实验环境------------------------>systemctl stop firewalld
服务名称------------------------>systemd-journald.server
journalctl 默认存放路径:/run/log
1、journalctl命令的用法
2、 使日志永久保存
ls -i /run/log/journal/8bf8757aa7ac4d73b173c9970462643f/system.journal
reboot
journalctl
mkdir /var/log/journal
ls -l /var/log/journal
chgrp systemd-journal /var/log/journal 改变文件所有组
chmod 2775 /var/log/journal
systemctl restart systemd-journald
ls /var/log/journal
cd /var/log/journal/8bf8757aa7ac4d73b173c9970462643f/
ls -i system.journal
date
reboot
journalctl
3、(日志管理)rsyslog
vim /etc/rsyslog.conf
systemctl restart rsyslog.service
> /var/log/westos
cat /var/log/westos
(在另一个shell中连接)
cat /var/log/westos
Jul 20 16:28:43 westosbbb sshd[6313]: Accepted password for root from 172.25.254.132 port 50180 ssh2
Jul 20 16:28:43 westosbbb systemd[1]: Started Session 7 of user root.
Jul 20 16:28:43 westosbbb systemd-logind[836]: New session 7 of user root.
Jul 20 16:28:43 westosbbb sshd[6313]: pam_unix(sshd:session): session opened for
(vim中46行修改)
4、多个主机的日志同步到一个主机
发送端:
vim /etc/rsyslog.conf
(*.* @172.25.254.132)
systemctl restart rsyslog.service
> /var/log/westos
logger westos test message
接收端:先关闭火墙
vim /etc/rsyslog.conf
(解掉注释# Provides UDP syslog reception
# for parameters see http://www.rsyslog.com/doc/imudp.html
module(load="imudp") # needs to be done just once
input(type="imudp" port="514")
)
systemctl restart rsyslog
> /var/log/messages
netstat -antlupe | grep rsyslog
tail -f /var/log/messages