Linux日志查看简介

1、Linux系统的所有日志文件都保存在/var/log目录下:

[root@root network-scripts]# cd /var/log
[root@root log]# ls
anaconda.ifcfg.log    cron-20190821     messages-20190821  spooler               vmware-network.6.log
anaconda.log          cron-20190903     messages-20190903  spooler-20190821      vmware-network.7.log
anaconda.program.log  cups              ntpstats           spooler-20190903      vmware-network.8.log
anaconda.storage.log  dmesg             pm-powersave.log   squid                 vmware-network.9.log
anaconda.syslog       dmesg.old         ppp                sssd                  vmware-network.log
anaconda.xlog         dracut.log        prelink            tallylog              vmware-vgauthsvc.log.0
anaconda.yum.log      gdm               rhsm               vmware-caf            vmware-vmsvc.log
audit                 httpd             sa                 vmware-install.log    vmware-vmusr.log
boot.log              lastlog           samba              vmware-network.1.log  wpa_supplicant.log
btmp                  maillog           secure             vmware-network.2.log  wtmp
btmp-20190903         maillog-20190821  secure-20190821    vmware-network.3.log  Xorg.0.log
ConsoleKit            maillog-20190903  secure-20190903    vmware-network.4.log  Xorg.0.log.old
cron                  messages          spice-vdagent.log  vmware-network.5.log  Xorg.9.log

2、常用日志文件位置

  • /var/log/message   系统启动后的信息和错误日志,是Red Hat Linux中最常用的日志之一
  • /var/log/secure   与安全相关的日志信息
  • /var/log/maillog   与邮件相关的日志信息
  • /var/log/cron   与定时任务相关的日志信息
  • /var/log/spooler   与UUCP和news设备相关的日志信息
  • /var/log/boot.log   守护进程启动和停止相关的日志消息

3、日志文件查看命令:

  • cat   显示整个文本;
  • head   从文件的头部开始查看,head命令一般用于查看一个文本文件的开头部分;
  • tail   tail命令默认在屏幕上显示指定文件的末尾10行;
tail -n 20 filename                  #显示filename最后20 行
tail -r -n 10 filename               #逆序显示filename最后10行

last 用于显示近期用户或终端的登录情况

4、查看最近的历史命令记录:history

命令:history n(命令条数)——> 查看最近的第n条命令

[root@root log]# history 10
  147  ls | grep p
  148  ls | grep name
  149  tail -n 20 filename
  150  tail -n 20 httpd
  151  ls
  152  tail -n 20 secure
  153  head secure
  154  cat secure
  155  last secure
  156  history 10

5、查看系统日志信息:

命令:[root@root log]# cat messages | more
#more参数使文件可以翻页查看

[root@root 桌面]# cd /var/log
[root@root log]# sudo cat messages | more
Sep  3 13:50:38 root rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2267" x-info="http://www.rsyslog
.com"] rsyslogd was HUPed
Sep  3 13:50:38 root rhsmd: In order for Subscription Manager to provide your system with updates, your system must b
e registered with the Customer Portal. Please enter your Red Hat login to ensure your system is up-to-date.
Sep  3 13:52:38 root ntpd_intres[2823]: host name not found: 0.rhel.pool.ntp.org
Sep  3 13:52:38 root ntpd_intres[2823]: host name not found: 1.rhel.pool.ntp.org
Sep  3 13:52:38 root ntpd_intres[2823]: host name not found: 2.rhel.pool.ntp.org
Sep  3 13:52:38 root ntpd_intres[2823]: host name not found: 3.rhel.pool.ntp.org
... ...

6、who命令

who命令查询所有以前的记录。命令who /var/log/wtmp将报告自从wtmp文件创建或删除以来的每一次登录。

[root@root log]# who wtmp
root     tty1         2019-06-22 19:30 (:0)
root     pts/0        2019-06-22 19:36 (:0.0)
root     pts/0        2019-06-22 19:40 (:0.0)
root     tty1         2019-06-22 19:42 (:0)
root     tty1         2019-08-07 17:53 (:0)
root     pts/0        2019-08-07 17:53 (:0.0)
root     pts/1        2019-08-07 23:13 (:0.0)
root     tty1         2019-08-07 23:17 (:0)
root     pts/0        2019-08-07 23:17 (:0.0)
root     tty1         2019-08-21 01:49 (:0)
root     pts/0        2019-08-21 01:50 (:0.0)
root     pts/1        2019-09-02 17:19 (:0.0)
root     tty1         2019-09-03 14:52 (:0)
root     pts/0        2019-09-03 14:52 (:0.0)
root     pts/1        2019-09-03 16:25 (:0.0)
root     pts/2        2019-09-03 16:25 (:0.0)
root     tty1         2019-09-03 16:28 (:0)
root     pts/0        2019-09-03 16:28 (:0.0)
[root@root log]# 

你可能感兴趣的:(Linux日志查看简介)