• 通过journalctl查看日志


    # 查看UID为1000的用户今天以来的日志
    sudo journalctl _UID=1000 --since today

    # 查看1分钟以前的日志
    cqq@snort-ids � ~ � sudo journalctl --since "1 min ago" [13:18:26]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:18:57 CST. --
    4月 24 13:18:19 snort-ids sudo[12664]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/usr/bin/vi /home/cqq/.zshrc
    4月 24 13:18:19 snort-ids sudo[12664]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:18:26 snort-ids sudo[12664]: pam_unix(sudo:session): session closed for user root
    4月 24 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
    4月 24 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:18:50 snort-ids systemd[1]: Started Session c12 of user cqq.
    4月 24 13:18:50 snort-ids systemd-logind[246]: New session c12 of user cqq.
    4月 24 13:18:57 snort-ids sudo[12743]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl --since 1 min ago
    4月 24 13:18:57 snort-ids sudo[12743]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)

    # 查看某个单元/服务的日志
    cqq@snort-ids � ~ � sudo journalctl -u ssh.service --since today [13:37:48]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:37:58 CST. --
    4月 24 13:06:43 snort-ids sshd[12157]: Accepted password for cqq from 192.168.10.247 port 52067 ssh2
    4月 24 13:06:43 snort-ids sshd[12157]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
    4月 24 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:28:10 snort-ids sshd[13096]: Accepted password for cqq from 192.168.10.247 port 56326 ssh2
    4月 24 13:28:10 snort-ids sshd[13096]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    cqq@snort-ids � ~ � sudo journalctl -u apache2 --since "2015-01-10" [13:38:49]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:41:03 CST. --
    4月 21 18:55:57 snort-ids systemd[1]: Starting The Apache HTTP Server...
    4月 21 18:55:59 snort-ids systemd[1]: Started The Apache HTTP Server.
    4月 22 01:59:04 snort-ids systemd[1]: Stopping The Apache HTTP Server...
    4月 22 01:59:04 snort-ids systemd[1]: Stopped The Apache HTTP Server.
    4月 22 01:59:04 snort-ids systemd[1]: Starting The Apache HTTP Server...
    4月 22 01:59:05 snort-ids systemd[1]: Started The Apache HTTP Server.
    4月 22 06:25:52 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 22 06:25:52 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
    4月 23 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 23 06:25:34 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
    4月 24 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 24 06:25:35 snort-ids systemd[1]: Reloaded The Apache HTTP Server.

    # 查看实时日志
    cqq@snort-ids � ~ � sudo journalctl -f [13:18:51]
    [sudo] cqq 的密码:
    -- Logs begin at Fri 2016-11-04 01:16:43 CST. --
    4月 24 13:23:27 snort-ids sudo[12888]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
    4月 24 13:25:01 snort-ids CRON[12942]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
    4月 24 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session closed for user root
    4月 24 13:25:10 snort-ids sudo[12888]: pam_unix(sudo:session): session closed for user root
    4月 24 13:25:57 snort-ids sudo[12990]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
    4月 24 13:25:57 snort-ids sudo[12990]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:26:06 snort-ids sudo[12990]: pam_unix(sudo:session): session closed for user root
    4月 24 13:26:15 snort-ids sudo[13017]: cqq : TTY=pts/1 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
    4月 24 13:26:15 snort-ids sudo[13017]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    举个栗子。
    先查看某个unit/service的状态,发现它failed,然后输出该unit/service的内容(到底写的是什么,错误在哪里),发现错误是因为按照别人教程上写的,没把ruby的路径搞对,然后查看一下这个unit/service的日志,果然是有错的。

  • 相关阅读:
    SqlServer查询优化方法
    关于导入excel问题
    修改SQL数据库中表字段类型时,报“一个或多个对象访问此列”错误的解决方法
    软件架构之我见
    算法-插入排序
    算法-快速排序
    WCF系列 Restful WCF
    WCF系列 基础概念
    cocos2dx-是男人就坚持20s 练手项目
    nodejs 聊天室简单实现
  • 原文地址:https://www.cnblogs.com/agang-php/p/12588404.html
Copyright © 2020-2023  润新知