1.rsyslog
This service is used to collect logs. It does not generate logs, but plays a collection role
vim /etc/rsyslog.conf ##View collection log information
/var/log/messages ##Service information log
/var/log/secure ##System login log
/var/log/cron ##Scheduled task log
/var/log/maillog ##Mail log
/var/log/boot.log ##System startup log
Specify path collection path
In the next line of the specified log, set *. * / var/log/westos to restart the service, and use the ll command to view the service content collected by westos.
2. Specify log collection path
** *(What kind of log).*(What level of log) /var/log/westos ##All levels all typesWhat kind of log.What level of log /var/log/file ##Log collection rules
##The log types are:
auth ##Logs generated by pam
authpriv ##Verification information of ssh,ftp and other login information
cron ##Time task related
kern ##kernel
lpr ##Printing
mail ##mail
mark(syslog)-rsyslog ##Service internal information, time identification
news ##Newsgroup
user ##Relevant information generated by user program
uucp ##UNIX to UNIX copy, communication between UNIX hosts
local 1~7 ##Custom log device##The log level is divided into:
debug ##If there is debugging information, the log information is the most
info ##General information log, most commonly used
notice ##Information on the most important general conditions
warning ##Warning level
err ##Error level, information that prevents a function or module from working properly
crit ##Severity level, information that prevents the whole system or the whole software from working properly
alert ##Information to be modified immediately
emerg ##Kernel crash and other serious information
none ##Nothing to record##Note: from top to bottom, from low to high, less and less information is recorded
##For details, please refer to the manual: man 3 syslog
2. Remote synchronization of logs
1)At the sender of the log:
vim /etc/rsyslog.conf
*.* @172.25.254.200 (Receiving party ip) ##"@ for udp @ for tcp" ""systemctl restart rsyslog
2)At the recipient of the log:
vim /etc/rsyslog.conf
$ModLoad imudp ##Log acceptance module
$UDPServerRun 514 ##Open accept port
systemctl restart rsyslog
systemctl stop firewalld ##Close the firewall
systemctl disable firewalld ##Set fire wall on / off
3)Test:
//Clear the log file at both the sender and the receiver
> /var/log/messagesAt the sender of the log
logger testcat /var/log/messages ##View log completed
View in log receiver
cat /var/log/messages
###Setting of log collection format##
//At the receiving party:vim /etc/rsyslog.conf
systemctl restart rsyslog$template LOGFMT, "%timegenerated% %FROMHOST-IP% %syslogtag% %msg%\n"
*.* /var/log/westos;LOGFMT%timegenerated% ##Show log time
%FROMHOST-IP% ##Display host ip
%svslogtag% ##Logging target
%msg% ##Log content
\n ##Line feedcat /var/log/westos
3. Time synchronization service
Service name
chronyd
1)On the server side:
vim /etc/chrony.conf
22 allow 172.25.254.0/24 ##Allow those clients to synchronize native time
29 local stratum 10 ##This machine does not synchronize the time advance of any host. This machine is used as the time sourcesystemctl restart chronyd
timedatectl set-timezone Asia/Shanghai
2)On the client:
vim /etc/chrony.conf
server 172.25.254.200 iburst(Delete three lines and change one) ##The time for the local machine to synchronize 200 hosts immediatelysystemctl restart chronyd
timedatectl set-timezone Asia/Shanghai ##Change management time to time zone3)test
[root@client Desktop]# chronyc sources -v
210 Number of sources = 1.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| / xxxx = adjusted offset,
|| Log2(Polling interval) -. | yyyy = measured offset,
|| \ | zzzz = estimated error.
|| | |
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 172.25.254.216 0 7 0 10y +0ns[ +0ns] +/- 0ns
##A question mark appears? Pay attention to whether the fire wall is closed
4.timedatectl command
timedatectl ##Management system time
status ##Display current time information
set-time ##Set current time
eg: timedatectl set-time "2018-11-11 11:11:11" ##Set the current time as 11:11:11 on November 11, 2018
set-timezone ##Set current time zone
eg: timedatectl set-timezone Asia/Shanghai ##Set the current time zone as Zone 8set-local-rtc 0|1 ##Set whether to use utc time (1 on 0 off)
list-timezones ##View all supported time zones
5.journal
1.journalctl ##Log viewing tool
-n 3 ##View the last three logs
-p err ##View error log
-o verbose ##View the detailed parameters of the log
--since ##View the log from when
--until ##View the log due from
2. How to use SYSTEMd journal to save system logs
By default, system D-JOURNAL does not save system logs to the hard disk
Then you can only see the log after the power is turned on again after the power is turned off
The logs before the last shutdown cannot be viewed
mkdir /var/log/journal
chgrp systemd-journal /var/log/journal
chmod g+s /var/log/journal
killall -1 systemd-journald
ls /var/log/journal
946cb0e817ea4adb916183df8c4fc817
reboot: restart
journalctl -n 6
