In order to ensure the normal operation of the Linux system and accurately solve various system problems encountered, it is a very important task for the system administrator to read the log files carefully. . This article will briefly explain what is a log file, where to find the log files, and how to handle them.
The Linux kernel consists of many subsystems, including network, file access, memory management, and more. The subsystem needs to send some messages to the user, including the source of the message and its importance. All subsystems send messages to a public message area that can be maintained, so there is a program called Syslog.
What is the use of the Syslog program?
System cores and many system programs generate error messages, warnings, and other information. This information is important, so they should be written to a file. The program that performs this process is Syslog, which can be set to sort information into different files based on the program or importance of the output information. For example, since the core information is more important and needs to be read regularly to determine where the problem is, separate the core information from the other information and direct it to a separate file.
Log files are usually stored in the “/var/log” directory. In order to view the contents of the log file, you must have the <;Root" permission. The information in the log file is important and only allows superusers access to these files.
Viewing the log file
The log file is actually a plain text file, and each line is a message. Any tool that can handle plain text under Linux can be used to view log files. The log files are always large, because the messages are accumulated in the log file since you first started Linux. A good way to look at the log file is to use a pagination display program like More or Less, or use Grep to find a specific message. We first use Less to display “/var/log/messages”, and we can see some messages taken from the log file. Each line represents a message and consists of a fixed format of four fields:
*Timestamp, which indicates the date and time the message was sent.
*Hostname, which is the name of the computer that generated the message. If there is only one computer, the hostname may not be necessary. However, if you use Syslog in a network environment, you might want to send messages from different hosts to a single server for centralized processing. In our example the hostname is lcdj.
*The name of the subsystem that generated the message. It can be "Kernel", indicating that the message comes from the kernel or the name of the process, indicating the name of the program that sent the message. In square brackets is the PID of the process.
*Message, the content of the message.
in
1, the first line is the message sent by Sendmail, Sendmail Daemon (Daemon) is responsible for managing and receive messages sent. This line is the message that the daemon is starting normally.
The second line is a message from Passwd reminding the user that the password for "Progs" was changed by "Root". Other news in the future is to report the operation of the system to the user.
Actually, the messages in the "/var/log/message" files are not particularly important or urgent.
One very interesting message is the "MARK" message, which by default generates a message every 20 minutes indicating that the system is still running. & ldquo; MARK & rdquo; message is very similar to the "heartbeat signal" (Heartbeat) often used to confirm whether the remote host is still running. Another use of the MARK” message is for post-mortem analysis, which helps system administrators determine when a system crash occurs.
Configuring Logs
Let's take a closer look at how the Syslog daemon works. This program runs in the background, gets new messages from the system, and sends the messages to the right place. Each subsystem issues a type of message when it issues a log message. A message can be divided into two parts: "device" and “priority”. "Device" indicates the subsystem that sent the message, "Priority" indicates the importance of the message, ranging from 0 (most important) to 7 (least important). Please see Figure 2.
Syslog Basic Configuration is very simple, and some configuration of advanced features require some experience. Let's take a look at the basic configuration, which is based on “device" Tasks can be customized by editing the file (usually “/etc/syslog.conf”). Lines beginning with the "#” number are comment lines. Other lines are also easy to understand. They are composed of two fields, "Selector" and "Action". “Selector”Use the corresponding "device" & "Priority" (all can use “*” wildcards to indicate "any" & rdquo;) to indicate the type of message. “Action” indicates what action to take once a new message matches the "selector"
in
3, you will find that & ldquo; priority & rdquo; equal & ldquo; Info & rdquo; and & ldquo; Notice & rdquo; messages, regardless of their & ldquo; device ”What is sent to the “/usr/adm/messages” file because the wildcard is used in the "selector”. The same "priority" message for "Debug" and "Err" is sent to the “/usr/adm/debug” and “/usr/adm/syslog” files.
After editing the &etcquo;/etc/syslog” file, you must also run “Killall -HUP Syslogd” so that the changes will not take effect. This command sends a "HUP" signal to the Syslog daemon, informing the daemon to re-read the configuration file.
Log files are very important for administrators. By managing log files, you can better maintain the system and ensure the normal operation of various applications.
Although Linux systems are more secure than Windows, some simple security configurations are necess
The following error message appears after starting vnc4server: LSPPC-Lenny:~# vnc4serverxauth: (stdi
Arista networks is a company that provides cloud computing network equipment for data centers. Its c
LDM/STM instructions are mainly used for field protection, data copying, parameter transfer, etc. ST
Linux system installation php extension cURL
Linux kernel compiler often solves the problem
Rsync parameter parsing and rsync server
Let Linux run Windows programs Wine
The samba service is not installed and the dual-system boot fails.
Sarg installation configuration tutorial
Linux SSHD client Chinese garbled solution
Rsync principle and basic tutorials
Two measures to remedy the Linux system swap partition is too small
Win XP system search for four major faults and solutions
What's the change? Win10 Build 10122 version HD screenshots
Why does PPS play movies with black screens?
Win8.1 compressed volume prompts no solution for free space
How to display the QQ icon of the Win7 system notification area
How to do win10 store flashback
Lose weight for win7 operation disk system
How to use the Ping command to check the reason why you can't access the Internet?