2013年3月10日 星期日 晴



系统日志服务



一、查询系统日志服务是否安装



[root@desktop7 ~]# rpm -q sysklogd


sysklogd-1.4.1-46.el5


[root@desktop7 ~]#



二、启动与停止系统日志服务



[root@desktop7 ~]# service syslog status


syslogd (pid  2857) is running...


klogd (pid  2860) is running...


[root@desktop7 ~]#




[root@desktop7 ~]# chkconfig --list syslog


syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off



[root@desktop7 ~]# chkconfig syslog off


[root@desktop7 ~]# chkconfig --list syslog


syslog          0:off   1:off   2:off   3:off   4:off   5:off   6:off



[root@desktop7 ~]# chkconfig syslog on


[root@desktop7 ~]# chkconfig --list syslog


syslog          0:off   1:off   2:on    3:on    4:on    5:on    6:off


[root@desktop7 ~]#



三、查询、编辑系统日志服务



1、全部信息



[root@desktop7 ~]# cat /etc/syslog.conf


# Log all kernel messages to the console.


# Logging much else clutters up the screen.


#kern.*                                                 /dev/console



# Log anything (except mail) of level info or higher.


# Don't log private authentication messages!


*.info;mail.none;authpriv.none;cron.none                /var/log/messages



# The authpriv file has restricted access.


authpriv.*                                              /var/log/secure



# Log all the mail messages in one place.


mail.*                                                  -/var/log/maillog




# Log cron stuff


cron.*                                                  /var/log/cron



# Everybody gets emergency messages


*.emerg                                                 *



# Save news errors of level crit and higher in a special file.


uucp,news.crit                                          /var/log/spooler



# Save boot messages also to boot.log


local7.*                                                /var/log/boot.log


[root@desktop7 ~]#



2、筛选有用信息



[root@desktop7 ~]# egrep -vn "^$|^#" /etc/syslog.conf


7:*.info;mail.none;authpriv.none;cron.none              /var/log/messages


10:authpriv.*                                           /var/log/secure


13:mail.*                                                       -/var/log/maillog


17:cron.*                                                       /var/log/cron


20:*.emerg                                                      *


23:uucp,news.crit                                               /var/log/spooler


26:local7.*                                             /var/log/boot.log


[root@desktop7 ~]#



3、编辑系统日志



[root@desktop7 ~]# vim /etc/syslog.conf



四、日志的格式



[root@desktop7 ~]# cat /var/log/boot.log


Mar  6 03:38:17 desktop7 NET[4256]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:38:39 desktop7 NET[4645]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:40:41 desktop7 NET[5020]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:41:03 desktop7 NET[5557]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:45:48 desktop7 NET[5867]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:46:09 desktop7 NET[6327]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:48:18 desktop7 NET[6710]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 03:48:42 desktop7 NET[7226]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 04:44:49 desktop7 NET[32357]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 04:45:12 desktop7 NET[457]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 05:53:22 desktop7 NET[4153]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 05:53:46 desktop7 NET[4615]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 06:00:31 desktop7 NET[4898]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 06:00:58 desktop7 NET[5447]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 06:01:31 desktop7 NET[5937]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 06:01:52 desktop7 NET[6453]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 07:13:21 desktop7 NET[7227]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  6 07:13:38 desktop7 NET[7744]: /sbin/dhclient-script : updated /etc/resolv.conf


Mar  8 05:03:56 desktop7 NET[13438]: /etc/sysconfig/network-scripts/ifup-post : updated /etc/resolv.conf


You have new mail in /var/spool/mail/root



五、集中式的日志服务



1、编辑



[root@desktop7 ~]# vim /etc/syslog.conf


*.*                                                     @fengzhao001


保存退出.



2、修改/etc/sysconfig/syslog中SYSLOGD_OPTIONS="-m 0"参数,后加入-r



[root@desktop7 ~]# vim /etc/sysconfig/syslog


# Options to syslogd


# -m 0 disables 'MARK' messages.


# -r enables logging from remote machines


# -x disables DNS lookups on messages recieved with -r


# See syslogd(8) for more details


SYSLOGD_OPTIONS="-m 0"  (加入-r,在引号内)


# Options to klogd


# -2 prints all kernel oops messages twice; once for klogd to decode, and


#    once for processing with 'ksymoops'


# -x disables all klogd processing of oops messages entirely


# See klogd(8) for more details


KLOGD_OPTIONS="-x"


#


SYSLOG_UMASK=077


# set this to a umask value to use for all log files as in umask(1).


# By default, all permissions are removed for "group" and "other".


~                                                                  



3、重新启动logclient与logserver服务



[root@desktop7 ~]# service syslog restart


Shutting down kernel logger:                               [  OK  ]


Shutting down system logger:                               [  OK  ]


Starting system logger:                                    [  OK  ]


Starting kernel logger:                                    [  OK  ]


[root@desktop7 ~]#