Linux系统日志

核心系统日志文件

/var/log/messages

包含系统启动时的引导盘,以及系统运行时其他状态、I/O错误、网络错误等;
该文件较大时,会被系统切割成几份;
日志切割配置文件为/etc/logrotate.conf(不要修改)

dmesg命令

它可以显示系统的启动信息,一般查看硬件问题;

dmesg | head -n5

[root@shu-test ~]# dmesg | head -n5
[    0.000000] Initializing cgroup subsys cpuset
[    0.000000] Initializing cgroup subsys cpu
[    0.000000] Initializing cgroup subsys cpuacct
[    0.000000] Linux version 3.10.0-693.el7.x86_64 ([email protected]) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Tue Aug 22 21:09:27 UTC 2017
[    0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-693.el7.x86_64 root=UUID=74ffca85-fbd2-4e59-954a-883c0e1b296a ro crashkernel=auto rhgb quiet LANG=zh_CN.UTF-8
[root@shu-test ~]#

清空命令


dmesg -c

系统启动日志


/var/log/dmesg

查看正常登录日志

last命令

主要调用文件/var/log/wtmp

[root@shu-test ~]# last |head
user     pts/1        192.168.188.3    Thu Feb  1 01:01 - 01:01  (00:00)    
root     pts/1        192.168.188.3    Wed Jan 31 22:41 - 22:42  (00:00)    
root     pts/0        192.168.188.1    Wed Jan 31 22:15   still logged in   
reboot   system boot  3.10.0-693.el7.x Wed Jan 31 22:15 - 02:06  (03:51)    
root     pts/0        192.168.188.1    Wed Jan 31 21:58 - down   (00:16)    
reboot   system boot  3.10.0-693.el7.x Wed Jan 31 21:57 - 22:14  (00:17)    
root     pts/0        192.168.188.1    Tue Jan 30 19:21 - down   (03:03)    
reboot   system boot  3.10.0-693.el7.x Tue Jan 30 19:03 - 22:25  (03:22)    
root     pts/0        192.168.188.1    Mon Jan 29 14:48 - crash (1+04:15)   
reboot   system boot  3.10.0-693.el7.x Mon Jan 29 14:47 - 22:25 (1+07:37)   
[root@shu-test ~]#

查看登录失败的日志

lastb命令

主要调用的文件/var/log/btmp

[root@shu-test ~]# lastb
user     ssh:notty    192.168.188.3    Thu Feb  1 02:10 - 02:10  (00:00)    
btmp begins Thu Feb  1 02:10:06 2018
[root@shu-test ~]#

安全日志

/var/log/secure
无论登录是否成功都会把他记录到日志中;


[root@shu-test ~]# head -n5 /var/log/secure
Jan 30 21:25:38 shu-test polkitd[520]: Registered Authentication Agent for unix-process:3868:852626 (system bus name :1.59 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
Jan 30 21:25:38 shu-test polkitd[520]: Unregistered Authentication Agent for unix-process:3868:852626 (system bus name :1.59, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
Jan 30 21:33:11 shu-test polkitd[520]: Registered Authentication Agent for unix-process:4296:897879 (system bus name :1.62 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
Jan 30 21:33:11 shu-test polkitd[520]: Unregistered Authentication Agent for unix-process:4296:897879 (system bus name :1.62, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) (disconnected from bus)
Jan 30 21:33:44 shu-test polkitd[520]: Registered Authentication Agent for unix-process:4317:901212 (system bus name :1.63 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8)
[root@shu-test ~]#