Linux系统日志,system log,记录各种日志,系统、网络、内核、服务等。
[root@chy002 ~]# cat /var/log/messages
设想,如果系统所有操作内容都记录在该文件,会导致该文件过大,如何避免。
[root@chy002 ~]# du -sh !$
du -sh /var/log/messages
228K /var/log/messages
#发现该日志并不大
[root@chy002 ~]# ls /var/log/messages*
/var/log/messages /var/log/messages-20180121
/var/log/messages-20180108 /var/log/messages-20180130
/var/log/messages-20180119
#防止日志无限制增加,设置了日志切割工具。logrotate
[root@chy002 ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly 每周切割
weekly
# keep 4 weeks worth of backlogs 保留4个
rotate 4
# create new (empty) log files after rotating old ones 创建新文件
create
# use date as a suffix of the rotated file 文件后缀名
dateext
# uncomment this if you want your log files compressed 是否压缩
#compress
#告诉 logrotate 读入存放在/etc/logrotate.d 目录中的日志转储参数,当系统中安装了RPM 软件包时,使用include 选项十分有用。RPM 软件包的日志转储参数一般存放在/etc/logrotate.d 目录。
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we‘ll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
参考https://my.oschina.net/u/2000675/blog/908189
dmesy命令,硬件运行日志。与 /var/log/dmesg无关联,该文件为系统启动所记录情况。
last命令,查看正确的登录和重启历史。调用的是 /var/log/wtmp,该二进制文件无法cat
lastb命令,查看登录失败的历史。调用的是 /var/log/btmp,无法cat
安全日志 /var/log/secure ,会记录一些暴力破解等信息