xen 虚拟机起机日志记录

DHCP 日志

Jul 15 04:11:47 vm45 syslogd 1.4.1: restart.
Jul 15 07:24:30 vm45 dhclient: DHCPREQUEST on eth0 to 172.200.1.10 port 67 (xid=0x1154249a)
Jul 15 07:24:30 vm45 dhclient: DHCPACK from 172.200.1.10 (xid=0x1154249a)
Jul 15 07:24:30 vm45 dhclient: bound to 172.200.1.42 -- renewal in 113286 seconds.
Jul 16 14:52:36 vm45 dhclient: DHCPREQUEST on eth0 to 172.200.1.10 port 67 (xid=0x1154249a)
Jul 16 14:52:36 vm45 dhclient: DHCPACK from 172.200.1.10 (xid=0x1154249a)
Jul 16 14:52:37 vm45 dhclient: bound to 172.200.1.42 -- renewal in 104563 seconds.
Jul 17 19:55:20 vm45 dhclient: DHCPREQUEST on eth0 to 172.200.1.10 port 67 (xid=0x1154249a)
Jul 17 19:55:20 vm45 dhclient: DHCPACK from 172.200.1.10 (xid=0x1154249a)
Jul 17 19:55:20 vm45 dhclient: bound to 172.200.1.42 -- renewal in 103174 seconds.

VM异常连接日志
Jul 19 00:34:54 vm45 dhclient: DHCPREQUEST on eth0 to 172.200.1.10 port 67 (xid=0x1154249a)
Jul 19 00:34:54 vm45 dhclient: DHCPACK from 172.200.1.10 (xid=0x1154249a)
Jul 19 00:34:54 vm45 dhclient: bound to 172.200.1.42 -- renewal in 109997 seconds.

Jul 19 20:33:06 vm45 kernel: possible SYN flooding on port 80. Sending cookies.
Jul 19 20:33:47 vm45 syslogd 1.4.1: restart。

系统不断的重启中（并发连接太大导致）

Jul 23 11:38:09 localhost syslogd 1.4.1: restart.
Jul 23 11:38:10 localhost kernel: klogd 1.4.1, log source = /proc/kmsg started.
Jul 23 11:38:10 localhost kernel: Bootdata ok (command line is ro root=/dev/sda1 console=xvc0)
Jul 23 11:38:10 localhost kernel: Linux version 2.6.18-308.11.1.el5xen (mockbuild@builder10.centos.org) (gcc version 4.1.2 20080704 (Red Hat 4.1.2-52)) #1 SMP Tue Jul 10 09:29:47 EDT 2012
Jul 23 11:38:10 localhost kernel: BIOS-provided physical RAM map:
Jul 23 11:38:10 localhost kernel:  Xen: 0000000000000000 - 0000000200800000 (usable)
Jul 23 11:38:10 localhost kernel: No mptable found.
Jul 23 11:38:10 localhost kernel: Built 1 zonelists.  Total pages: 2068727
Jul 23 11:38:10 localhost kernel: Kernel command line: ro root=/dev/sda1 console=xvc0
Jul 23 11:38:10 localhost kernel: Initializing CPU#0
Jul 23 11:38:10 localhost kernel: PID hash table entries: 4096 (order: 12, 32768 bytes)
Jul 23 11:38:10 localhost kernel: Xen reported: 2659.982 MHz processor.
Jul 23 11:38:10 localhost kernel: Console: colour dummy device 80x25
Jul 23 11:38:10 localhost kernel: Dentry cache hash table entries: 1048576 (order: 11, 8388608 bytes)
Jul 23 11:38:10 localhost kernel: Inode-cache hash table entries: 524288 (order: 10, 4194304 bytes)
Jul 23 11:38:10 localhost kernel: Software IO TLB disabled
Jul 23 11:38:10 localhost kernel: Memory: 350456k/8396800k available (2546k kernel code, 173496k reserved, 1761k data, 196k init)    从vm中查询到物理机的一些信息
Jul 23 11:38:10 localhost kernel: Calibrating delay using timer specific routine.. 6654.13 BogoMIPS (lpj=13308260)
Jul 23 11:38:10 localhost kernel: Security Framework v1.0.0 initialized
Jul 23 11:38:10 localhost kernel: SELinux:  Initializing.
Jul 23 11:38:10 localhost kernel: selinux_register_security:  Registering secondary module capability
Jul 23 11:38:10 localhost kernel: Capability LSM initialized as secondary
Jul 23 11:38:10 localhost kernel: Mount-cache hash table entries: 256
Jul 23 11:38:10 localhost kernel: CPU: L1 I cache: 32K, L1 D cache: 32K   cpu信息
Jul 23 11:38:10 localhost kernel: CPU: L2 cache: 256K
Jul 23 11:38:10 localhost kernel: CPU: L3 cache: 8192K
Jul 23 11:38:10 localhost kernel: CPU: Physical Processor ID: 0
Jul 23 11:38:10 localhost kernel: CPU: Processor Core ID: 2                      vm共有两个核
Jul 23 11:38:11 localhost kernel: (SMP-)alternatives turned off
Jul 23 11:38:11 localhost kernel: Brought up 1 CPUs
Jul 23 11:38:11 localhost kernel: checking if p_w_picpath is initramfs... it is
Jul 23 11:38:11 localhost kernel: Grant table initialized
Jul 23 11:38:11 localhost kernel: NET: Registered protocol family 16
Jul 23 11:38:11 localhost kernel: Initializing CPU#1
Jul 23 11:38:12 localhost kernel: migration_cost=31
Jul 23 11:38:12 localhost kernel: Brought up 2 CPUs
Jul 23 11:38:12 localhost kernel: PCI: setting up Xen PCI frontend stub
Jul 23 11:38:12 localhost kernel: ACPI: Interpreter disabled.
Jul 23 11:38:12 localhost kernel: Linux Plug and Play Support v0.97 (c) Adam Belay
Jul 23 11:38:12 localhost kernel: pnp: PnP ACPI: disabled
Jul 23 11:38:12 localhost kernel: xen_mem: Initialising balloon driver.
Jul 23 11:38:12 localhost kernel: usbcore: registered new driver usbfs
Jul 23 11:38:12 localhost kernel: usbcore: registered new driver hub
Jul 23 11:38:12 localhost kernel: PCI: System does not support PCI
Jul 23 11:38:12 localhost kernel: PCI: System does not support PCI
Jul 23 11:38:12 localhost kernel: NetLabel: Initializing
Jul 23 11:38:12 localhost kernel: NetLabel:  domain hash size = 128
Jul 23 11:38:12 localhost kernel: NetLabel:  protocols = UNLABELED CIPSOv4
Jul 23 11:38:12 localhost kernel: NetLabel:  unlabeled traffic allowed by default
Jul 23 11:38:12 localhost kernel: NET: Registered protocol family 2
Jul 23 11:38:12 localhost kernel: IP route cache hash table entries: 262144 (order: 9, 2097152 bytes)
Jul 23 11:38:12 localhost kernel: TCP established hash table entries: 262144 (order: 10, 4194304 bytes)
Jul 23 11:38:13 localhost kernel: TCP bind hash table entries: 65536 (order: 8, 1048576 bytes)
Jul 23 11:38:13 localhost kernel: TCP: Hash tables configured (established 262144 bind 65536)
Jul 23 11:38:13 localhost kernel: TCP reno registered
Jul 23 11:38:13 localhost kernel: audit: initializing netlink socket (disabled)
Jul 23 11:38:13 localhost kernel: type=2000 audit(1343014649.098:1): initialized
Jul 23 11:38:13 localhost kernel: VFS: Disk quotas dquot_6.5.1
Jul 23 11:38:13 localhost kernel: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
Jul 23 11:38:13 localhost kernel: Initializing Cryptographic API
Jul 23 11:38:13 localhost kernel: alg: No test for crc32c (crc32c-generic)
Jul 23 11:38:13 localhost kernel: ksign: Installing public key data
Jul 23 11:38:13 localhost kernel: Loading keyring
Jul 23 11:38:13 localhost kernel: - Added public key 2C55A77E36834D62
Jul 23 11:38:13 localhost kernel: - User ID: CentOS (Kernel Module GPG key)
Jul 23 11:38:13 localhost kernel: io scheduler noop registered
Jul 23 11:38:13 localhost kernel: io scheduler anticipatory registered
Jul 23 11:38:13 localhost kernel: io scheduler deadline registered
Jul 23 11:38:13 localhost kernel: io scheduler cfq registered (default)
Jul 23 11:38:13 localhost kernel: pci_hotplug: PCI Hot Plug PCI Core version: 0.5
Jul 23 11:38:14 localhost kernel: rtc: IRQ 8 is not free.
Jul 23 11:38:14 localhost kernel: Non-volatile memory driver v1.2
Jul 23 11:38:14 localhost kernel: Linux agpgart interface v0.101 (c) Dave Jones
Jul 23 11:38:14 localhost kernel: brd: module loaded
Jul 23 11:38:14 localhost kernel: Xen virtual console successfully installed as xvc0
Jul 23 11:38:14 localhost kernel: Event-channel device installed.
Jul 23 11:38:14 localhost kernel: Uniform Multi-Platform E-IDE driver Revision: 7.00alpha2
Jul 23 11:38:14 localhost kernel: ide: Assuming 50MHz system bus speed for PIO modes; override with idebus=xx
Jul 23 11:38:14 localhost kernel: ide-floppy driver 0.99.newide
Jul 23 11:38:14 localhost kernel: usbcore: registered new driver hiddev
Jul 23 11:38:14 localhost kernel: usbcore: registered new driver usbhid
Jul 23 11:38:14 localhost kernel: drivers/usb/input/hid-core.c: v2.6:USB HID core driver
Jul 23 11:38:14 localhost kernel: PNP: No PS/2 controller found. Probing ports directly.
Jul 23 11:38:14 localhost kernel: i8042.c: No controller found.
Jul 23 11:38:14 localhost kernel: mice: PS/2 mouse device common for all mice
Jul 23 11:38:14 localhost kernel: md: md driver 0.90.3 MAX_MD_DEVS=256, MD_SB_DISKS=27
Jul 23 11:38:14 localhost kernel: md: bitmap version 4.39
Jul 23 11:38:14 localhost kernel: TCP bic registered
Jul 23 11:38:14 localhost kernel: Initializing IPsec netlink socket
Jul 23 11:38:14 localhost kernel: NET: Registered protocol family 1
Jul 23 11:38:14 localhost kernel: NET: Registered protocol family 17
Jul 23 11:38:14 localhost kernel: XENBUS: Device with no driver: device/vbd/2048     

                                                    一些信息总是可以反映用的是物理机还是虚拟机，还是vps。
Jul 23 11:38:14 localhost kernel: XENBUS: Device with no driver: device/vbd/2064
Jul 23 11:38:14 localhost kernel: XENBUS: Device with no driver: device/vif/0
Jul 23 11:38:14 localhost kernel: XENBUS: Device with no driver: device/console/0
Jul 23 11:38:14 localhost kernel: Initalizing network drop monitor service
Jul 23 11:38:14 localhost kernel: Write protecting the kernel read-only data: 504k
Jul 23 11:38:14 localhost kernel: USB Universal Host Controller Interface driver v3.0
Jul 23 11:38:14 localhost kernel: Registering block device major 8
Jul 23 11:38:15 localhost kernel:  sda: sda1 sda2
Jul 23 11:38:15 localhost kernel:  sdb: sdb1
Jul 23 11:38:15 localhost kernel: device-mapper: uevent: version 1.0.3
Jul 23 11:38:15 localhost kernel: device-mapper: ioctl: 4.11.6-ioctl (2011-02-18) initialised: dm-devel@redhat.com
Jul 23 11:38:15 localhost kernel: device-mapper: dm-raid45: initialized v0.2594l
Jul 23 11:38:15 localhost kernel: EXT3-fs: INFO: recovery required on readonly filesystem.
Jul 23 11:38:15 localhost kernel: EXT3-fs: write access will be enabled during recovery.
Jul 23 11:38:15 localhost kernel: kjournald starting.  Commit interval 5 seconds
Jul 23 11:38:15 localhost kernel: EXT3-fs: recovery complete.
Jul 23 11:38:15 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.
Jul 23 11:38:15 localhost kernel: SELinux:  Disabled at runtime.
Jul 23 11:38:15 localhost kernel: type=1404 audit(1343014653.578:2): selinux=0 auid=4294967295 ses=4294967295
Jul 23 11:38:15 localhost kernel: input: PC Speaker as /class/input/input0
Jul 23 11:38:15 localhost kernel: netfront: Initialising virtual ethernet driver.
Jul 23 11:38:15 localhost kernel: netfront: device eth0 has copying receive path.
Jul 23 11:38:15 localhost kernel: Floppy drive(s): fd0 is unknown type 15 (usb?), fd1 is unknown type 15 (usb?)
Jul 23 11:38:15 localhost kernel: Failed to obtain physical IRQ 6
Jul 23 11:38:15 localhost kernel: floppy0: no floppy controllers found
Jul 23 11:38:15 localhost kernel: work still pending
Jul 23 11:38:15 localhost kernel: lp: driver loaded but no devices found
Jul 23 11:38:15 localhost kernel: md: Autodetecting RAID arrays.
Jul 23 11:38:15 localhost kernel: md: autorun ...
Jul 23 11:38:15 localhost kernel: md: ... autorun DONE.
Jul 23 11:38:15 localhost kernel: SCSI subsystem initialized
Jul 23 11:38:15 localhost kernel: device-mapper: multipath: version 1.0.6 loaded
Jul 23 11:38:15 localhost kernel: EXT3 FS on sda1, internal journal
Jul 23 11:38:15 localhost kernel: kjournald starting.  Commit interval 5 seconds
Jul 23 11:38:15 localhost kernel: EXT3-fs warning: maximal mount count reached, running e2fsck is recommended
Jul 23 11:38:15 localhost kernel: EXT3 FS on sdb1, internal journal
Jul 23 11:38:15 localhost kernel: EXT3-fs: recovery complete.
Jul 23 11:38:16 localhost kernel: EXT3-fs: mounted filesystem with ordered data mode.
Jul 23 11:38:16 localhost kernel: Adding 1020116k swap on /dev/sda2.  Priority:-1 extents:1 across:1020116k

 

secure 日志

Jul 20 16:26:23 vm45 sshd[15812]: Did not receive identification string from 172.200.1.50
Jul 20 16:27:22 vm45 sshd[15815]: Did not receive identification string from 172.200.1.50
Jul 20 16:30:00 vm45 sshd[996]: Server listening on 0.0.0.0 port 22.
Jul 20 16:30:18 vm45 sshd[1034]: Did not receive identification string from 172.200.1.50
Jul 20 16:31:57 vm45 sshd[997]: Server listening on 0.0.0.0 port 22.
Jul 20 16:32:17 vm45 sshd[1035]: Did not receive identification string from 172.200.1.50
Jul 20 16:33:58 vm45 sshd[996]: Server listening on 0.0.0.0 port 22.

172.200.1.50 在对VM45做22端口的监控，在vm45屏蔽1.50访问服务后返回的secure日志。

 

 

转载于:https://blog.51cto.com/c371193852/940600