The Linux log file contains 4 columns of content: 1. The time when the event occurred; 2. The host name of the server that generated the event; 3. The service name or program name that generated the event; 4. The specific information of the event. As long as they are log files managed and recorded uniformly by the log service rsyslogd, their formats are the same, and they all contain 4 columns for programmers to view and analyze.
#The operating environment of this tutorial: linux7.3 system, Dell G3 computer.
Log files are important system information files, which record many important system events, including user login information, system startup information, system security information, email-related information, and various services. Related information, etc. Some of this information is very sensitive, so in Linux these log files can only be read by the root user.
There are three main types of Linux system logs: kernel and system logs, user logs, and program logs.
1. Kernel and system logs:
This kind of log data is managed uniformly by the system service rsyslog, and the kernel is determined according to the settings in its main configuration file /etc/rsyslog.conf Where are messages and various system program messages recorded? A considerable number of programs in the system will leave log files to rsyslog for management, so the log records used by these programs also have a similar format.
2. User log:
This kind of log data is used to record information related to Linux operating system users logging in and exiting the system, including user name, logged-in terminal, login time, source host, Process operations being used, etc.
3. Program log:
Some applications will choose to manage a log file independently to record various event information during the running of the program instead of leaving it to rsyslog. Service management. Since these programs are only responsible for managing their own log files, the logging formats used by different programs may vary greatly.
Linux system log file format analysis
As long as the log files are recorded by the log service rsyslogd, their formats are the same. So as long as we understand the format of the log file, we can easily understand the log file.
The format of the log file contains the following 4 columns:
The time when the event occurred.
The host name of the server that generated the event.
The service name or program name that generated the event.
Detailed information about the event.
Let’s check the /var/log/secure
log. This log mainly records user authentication and authorization information, which is easier to understand. The command is as follows:
[root@localhost ~]# vi /var/log/secure Jun 5 03:20:46 localhost sshd[1630]:Accepted password for root from 192.168.0.104 port 4229 ssh2 # 6月5日 03:20:46 本地主机 sshd服务产生消息:接收从192.168.0.104主机的4229端口发起的ssh连接的密码 Jun 5 03:20:46 localhost sshd[1630]:pam_unix(sshd:session):session opened for user root by (uid=0) #时间 本地主机 sshd服务中pam_unix模块产生消息:打开用户root的会话(UID为0) Jun 5 03:25:04 localhost useradd[1661]:new group:name=bb, GID=501 #时间 本地主机 useradd命令产生消息:新建立bb组,GID为501 Jun 5 03:25:04 localhost useradd[1661]:new user:name=bb, UID=501, GID=501, home=/home/bb, shell=/bin/bash Jun 5 03:25:09 localhost passwd:pam_unix(passwd:chauthtok):password changed for bb
The content of a log is intercepted here, and three log sentences are annotated. Can you understand the remaining two log sentences? In fact, analyzing logs is not only an important system maintenance task, but also a very boring and cumbersome task. If there are some problems with our server, such as the system restarting or shutting down abnormally, users logging in abnormally, services not being used normally, etc., you should check the logs first.
In fact, you should check the logs as long as you feel that the server is not normal. Even when there are no problems with the server, you should develop the habit of checking the system logs regularly.
Related recommendations: "Linux Video Tutorial"
The above is the detailed content of The linux system log file contains several columns of content. For more information, please follow other related articles on the PHP Chinese website!