Study the contents of each field in Linux log files

Linux, as a widely used operating system, has a powerful log system to record important information during system operation. Log files are usually stored in the /var/log directory, which contains various types of log files, such as system logs, security logs, etc. This article will take an in-depth look at the contents of each column in a Linux log file and explain the meaning of each column with specific code examples.

1. syslog log file

Syslog is one of the most common log systems in Linux, recording various operating information of the system. Syslog log files are usually stored in the /var/log directory, and the most common one is the syslog file. The following is an example content of a syslog log file:

Mar 10 08:30:45 localhost cron[1234]: (root) CMD (run-parts /etc/cron.daily)
Mar 10 10:15:20 localhost sshd[5678]: Failed password for user1 from 192.168.1.100 port 22
Mar 11 14:55:30 localhost kernel: Out of memory: Kill process 4321 (apache2) score 500 or sacrifice child

In the above example, each line of log content usually contains the following columns:

• Date and time: The log event was recorded The specific time of occurrence, in the format of month, day, hour:minute:second.
• Host name: Identifies the host name where the log event is located, usually localhost.
• Application name: Indicates the name of the application that generates logs, such as cron, sshd, kernel, etc.
• Process ID: Record the process ID corresponding to the application that generated the log.
• Log content: Specific log information, such as failed login attempts, insufficient memory, etc.

2. auth.log log file

The auth.log log file records the system’s authentication and authorization information and can be used to track user logins and permission changes. The following is an example content of an auth.log log file:

Mar 10 08:30:45 localhost sshd[1234]: Accepted publickey for user2 from 192.168.1.101 port 22
Mar 10 10:15:20 localhost sudo: user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/bash
Mar 11 14:55:30 localhost su: pam_unix(su:session): session opened for user2 by user1(uid=0)

In the auth.log log file, each line of log content usually contains the following columns:

• Date and time : Record the specific time when the log event occurred.
• Host name: Identifies the host name where the log event is located.
• Application name: Indicates the name of the application that generates logs, such as sshd, sudo, su, etc.
• Process ID: Record the process ID corresponding to the application that generated the log.
• Log content: Specific authentication and authorization information, such as public key login, using sudo to switch users, etc.

3. Kernel log file

Kernel log file records the running information of the Linux kernel and can be used to diagnose system hardware and software problems. Generally speaking, the path of the Kernel log file is /var/log/kern.log. The following is an example content of a Kernel log file:

Mar 10 08:30:45 localhost kernel: [ 123.456789] eth0: link up (1000Mbps/Full duplex)
Mar 10 10:15:20 localhost kernel: [ 234.567890] CPU0: Core temperature above threshold, cpu clock throttled (total events = 1)
Mar 11 14:55:30 localhost kernel: [ 345.678901] Out of memory: Kill process 4321 (apache2) score 500 or sacrifice child

In the Kernel log file, each line of log content usually contains the following columns:

• Date and time: The log was recorded The specific time the incident occurred.
• Host name: Identifies the host name where the log event is located.
• Kernel messages: specific information recorded by the kernel, such as network card status, temperature alarm, insufficient memory, etc.

4. Practical operation example

The following is a sample code for filtering specific logs in auth.log through the grep command:

grep "Accepted publickey" /var/log/auth.log

The above example will output auth The .log contains the log content of "Accepted publickey", which is convenient for users to view specific public key login information.

Through the introduction and sample code of this article, readers can have a deeper understanding of the meaning of each column in the Linux log file, and how to process and filter the log file through the command line tool. System administrators can use this information to monitor the operating status of the system, discover and solve problems in a timely manner, and ensure the stability and security of the system.

The above is the detailed content of Study the contents of each field in Linux log files. For more information, please follow other related articles on the PHP Chinese website!