系统日志服务

2013年3月10日 星期日 晴

系统日志服务

一、查询系统日志服务是否安装

[root@desktop7 ~]# rpm -q sysklogd

sysklogd-1.4.1-46.el5

[root@desktop7 ~]#

二、启动与停止系统日志服务

[root@desktop7 ~]# service syslog status

syslogd (pid  2857) is running...

klogd (pid  2860) is running...

[root@desktop7 ~]#

[root@desktop7 ~]# chkconfig --list syslog

syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

[root@desktop7 ~]# chkconfig syslog off

[root@desktop7 ~]# chkconfig --list syslog

syslog          0:off   1:off   2:off   3:off   4:off   5:off   6:off

[root@desktop7 ~]# chkconfig syslog on

[root@desktop7 ~]# chkconfig --list syslog

syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off

[root@desktop7 ~]#

三、查询、编辑系统日志服务

1、全部信息

[root@desktop7 ~]# cat /etc/syslog.conf

# Log all kernel messages to the console.

# Logging much else clutters up the screen.

#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!

*.info;mail.none;authpriv.none;cron.none                /var/log/messages

# The authpriv file has restricted access.

authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

mail.*                                                  -/var/log/maillog

# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 *

# Save news errors of level crit and higher in a special file.

uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log

local7.*                                                /var/log/boot.log

[root@desktop7 ~]#

2、筛选有用信息

[root@desktop7 ~]# egrep -vn "^$|^#" /etc/syslog.conf

7:*.info;mail.none;authpriv.none;cron.none              /var/log/messages

10:authpriv.*                                           /var/log/secure

13:mail.*                                                       -/var/log/maillog

17:cron.*                                                       /var/log/cron

20:*.emerg                                                      *

23:uucp,news.crit                                               /var/log/spooler

26:local7.*                                             /var/log/boot.log

[root@desktop7 ~]#

3、编辑系统日志

[root@desktop7 ~]# vim /etc/syslog.conf

四、日志的格式

[root@desktop7 ~]# cat /var/log/boot.log

Mar  6 03:38:17 desktop7 NET[4256]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:38:39 desktop7 NET[4645]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:40:41 desktop7 NET[5020]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:41:03 desktop7 NET[5557]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:45:48 desktop7 NET[5867]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:46:09 desktop7 NET[6327]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:48:18 desktop7 NET[6710]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 03:48:42 desktop7 NET[7226]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 04:44:49 desktop7 NET[32357]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 04:45:12 desktop7 NET[457]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 05:53:22 desktop7 NET[4153]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 05:53:46 desktop7 NET[4615]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 06:00:31 desktop7 NET[4898]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 06:00:58 desktop7 NET[5447]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 06:01:31 desktop7 NET[5937]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 06:01:52 desktop7 NET[6453]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 07:13:21 desktop7 NET[7227]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  6 07:13:38 desktop7 NET[7744]: /sbin/dhclient-script : updated /etc/resolv.conf

Mar  8 05:03:56 desktop7 NET[13438]: /etc/sysconfig/network-scripts/ifup-post : updated /etc/resolv.conf

You have new mail in /var/spool/mail/root

五、集中式的日志服务

1、编辑

[root@desktop7 ~]# vim /etc/syslog.conf

*.*                                                     @fengzhao001

保存退出.

2、修改/etc/sysconfig/syslog中SYSLOGD_OPTIONS="-m 0"参数，后加入－r

[root@desktop7 ~]# vim /etc/sysconfig/syslog

# Options to syslogd

# -m 0 disables 'MARK' messages.

# -r enables logging from remote machines

# -x disables DNS lookups on messages recieved with -r

# See syslogd(8) for more details

SYSLOGD_OPTIONS="-m 0"  （加入－r，在引号内）

# Options to klogd

# -2 prints all kernel oops messages twice; once for klogd to decode, and

#    once for processing with 'ksymoops'

# -x disables all klogd processing of oops messages entirely

# See klogd(8) for more details

KLOGD_OPTIONS="-x"

#

SYSLOG_UMASK=077

# set this to a umask value to use for all log files as in umask(1).

# By default, all permissions are removed for "group" and "other".

~                                                                  

3、重新启动logclient与logserver服务

[root@desktop7 ~]# service syslog restart

Shutting down kernel logger:                               [  OK  ]

Shutting down system logger:                               [  OK  ]

Starting system logger:                                    [  OK  ]

Starting kernel logger:                                    [  OK  ]

[root@desktop7 ~]#