首页 > 代码库 > RHCE7学习笔记8——分析和存储日志
RHCE7学习笔记8——分析和存储日志
一、rsyslogd服务管理系统日志,随机启动
[root@clz rsyslog.d]# systemctl is-active rsyslog.service active [root@clz rsyslog.d]# systemctl is-enabled rsyslog.service enabled
rsyslog的配置文件为/etc/rsyslog.conf,日志文件存储在/var/log目录下面,;
日志的7个级别,debug级别仅用于调试,也是最低的级别:
1、info;2、notice;3、warning;4、err;5、crit;6、alert;7、emerg;
在配置文件里面每个事件都会对应一个级别,*代表所有级别,-/var/log/mail,“-”代表非同步,内存和硬盘非同步读写,先读到内存,再写硬盘,源于两者读写速度不同,如:mail.*,mail.emerg:
所有等于或高于info级别(除mail外)的事件级别都会被记录到/var/log/messages文件,debug信息低于info级别,所以不会被记录到messages里面;
# Log anything (except mail) of level info or higher. 53 # Don‘t log private authentication messages! 54 *.info;mail.none;authpriv.none;cron.none /var/log/messages
为了验证以上的配置,可以配置local7的debug级别事件,记录倒/var/log/xx目录下面,使用logger命令模拟debug事件,验证信息是否写到messages和xx里面:
72 # Save boot messages also to boot.log 73 local7.* /var/log/boot.log 74 local7.debug /var/log/xx
[root@clz rsyslog.d]# logger -P local7.debug XXXXXXXXXXXXXXXXXX
如果日志需要发送给远端服务器记录,则需要在远端服务器日志配置文件先开启接受远端日志:
14 # Provides UDP syslog reception 15 $ModLoad imudp 16 $UDPServerRun 514 17 18 # Provides TCP syslog reception 19 $ModLoad imtcp 20 $InputTCPServerRun 514
在近端的配置文件写成:
74 local7.debug @192.168.100.100
查看日志内容,除了可以使用tail,tailf之外,还可以使用journalctl:
[root@clz log]# journalctl -- Logs begin at Wed 2015-01-07 23:28:05 CST, end at Thu 2015-01-08 11:10:02 CST. -- Jan 07 23:28:05 localhost.localdomain systemd-journal[207]: Runtime journal is using 6.1M (max 49.3M, leaving 74.0M of free 487.3M, cu Jan 07 23:28:05 localhost.localdomain systemd-journal[207]: Runtime journal is using 6.1M (max 49.3M, leaving 74.0M of free 487.3M, cu Jan 07 23:28:05 localhost.localdomain kernel: Initializing cgroup subsys cpuset
journalctl的常用命令:
[root@clz log]# journalctl --help journalctl [OPTIONS...] [MATCHES...]Flags: --system Show only the system journal --user Show only the user journal for the current user --since=DATE Start showing entries on or newer than the specified date 从什么时间开始 --until=DATE Stop showing entries on or older than the specified date 到什么时间 -k --dmesg Show kernel message log from the current boot -u --unit=UNIT Show data only from the specified unit --user-unit=UNIT Show data only from the specified user session unit -p --priority=RANGE Show only messages within the specified priority range查看特定级别的事件 -e --pager-end Immediately jump to end of the journal in the pager -f --follow Follow the journal
root@clz log]# journalctl --since=2015-01-08 --until=2014-01-09 -p err
二、系统时间管理与控制
使用timedatectl命令管理时间:
[root@clz log]# timedatectl Local time: Thu 2015-01-08 11:31:31 CST Universal time: Thu 2015-01-08 03:31:31 UTC RTC time: Thu 2015-01-08 11:31:32 Timezone: Asia/Chongqing (CST, +0800) NTP enabled: yes NTP synchronized: no RTC in local TZ: no DST active: n/a
timedatectl常用命令:
[root@clz log]# timedatectl --help status Show current time settings set-time TIME Set system time set-timezone ZONE Set system timezone list-timezones Show known timezones set-local-rtc BOOL Control whether RTC is in local time set-ntp BOOL Control whether NTP is enabled
本文出自 “平凡之路” 博客,请务必保留此出处http://linjohn.blog.51cto.com/1026193/1600596
RHCE7学习笔记8——分析和存储日志