1.日志系统:syslog 和syslog-ng(next generation)
2.syslog是个服务:是一个统一的结构,系统常见的、固定的设施(facility)用这个服务记录日志
3.syslog服务:服务名就叫syslog
[root@node3 log]# chkconfig --list |grep syslog rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
[root@node3 /]# service rsyslog status
rsyslogd (pid 991) is running...
[root@node3 /]#
klogd:内核,专门负责记录内核产生的日志信息 /var/log/dmesg
/sbin/init 之后
syslogd: 系统,负责非内核产生的日志信息 /var/log/messages
日志需要滚动(日志切割):messages-20170622 messages-20170612
logrotate 专门的日志计划 /etc/cron.daily/logrotate /etc/logrotate.conf
[root@node3 log]# cat /etc/logrotate.conf # see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # use date as a suffix of the rotated file dateext # uncomment this if you want your log files compressed #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp and btmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp minsize 1M rotate 1 } /var/log/btmp { missingok monthly create 0600 root utmp rotate 1 } # system-specific logs may be also be configured here.
/var/log/maillog邮件系统产生的日志
/var/log/secure 登录产生的日志 可以写个脚本,每天运行一下,生成一个报告
配置文件:/etc/syslog.conf(Centos 6起,/etc/syslog.conf不再有,而是/etc/rsyslog.conf代替)
