Detailed introduction to logs in Linux system

Detailed introduction to logs in Linux system

1. Log related services

In CentOS 6.x , the log service has been replaced by rsyslogd instead of the original syslogd service. RedHat believes that syslogd can no longer meet the needs of work, and rsyslogd service supports more functions.

rsyslogd service has some new features compared to syslogd service:

Log information is transmitted based on the TCP network protocol.

A more secure network transmission method.

There is a real-time analysis framework for log messages.

Backend database. Simple logical judgments can be written in the configuration file.

Compatible with syslog configuration files.

2. Common log files in the system

In Linux systems, system logs are generally saved in the /var/log/ directory.

As shown below:

[root@localhost ~]# ls /var/log/
anaconda.ifcfg.log btmp maillog secure
anaconda.log ConsoleKit maillog-20200705 secure-20200705
anaconda.program.log cron mcelog spooler
anaconda.storage.log cron-20200705 messages spooler-20200705
anaconda.syslog cups messages-20200705 sssd
anaconda.xlog dmesg ntpstats tallylog
anaconda.yum.log dmesg.old prelink wtmp
audit dracut.log sa yum.log
boot.log lastlog samba

Let's take a closer look at the main log files above:

Log files illustrate
/var/log/cron Records logs related to system scheduled tasks.
/var/log/cups/ A log that records printing information. (Prerequisite: you need a printer or print server, which is generally not needed)
/var/log/dmesg Records the kernel self-test information when the system is turned on. You can also use the dmesg command to directly view kernel self-test information.
/var/log/btmp Logs incorrect logins. This file is a binary file and cannot be viewed directly with vim . Instead, you must use lastb command to view it.
/var/log/lastlog A log that records the last login time of all users in the system. This file is also a binary file and cannot be viewed directly with vim . Instead, you need to use lastlog command to view it.
/var/log/mailog Record email information.
/var/log/message Logs that record important system information. This log file will record most of the important information of the Linux system. If there is a problem with the system, the first thing to check should be this log file.
/var/log/secure Records authentication and authorization information, including any program involving accounts and passwords. For example, system login, ssh login, su user switching, sudo authorization, and even adding users and modifying user passwords will be recorded in this log file.
/var/log/wtmp Permanently record all users' login and logout information, and also record system startup, restart, and shutdown events. Similarly, this file is also a binary file and cannot be viewed directly using vim . Instead, you need to use last command to view it.
/var/run/utmp Record the information of the currently logged in user. This file will change as users log in and out, and only records the information of the currently logged in user. Similarly, this file cannot be directly vim , but must be queried using commands such as w , who , users , etc.

Note: Examples of log files that cannot be viewed with the vim editor.

# Someone used the root user to log in to local terminal 1 at 22:38 on June 4th. [root@localhost log]# lastb
root tty1 Tue Jun 4 22:38 - 22:38 (00:00)

Why can't some log files be viewed using the vim editor?

This is because the contents of these log files record the logs of important system resources and are related to system security. You cannot modify them. To ensure the accuracy of the data, you can only view them through relevant commands.

In addition to the system default logs, system services installed using RPM will also record logs in the /var/log/ directory by default.

For example:

Log files illustrate
/var/log/httpd/ The default log directory for the apache service installed by the RPM package.
/var/log/mail/ Additional log directory for mail services installed by the RPM package.
/var/log/samba/ Log directory for the samba service installed by the RPM package.
/var/log/sssd/ Daemon security service directory.

The service logs installed with the source package are in the directory specified by the source package.

However, these logs are not recorded and managed by the rsyslogd service. Instead, each service uses its own log management document to record its own logs.

This is the end of this article about the detailed introduction of logs in Linux system. For more relevant Linux log content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in:
  • Detailed explanation of command to view log files in Linux environment
  • How to manually scroll logs in Linux system
  • Summary of 6 Linux log viewing methods
  • A simple method to implement Linux timed log deletion
  • How to use glog log library in Linux environment

<<:  Exploring the practical value of the CSS property *-gradient

>>:  How to implement paging query in MySQL

Recommend

Tomcat class loader implementation method and example code

Tomcat defines multiple ClassLoaders internally s...

VMware and CentOS system installation method to reset the root password

Today's Tasks 1. Choice of Linux distribution...

How to define input type=file style

Why beautify the file control? Just imagine that a...

How to Dockerize a Python Django Application

Docker is an open source project that provides an...

Detailed explanation of the wonderful CSS attribute MASK

This article will introduce a very interesting at...

It's the end of the year, is your MySQL password safe?

Preface: It’s the end of the year, isn’t it time ...

In-depth analysis of Nginx virtual host

Table of contents 1. Virtual Host 1.1 Virtual Hos...

CentOS 7 installation and configuration tutorial under VMware10

If Ubuntu is the most popular Linux operating sys...

How to quickly use mysqlreplicate to build MySQL master-slave

Introduction The mysql-utilities toolset is a col...

Docker network principles and detailed analysis of custom networks

Docker virtualizes a bridge on the host machine. ...

Introduction to MySQL <> and <=> operators

<> Operator Function: Indicates not equal t...

Detailed steps to install nginx on Apple M1 chip and deploy vue project

brew install nginx Apple Mac uses brew to install...

How to solve the abnormal error ERROR: 2002 in mysql

Recently, an error occurred while starting MySQL....