and we can see some messages taken from the log file. Each line represents a message and consists of a fixed format of four fields:

*Timestamp, which indicates the date and time the message was sent.

*Hostname, which is the name of the computer that generated the message. If there is only one computer, the hostname may not be necessary. However, if you use Syslog in a network environment, you might want to send messages from different hosts to a single server for centralized processing. In our example the hostname is lcdj.

*The name of the subsystem that generated the message. It can be "Kernel", indicating that the message comes from the kernel or the name of the process, indicating the name of the program that sent the message. In square brackets is the PID of the process.

*Message, the content of the message.



in

1, the first line is the message sent by Sendmail, Sendmail Daemon (Daemon) is responsible for managing and receive messages sent. This line is the message that the daemon is starting normally.

The second line is a message from Passwd reminding the user that the password for "Progs" was changed by "Root". Other news in the future is to report the operation of the system to the user.

Actually, the messages in the "/var/log/message" files are not particularly important or urgent.

One very interesting message is the "MARK" message, which by default generates a message every 20 minutes indicating that the system is still running. & ldquo; MARK & rdquo; message is very similar to the "heartbeat signal" (Heartbeat) often used to confirm whether the remote host is still running. Another use of the MARK” message is for post-mortem analysis, which helps system administrators determine when a system crash occurs.

Configuring Logs

Let's take a closer look at how the Syslog daemon works. This program runs in the background, gets new messages from the system, and sends the messages to the right place. Each subsystem issues a type of message when it issues a log message. A message can be divided into two parts: "device" and “priority”. "Device" indicates the subsystem that sent the message, "Priority" indicates the importance of the message, ranging from 0 (most important) to 7 (least important). Please see Figure 2.



Syslog Basic Configuration is very simple, and some configuration of advanced features require some experience. Let's take a look at the basic configuration, which is based on “device" Tasks can be customized by editing the file (usually “/etc/syslog.conf”). Lines beginning with the "#” number are comment lines. Other lines are also easy to understand. They are composed of two fields, "Selector" and "Action". “Selector”Use the corresponding "device" & "Priority" (all can use “*” wildcards to indicate "any" & rdquo;) to indicate the type of message. “Action” indicates what action to take once a new message matches the "selector"



in

3, you will find that & ldquo; priority & rdquo; equal & ldquo; Info & rdquo; and & ldquo; Notice & rdquo; messages, regardless of their & ldquo; device ”What is sent to the “/usr/adm/messages” file because the wildcard is used in the "selector”. The same "priority" message for "Debug" and "Err" is sent to the “/usr/adm/debug” and “/usr/adm/syslog” files.

After editing the &etcquo;/etc/syslog” file, you must also run “Killall -HUP Syslogd” so that the changes will not take effect. This command sends a "HUP" signal to the Syslog daemon, informing the daemon to re-read the configuration file.

Log files are very important for administrators. By managing log files, you can better maintain the system and ensure the normal operation of various applications.

Linux Tutorial
Windows system
CentOS/RHEL Minimize installation and install setup configuration tool

In RHEL/CentOS, it is very convenient to use the setup configuration tool to configure many key conf
Linux LAMP to build web application system

Description of Requirement compile and install MySQL, PHP , and Apache to work a. The process o
Four ways to configure ip address under linux (graphic)

                  (1) Ifconfig command The first type uses the ifconfig command to configure the ip

How to add/remove FTP users and set permissions in Linux?

 Add ftp user in linux, and set the corresponding permissions, the operation steps are as follows: 5
Unix/Linux System Automation Management: Data Backup and Synchronization

                  Data is the most important part of a Unix/Linux system, but backing up and synchro
MRTG monitors switch traffic

First, switch snmp configuration, the following is the configuration command of H3C 5500 series: snm
  • Linux system FAQ
  • Linux Tutorial
  • About Linux

    • Where is the screenshot of the cf game saved in win7?

    How to extend the display time of Win10 notification messages? How to extend the display time of Win10 notification message

    CentOS restarts Apache, VNC

    The latest support for running Win10 Mobile system device model list exposure (unofficial)

    Win10 latest version of Build 11097 exposure: mainly adjust the underlying architecture

    Win10 method of fixing the stopwatch application to the start menu

    Install win8 system in U disk

    Win8 perfect solution mandatory driver signature

    How to use the expr command in Linux system

    What if the Win8 app store does not connect to the Internet?

  • Windows XP System Tutorial
  • Windows 7 System Tutorial
  • Windows 8 System Tutorial
  • Windows 10 System Tutorial
  • Windows 2003 System Tutorial
  • Windows 2008 System Tutorial
  • Windows Vista System Tutorial
  • Windows tutorial synthesis
  • Windows Server System Tutorial
  • Linux system Tutorial
  • Computer software Tutorial
  • Windows NT Tutorial
    • Copyright © Windows knowledge All Rights Reserved