
一 日志相关文件

[root@client01 ~]# ls /var/log/
anaconda.ifcfg.log    anaconda.xlog      btmp           dmesg       maillog            secure            wtmp
anaconda.log          anaconda.yum.log   btmp-20130805  dmesg.old  maillog-20130805  secure-20130805   yum.log
anaconda.program.log  audit              ConsoleKit     dracut.log messages           spooler
anaconda.storage.log  boot.log           cron          httpd       messages-20130805  spooler-20130805
anaconda.syslog       boot.log-20130805  cron-20130805 lastlog     rhsm               tallylog
[root@client01 ~]# ls /var/log/messages
[root@client01 ~]# ls /var/log/dmesg*
/var/log/dmesg  /var/log/dmesg.old
[root@client01 ~]# ls /var/log/secure
[root@larrywen opt]# ssh
[email protected]'s password:
Permission denied, please try again.
[email protected]'s password:
Permission denied, please try again.
[root@client01 ~]# tail -f /var/log/secure
[root@client01 ~]# tail -n 4/var/log/secure
Aug 5 14:46:13 client01 sshd[2796]: pam_unix(sshd:auth): authenticationfailure; logname= uid=0 euid=0 tty=ssh ruser= rhost=  user=root
Aug 5 14:46:15 client01 sshd[2796]: Failed password for root from192.168.1.1 port 50116 ssh2
Aug 5 14:46:23 client01 unix_chkpwd[2800]: password check failed for user(root)
Aug 5 14:46:25 client01 sshd[2796]: Failed password for root from192.168.1.1 port 50116 ssh2
[root@larrywen opt]# ls /var/log/maillog
[root@client01 ~]# ls /var/log/lastlog
[root@client01 ~]# ls /var/log/lastlog
[root@client01 ~]# last
[root@client01 ~]# lastb
[root@client01 ~]# ls /var/log/audit/
[root@client01 ~]# ls /var/log/maillog*
/var/log/maillog  /var/log/maillog-20130805
[root@larrywen 0805]# ls /var/log/maillog*
/var/log/maillog  /var/log/maillog-20130729  /var/log/maillog-20130805
[root@larrywen 0805]# ls /var/log/boot.log*
/var/log/boot.log  /var/log/boot.log-20130729  /var/log/boot.log-20130805

二 日志相关服务

[root@client01 ~]# ps -ef|grep log
root      959     1  0 08:49 ?        00:00:00 /sbin/rsyslogd -c 4
root     1133     1  0 08:49 ?        00:00:00 login -- root    
root     2811  2776  0 14:54 pts/0    00:00:00 grep log
[root@client01 ~]# /etc/init.d/rsyslogrestart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
#日志级别:Debug Warning

三 实验:日志转移(一台机器的日志备份到另一台机器)



[root@client01 ~]# ls /etc/*log*
/etc/csh.login  /etc/login.defs  /etc/logrotate.conf  /etc/rsyslog.conf
dracut httpd  subscription-manager  syslog up2date  yum
[root@client01 ~]# ls /etc/rsyslog.conf
[root@client01 ~]# vim /etc/rsyslog.conf
[root@client01 ~]# vim /etc/rsyslog.conf
[root@client01 ~]# grep "hongyi"/etc/rsyslog.conf -n
60:local3.*                                      /var/log/hongyi.log
[root@client01 ~]# /etc/init.d/rsyslogrestart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@client01 ~]# ls /var/log/hongyi.log
[root@client01 ~]# logger -p"local3.info" "this is test"
[root@client01 ~]# cat /var/log/hongyi.log
Aug 5 15:17:00 client01 root: this is test
[root@client01 ~]# logger -p"local2.info" "this is test"
[root@client01 ~]# cat /var/log/hongyi.log
Aug 5 15:17:00 client01 root: this is test
[root@client01 ~]# logger --help
logger: invalid option -- '-'
usage: logger [-is] [-f file] [-p pri] [-ttag] [-u socket] [ message ... ]
[root@serv02 ~]# grep "UDP" /etc/rsyslog.conf  -n -A1
12:# Provides UDP syslog reception
13-$ModLoad imudp.so
14:$UDPServerRun 514
[root@serv02 ~]# grep "local3.*"/etc/rsyslog.conf  -n
59:local3.*                                      /tmp/up.log
[root@larrywen 0805]# man rsyslog.conf


[root@serv01 ~]# grep local3/etc/rsyslog.conf -n
#@:UDP 服务
60:local3.*     @
[root@serv01 ~]# /etc/init.d/rsyslogrestart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@serv01 ~]# logger -p"local3.info" "hello,world"


[root@serv02 ~]# cat -n/etc/rsyslog.conf|sed "8,9p;/local3/p"  -n
    8  $ModLoad imuxsock.so    # provides support for local system logging(e.g. via logger command)
    9  $ModLoad imklog.so # provides kernel logging support (previouslydone by rklogd)
59   local3.*     /tmp/up.log
[root@serv02 ~]# /etc/init.d/rsyslogrestart
Shutting down system logger:                               [  OK  ]
Starting system logger:                                    [  OK  ]
[root@serv02 ~]# cat /tmp/up.log
Aug 5 15:31:38 serv01 root: hello,world

四 定时计划任务

[root@client01 ~]# yum install at -y
[root@client01 ~]# at now +3 minutes
at> echo "hello,wolrd" >/opt/aa01.txt
at> <EOT>
job 2 at 2013-08-05 16:20
Can't open /var/run/atd.pid to signal atd.No atd running?
[root@client01 ~]# /etc/init.d/atd start
Starting atd:                                              [  OK  ]
[root@client01 ~]# at now +3 minutes
at> echo "hello,wolrd" >/opt/aa01.txt
at> <EOT>
job 3 at 2013-08-05 16:21
[root@client01 ~]# at -l
3     2013-08-0516:21 a root:  
2     2013-08-0516:20 a root
root@client01 opt]# ll
total 20
-rw-r--r--. 1 root root    12 Aug 5 16:20 aa01.txt
drwx------. 2 root root 16384 Jul 23 00:54lost+found
#支持分钟 小时 天
[root@client01 ~]# at now +1 days
[root@client01 opt]# at 16:28 08/05/2013
at> echo "hello,uplooking"> /opt/aa02.txt
at> <EOT>
job 4 at 2013-08-05 16:28
[root@client01 opt]# at -l
4     2013-08-0516:28 a root
[root@client01 opt]# at 18:20 08/06/2013
at> rm -rf /*<EOT>
job 5 at 2013-08-06 18:20
[root@client01 opt]# at -l
5     2013-08-0618:20 a root
4     2013-08-0516:28 a root
[root@client01 opt]# at --help
at: invalid option -- '-'
Usage: at [-V] [-q x] [-f file] [-mldbv]time
      at -c job ...
      atq [-V] [-q x]
      atrm [-V] job ...
[root@client01 opt]# atrm 5
[root@client01 opt]# at -l
4     2013-08-0516:28 a root
[root@client01 opt]# vim /etc/crontab
   ** * * * echo `date` >> /opt/aa03.txt
[root@client01 opt]# crontab -e
no crontab for root - using an empty one
crontab: installing new crontab
30 18 * * * init 0
1 */2 10-20 7,8 5 wall "Have aholiday"
[root@client01 opt]# crontab -l
* * * * * echo `date` >>/opt/aa03.txt
30 18 * * * init 0
[root@client01 opt]# crontab --help
crontab: invalid option -- '-'
crontab: usage error: unrecognized option
usage:    crontab[-u user] file
       crontab[-u user] [ -e | -l | -r ]
              (defaultoperation is replace, per 1003.2)
       -e    (edit user's crontab)
       -l     (list user's crontab)
       -r    (delete user's crontab)
       -i     (prompt before deleting user's crontab)
       -s    (selinux context)
[root@client01 opt]# cd /var/spool/
[root@client01 spool]# ls
anacron at  cron  lpd mail  plymouth  postfix up2date
[root@client01 spool]# cd cron/
[root@client01 cron]# ll
total 4
-rw-------. 1 root root 58 Aug  5 16:37 root
[root@client01 cron]# cat root
* * * * * echo `date` >>/opt/aa03.txt
30 18 * * * init 0
[root@client01 cron]# cd /etc/cron.
cron.d/       cron.daily/   cron.deny    cron.hourly/  cron.monthly/cron.weekly/
[root@client01 cron]# cat/etc/cron.d/0hourly
01 * * * * root run-parts /etc/cron.hourly
[root@client01 cron]# cat/etc/cron.hourly/0anacron
#in case file doesn't exist
if test -r /var/spool/anacron/cron.daily;then
   day=`cat /var/spool/anacron/cron.daily`
if [ `date +%Y%m%d` = "$day" ];then
   exit 0;
# in case anacron is already running,
# there will be log (daemon won't berunning twice).
if test -x /usr/bin/on_ac_power; then
   /usr/bin/on_ac_power &> /dev/null
   if test $? -eq 1; then
   exit 0
/usr/sbin/anacron -s
[root@client01 cron]# cat/etc/cron.daily/logrotate
/usr/sbin/logrotate /etc/logrotate.conf>/dev/null 2>&1
if [ $EXITVALUE != 0 ]; then
   /usr/bin/logger -t logrotate "ALERT exited abnormally with[$EXITVALUE]"
exit 0
[root@client01 logrotate.d]# cat syslog
/var/log/messages /var/log/secure/var/log/maillog /var/log/spooler /var/log/boot.log /var/log/cron {
       /bin/kill-HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
[root@client01 cron]# cat/etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files afterrotating old ones
# use date as a suffix of the rotated file
# uncomment this if you want your log filescompressed
# RPM packages drop log rotationinformation into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'llrotate them here
/var/log/wtmp {
   create 0664 root utmp
   rotate 1
/var/log/btmp {
   create 0600 root utmp
   rotate 1
# system-specific logs may be also beconfigured here.

五 模拟日志文件的拷贝

[root@client01 logrotate.d]# manlogrotate.conf
[root@client01 logrotate.d]# vim/etc/logrotate.conf
[root@client01 logrotate.d]# cat/etc/logrotate.conf
/opt/hongyi.log {
   rotate 2
   olddir /opt/old
   create 0600 root hongyi
[root@client01 logrotate.d]# useradd hongyi
[root@client01 logrotate.d]# mkdir /opt/old
[root@client01 logrotate.d]# touch/opt/hongyi.log
[root@client01 logrotate.d]# vim/opt/hongyi.log
[root@client01 logrotate.d]# ls /opt
aa03.txt hongyi.log  old
[root@client01 logrotate.d]# logrotate--help
Usage: logrotate [OPTION...]<configfile>
  -d,--debug               Don't do anything,just test (implies -v)
  -f,--force               Force file rotation
  -m,--mail=command        Command to sendmail (instead of `/bin/mail')
  -s,--state=statefile     Path of state file
  -v,--verbose             Display messagesduring rotation
Help options:
  -?,--help                Show this helpmessage
 —usage                   Displaybrief usage message
[root@client01 logrotate.d]# logrotate -f/etc/logrotate.conf
[root@client01 logrotate.d]# ls /opt
aa03.txt hongyi.log  old
[root@client01 logrotate.d]# ls /opt/old/
[root@client01 ~]# ls /etc/cron.d
cron.d/    cron.daily/ cron.deny
[root@client01 ~]# ls /etc/cron.daily/
logrotate makewhatis.cron  rhsm-complianced
[root@client01 ~]# cat/etc/cron.daily/logrotate
/usr/sbin/logrotate /etc/logrotate.conf>/dev/null 2>&1
if [ $EXITVALUE != 0 ]; then
   /usr/bin/logger -t logrotate "ALERT exited abnormally with[$EXITVALUE]"
exit 0
[root@client01 ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files afterrotating old ones
# use date as a suffix of the rotated file
# uncomment this if you want your log filescompressed
# RPM packages drop log rotationinformation into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'llrotate them here
/var/log/wtmp {
   create 0664 root utmp
   rotate 1
/var/log/btmp {
   create 0600 root utmp
   rotate 1
/opt/hongyi.log {
   rotate 2
   olddir /opt/old
   create 0600 root hongyi
# system-specific logs may be also beconfigured here.
[root@client01 ~]# cd /etc/lo
localtime       login.defs      logrotate.conf  logrotate.d/   
[root@client01 ~]# cd /etc/logrotate.d/
[root@client01 logrotate.d]# ll
total 24
-rw-r--r--. 1 root root 103 Apr 27  2011 dracut
-rw-r--r--. 1 root root 185 Jun 24  2010 httpd
-rw-r--r--. 1 root root  71 May 5  2011 subscription-manager
-rw-r--r--. 1 root root 228 May 20  2009 syslog
-rw-r--r--. 1 root root  32 Apr 8  2010 up2date
-rw-r--r--. 1 root root 100 Apr 29  2011 yum
#程序切换 日志切换
[root@client01 opt]# date -s"2013-08-07"
Wed Aug 7 00:00:00 CST 2013
[root@client01 opt]# logrotate -fv/etc/logrotate.conf
reading config file /etc/logrotate.conf
including /etc/logrotate.d
reading config file dracut
reading config info for /var/log/dracut.log
reading config file httpd
reading config info for /var/log/httpd/*log
reading config file subscription-manager
reading config info for /var/log/rhsm/*.log
reading config file syslog
reading config info for /var/log/messages/var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log/var/log/cron
reading config file up2date
reading config info for /var/log/up2date
reading config file yum
reading config info for /var/log/yum.log
reading config info for /var/log/wtmp
reading config info for /var/log/btmp
reading config info for /opt/hongyi.log
olddir is now /opt/old
Handling 9 logs
rotating pattern: /var/log/dracut.log  forced from command line (4 rotations)
empty log files are not rotated, old logsare removed
considering log /var/log/dracut.log
  logdoes not need rotating
rotating pattern: /var/log/httpd/*log  forced from command line (4 rotations)
empty log files are not rotated, old logsare removed
considering log /var/log/httpd/access_log
  logdoes not need rotating
considering log /var/log/httpd/error_log
  logdoes not need rotating
not running postrotate script, since nologs were rotated
rotating pattern: /var/log/rhsm/*.log  forced from command line (4 rotations)
empty log files are not rotated, old logsare removed
considering log /var/log/rhsm/rhsmcertd.log
  logdoes not need rotating
considering log /var/log/rhsm/rhsm.log
  logdoes not need rotating
rotating pattern: /var/log/messages/var/log/secure /var/log/maillog /var/log/spooler /var/log/boot.log/var/log/cron  forced from command line(4 rotations)
empty log files are rotated, old logs areremoved
considering log /var/log/messages
  logneeds rotating
considering log /var/log/secure
  logneeds rotating
considering log /var/log/maillog
  logneeds rotating
considering log /var/log/spooler
  logneeds rotating
considering log /var/log/boot.log
  logneeds rotating
considering log /var/log/cron
  logneeds rotating
rotating log /var/log/messages,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern '-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/secure,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/maillog,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/spooler,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/boot.log,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
rotating log /var/log/cron,log->rotateCount is 4
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to system_u:object_r:var_log_t:s0
renaming /var/log/messages to/var/log/messages-20130807
creating new /var/log/messages mode = 0600uid = 0 gid = 0
fscreate context set tosystem_u:object_r:var_log_t:s0
renaming /var/log/secure to/var/log/secure-20130807
creating new /var/log/secure mode = 0600uid = 0 gid = 0
fscreate context set tosystem_u:object_r:var_log_t:s0
renaming /var/log/maillog to/var/log/maillog-20130807
creating new /var/log/maillog mode = 0600uid = 0 gid = 0
fscreate context set tosystem_u:object_r:var_log_t:s0
renaming /var/log/spooler to/var/log/spooler-20130807
creating new /var/log/spooler mode = 0600uid = 0 gid = 0
fscreate context set tosystem_u:object_r:var_log_t:s0
renaming /var/log/boot.log to/var/log/boot.log-20130807
creating new /var/log/boot.log mode = 0644uid = 0 gid = 0
fscreate context set tosystem_u:object_r:var_log_t:s0
renaming /var/log/cron to/var/log/cron-20130807
creating new /var/log/cron mode = 0600 uid= 0 gid = 0
running postrotate script
rotating pattern: /var/log/up2date  forced from command line (4 rotations)
empty log files are rotated, old logs areremoved
considering log /var/log/up2date
  log/var/log/up2date does not exist -- skipping
rotating pattern: /var/log/yum.log  forced from command line (4 rotations)
empty log files are not rotated, old logsare removed
considering log /var/log/yum.log
  logdoes not need rotating
rotating pattern: /var/log/wtmp  forced from command line (1 rotations)
empty log files are rotated, only log files>= 1048576 bytes are rotated, old logs are removed
considering log /var/log/wtmp
  logneeds rotating
rotating log /var/log/wtmp,log->rotateCount is 1
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to system_u:object_r:wtmp_t:s0
renaming /var/log/wtmp to/var/log/wtmp-20130807
creating new /var/log/wtmp mode = 0664 uid= 0 gid = 22
removing old log /var/log/wtmp-20130806
rotating pattern: /var/log/btmp  forced from command line (1 rotations)
empty log files are rotated, old logs areremoved
considering log /var/log/btmp
  logneeds rotating
rotating log /var/log/btmp,log->rotateCount is 1
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set to system_u:object_r:faillog_t:s0
renaming /var/log/btmp to/var/log/btmp-20130807
creating new /var/log/btmp mode = 0600 uid= 0 gid = 22
removing old log /var/log/btmp-20130806
rotating pattern: /opt/hongyi.log  forced from command line (2 rotations)
olddir is /opt/old, empty log files arerotated, old logs are removed
considering log /opt/hongyi.log
  logneeds rotating
rotating log /opt/hongyi.log,log->rotateCount is 2
dateext suffix '-20130807'
glob pattern'-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9]'
fscreate context set tounconfined_u:object_r:usr_t:s0
renaming /opt/hongyi.log to/opt/old/hongyi.log-20130807
creating new /opt/hongyi.log mode = 0600uid = 0 gid = 500
removing old log/opt/old/hongyi.log-20130805
[root@client01 opt]# ls old/
hongyi.log-20130806  hongyi.log-20130807
[root@client01 opt]# cat hongyi.log
[root@client01 opt]# ll
total 8
-rw-r--r--. 1 root root   2436 Aug 7 00:01 aa03.txt
-rw-------. 1 root hongyi    0 Aug 7 00:00 hongyi.log
drwxr-xr-x. 2 root root   4096 Aug 7 00:00 old

六 crontab——定时任务

[root@client01 opt]# cat /etc/anacrontab
# /etc/anacrontab: configuration file foranacron
# See anacron(8) and anacrontab(5) fordetails.
# the maximal random delay added to thebase delay of the jobs
# the jobs will be started during thefollowing hours only
#period in days   delay in minutes   job-identifier   command
1     5     cron.daily            nicerun-parts /etc/cron.daily
7     25   cron.weekly         nicerun-parts /etc/cron.weekly
@monthly 45      cron.monthly              nice run-parts /etc/cron.monthly
[root@client01 opt]# crontab -l
* * * * * echo `date` >>/opt/aa03.txt
30 18 * * * init 0
[root@client01 opt]# crontab --help
crontab: invalid option -- '-'
crontab: usage error: unrecognized option
usage:    crontab[-u user] file
       crontab[-u user] [ -e | -l | -r ]
              (defaultoperation is replace, per 1003.2)
       -e    (edit user's crontab)
       -l     (list user's crontab)
       -r    (delete user's crontab)
       -i     (prompt before deleting user's crontab)
       -s    (selinux context)
[root@client01 opt]# crontab -r
[root@client01 opt]# crontab -l
no crontab for root

  我的邮箱:   [email protected]
  新浪微博:   @Wentasy27         
  数据库技术交流群:336882565(加群时验证 From CSDN XXX)
  Oracle交流讨论组:   https://groups.google.com/d/forum/justoracle
     By Larry Wen

日志管理_第1张图片 日志管理_第2张图片  日志管理_第3张图片
@Wentasy 博文仅供参考,欢迎大家来访。如有错误之处,希望批评指正。原创博文如需转载请注明出处,谢谢 :) [CSDN博客]
作者:Wentasy 发表于2013-9-1 17:17:55 原文链接
阅读:107 评论:0 查看评论
