1、Linux系统的所有日志文件都保存在/var/log目录下:
[root@root network-scripts]# cd /var/log
[root@root log]# ls
anaconda.ifcfg.log cron-20190821 messages-20190821 spooler vmware-network.6.log
anaconda.log cron-20190903 messages-20190903 spooler-20190821 vmware-network.7.log
anaconda.program.log cups ntpstats spooler-20190903 vmware-network.8.log
anaconda.storage.log dmesg pm-powersave.log squid vmware-network.9.log
anaconda.syslog dmesg.old ppp sssd vmware-network.log
anaconda.xlog dracut.log prelink tallylog vmware-vgauthsvc.log.0
anaconda.yum.log gdm rhsm vmware-caf vmware-vmsvc.log
audit httpd sa vmware-install.log vmware-vmusr.log
boot.log lastlog samba vmware-network.1.log wpa_supplicant.log
btmp maillog secure vmware-network.2.log wtmp
btmp-20190903 maillog-20190821 secure-20190821 vmware-network.3.log Xorg.0.log
ConsoleKit maillog-20190903 secure-20190903 vmware-network.4.log Xorg.0.log.old
cron messages spice-vdagent.log vmware-network.5.log Xorg.9.log
2、常用日志文件位置
- /var/log/message 系统启动后的信息和错误日志,是Red Hat Linux中最常用的日志之一
- /var/log/secure 与安全相关的日志信息
- /var/log/maillog 与邮件相关的日志信息
- /var/log/cron 与定时任务相关的日志信息
- /var/log/spooler 与UUCP和news设备相关的日志信息
- /var/log/boot.log 守护进程启动和停止相关的日志消息
3、日志文件查看命令:
- cat 显示整个文本;
- head 从文件的头部开始查看,head命令一般用于查看一个文本文件的开头部分;
- tail tail命令默认在屏幕上显示指定文件的末尾10行;
tail -n 20 filename #显示filename最后20 行
tail -r -n 10 filename #逆序显示filename最后10行
last 用于显示近期用户或终端的登录情况
4、查看最近的历史命令记录:history
命令:history n(命令条数)——> 查看最近的第n条命令
[root@root log]# history 10
147 ls | grep p
148 ls | grep name
149 tail -n 20 filename
150 tail -n 20 httpd
151 ls
152 tail -n 20 secure
153 head secure
154 cat secure
155 last secure
156 history 10
5、查看系统日志信息:
命令:[root@root log]# cat messages | more
#more参数使文件可以翻页查看
[root@root 桌面]# cd /var/log
[root@root log]# sudo cat messages | more
Sep 3 13:50:38 root rsyslogd: [origin software="rsyslogd" swVersion="5.8.10" x-pid="2267" x-info="http://www.rsyslog
.com"] rsyslogd was HUPed
Sep 3 13:50:38 root rhsmd: In order for Subscription Manager to provide your system with updates, your system must b
e registered with the Customer Portal. Please enter your Red Hat login to ensure your system is up-to-date.
Sep 3 13:52:38 root ntpd_intres[2823]: host name not found: 0.rhel.pool.ntp.org
Sep 3 13:52:38 root ntpd_intres[2823]: host name not found: 1.rhel.pool.ntp.org
Sep 3 13:52:38 root ntpd_intres[2823]: host name not found: 2.rhel.pool.ntp.org
Sep 3 13:52:38 root ntpd_intres[2823]: host name not found: 3.rhel.pool.ntp.org
... ...
6、who命令
who命令查询所有以前的记录。命令who /var/log/wtmp将报告自从wtmp文件创建或删除以来的每一次登录。
[root@root log]# who wtmp
root tty1 2019-06-22 19:30 (:0)
root pts/0 2019-06-22 19:36 (:0.0)
root pts/0 2019-06-22 19:40 (:0.0)
root tty1 2019-06-22 19:42 (:0)
root tty1 2019-08-07 17:53 (:0)
root pts/0 2019-08-07 17:53 (:0.0)
root pts/1 2019-08-07 23:13 (:0.0)
root tty1 2019-08-07 23:17 (:0)
root pts/0 2019-08-07 23:17 (:0.0)
root tty1 2019-08-21 01:49 (:0)
root pts/0 2019-08-21 01:50 (:0.0)
root pts/1 2019-09-02 17:19 (:0.0)
root tty1 2019-09-03 14:52 (:0)
root pts/0 2019-09-03 14:52 (:0.0)
root pts/1 2019-09-03 16:25 (:0.0)
root pts/2 2019-09-03 16:25 (:0.0)
root tty1 2019-09-03 16:28 (:0)
root pts/0 2019-09-03 16:28 (:0.0)
[root@root log]#