http://my.oschina.net/duxuefeng/blog/317570
http://blog.csdn.net/smstong/article/details/8919803
http://www.cnblogs.com/skyofbitbit/p/3674664.html
http://blog.chunshengster.me/2013/07/high_performance_rsyslogd.html
http://huoding.com/2014/05/09/347
linux下会看到早期的syslog服务,但后续就看到只使用rsyslog服务了
rsyslog 相当于 syslog的升级版,rsyslog可以将日志写到文件中
linux上的日志系统: 包括 Syslog,syslog-ng 日志系统: 1.信息详细程序:日志级别 2.子系统: facility,设施 3.动作: syslog服务:为各程序记录log(2个) 两个进程: 1.syslogd:记录非内核日志 2.klogd:记录内核日志
配制文件:/etc/syslog.conf
kernel---物理终端--(/dev/console)--->/var/log/dmsg
/sbin/init开始的信息输出到
/var/log/messages:系统标准错误解日志信息:非内核算产引导信息,各进程产生的信息
/var/log/maillog
/var/log/secure
日志需要滚雪动:
message message.1 message.2
logrotate:/etc/logrotate
ls /etc/cron.daily
调度:
[root@server1 iosched]# cd /etc/cron.daily
[root@server1 cron.daily]# ll total 24 -rwxr-xr-x. 1 root root 196 Jul 18 2013 logrotate -rwxr-xr-x. 1 root root 905 Feb 22 2013 makewhatis.cron -rwxr-xr-x. 1 root root 174 Sep 24 2012 mlocate.cron -rwxr-xr-x. 1 root root 2126 Jul 19 2013 prelink -rwxr-xr-x. 1 root root 563 Nov 23 2013 readahead.cron -rwxr-xr-x. 1 root root 365 Oct 16 2009 tmpwatch
[root@server1 cron.daily]# vi logrotate #!/bin/sh /usr/sbin/logrotate /etc/logrotate.conf >/dev/null 2>&1 EXITVALUE=$? if [ $EXITVALUE != 0 ]; then /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]" fi exit 0
logrotae.conf配制文件:
[root@server1 ~]# cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 }
在这个目录下建立自已的目录:
[root@server1 logrotate.d]# pwd /etc/logrotate.d [root@server1 logrotate.d]# ls dracut psacct syslog yum
vi /etc/rsyslog.conf //异步写入,即写入内存不写入磁盘
mail.* -/var/log/maillog
# Everybody gets emergency messages
*.emerg *
# Save boot messages also to boot.log
local7.* /var/log/boot.log
service syslog restart
service syslog reload :不重起服务,就可以加载配制文件
mail.* @172.0.0.1
[root@server1 init.d]# rpm -ql rsyslog /etc/logrotate.d/syslog /etc/pki/rsyslog /etc/rc.d/init.d/rsyslog /etc/rsyslog.conf /etc/rsyslog.d /etc/sysconfig/rsyslog
/sbin/rsyslogd
客户端程序编写:
#include <syslog.h> int main(void){ int log_test; openlog("log_test", LOG_PID|LOG_CONS, LOG_USER); syslog(LOG_INFO, "PID information, pid=%d\n", getpid()); syslog(LOG_EMERG, "debug message\n"); closelog(); return 0; }
LOG_EMERG:会发送到所有的终端上:
man openlog:
void openlog(const char *ident, int option, int facility);
void syslog(int priority, const char *format, ...);
option The option argument to openlog() is an OR of any of these: LOG_CONS Write directly to system console if there is an error while sending to system logger. LOG_NDELAY Open the connection immediately (normally, the connection is opened when the first message is logged). LOG_NOWAIT Don’t wait for child processes that may have been created while logging the message. (The GNU C library does not create a child process, so this option has no effect on Linux.) LOG_ODELAY The converse of LOG_NDELAY; opening of the connection is delayed until syslog() is called. (This is the default, and need not be specified.) LOG_PERROR (Not in POSIX.1-2001.) Print to stderr as well. LOG_PID Include PID with each message. facility The facility argument is used to specify what type of program is logging the message. This lets the configuration file specify that messages from different facilities will be handled differently. LOG_AUTH security/authorization messages (DEPRECATED Use LOG_AUTHPRIV instead) LOG_AUTHPRIV security/authorization messages (private) LOG_CRON clock daemon (cron and at) LOG_DAEMON system daemons without separate facility value LOG_FTP ftp daemon LOG_KERN kernel messages (these can’t be generated from user processes) LOG_LOCAL0 through LOG_LOCAL7 reserved for local use LOG_LPR line printer subsystem LOG_MAIL mail subsystem LOG_NEWS USENET news subsystem LOG_SYSLOG messages generated internally by syslogd(8) LOG_USER (default) generic user-level messages LOG_UUCP UUCP subsystem
level This determines the importance of the message. The levels are, in order of decreasing importance: LOG_EMERG system is unusable LOG_ALERT action must be taken immediately LOG_CRIT critical conditions LOG_ERR error conditions LOG_WARNING warning conditions LOG_NOTICE normal, but significant, condition LOG_INFO informational message LOG_DEBUG debug-level message The function setlogmask(3) can be used to restrict logging to specified levels onl