---------------------------------
日志功能
1)syslogd 存放软件日志 /etc/syslog.conf定义分类 /var/log/
2)klogd 存放硬件日志 /var/log/dmesg
klogd:
#file /var/log/dmesg
1.查看cpu
#cat /proc/cpuinfo
#grep -i cpu /var/log/demsg //-i忽略大小写
2.查看内存
#top
#free -m
#cat /proc/meminfo
#grep -i mem /var/log/demsg
3.查看网卡
#grep -i eth /vat/log/dmesg
#lspci//查看总线
#grep -i pci /vat/log/dmesg
#lsusb
syslogd:
#vim /etc/syslog.con
panic 级别差不多能装系统了
一般状况找 比info高的级别放到/var/log/messages
authpriv.* /var/log/secure //authpriv 验证 ,用户登录日志等
mail.* -/var/log/maillog (-异步写入)
cron 日志交换
#tail -f /var/log/messages
动态查看日志
************
syslog.conf
八种级别
#define KERN_EMERG "<0>" /* system is unusable */
#define KERN_ALERT "<1>" /* action must be taken immediately */
#define KERN_CRIT "<2>" /* critical conditions */
#define KERN_ERR "<3>" /* error conditions */
#define KERN_WARNING "<4>" /* warning conditions */
#define KERN_NOTICE "<5>" /* normal but significant condition */
#define KERN_INFO "<6>" /* informational */
#define KERN_DEBUG "<7>" /* debug-level messages */
***************************************
日志服务器
vi
查看在那个文件里 在那个包里
#which vim
#rpm -qf /usr/bin/vim
#rpm -ivh vim-enhanced-7.0.109-4.el5_2.4z
syslog server:
#vim /etc/sysconfig/syslog
SYSLOGD_OPTIONS="-r"
添加允许别的主机日志
enables logging from remote machines
#tail -f /var/log/secure
cilent:
#vim /etc/syslog.conf
authpriv.* @192.168.100.250
#service syslog restart
客户端登陆会再服务器端显示日志信息