1 / 17

Generating Reports and Analyzing Logs

Generating Reports and Analyzing Logs. 黃雁亭 陳麗雯 廖榆恬. Outline. Log Report Syslogd Configure the Syslog Syslog Server Logrotate Summery. Log Report. What is Log Report? A report includes….. Date, time, host, service& related function and message. Ex:

Download Presentation

Generating Reports and Analyzing Logs

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬

  2. Outline • LogReport • Syslogd • Configure the Syslog • Syslog Server • Logrotate • Summery

  3. Log Report • What is Log Report? • A report includes….. • Date, time, host, service& related function and message. • Ex: • May 28 11:23:48 ip005 su: pam_unix(su:session): session opened for user root by imliving(uid=500)

  4. Log Report (cont.) • Why log report? • You need to • Know the errors • See the actions • Two types • Capture bad strings immediately, ignore the rest. • Ignore “okay” strings, report on what’s left.

  5. Syslogd • The service to reporting the log. • ps aux | grep syslog • USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND • root 4294 0.0 0.0 1716 568 ? Ss Mar31 0:00 syslogd -m 0 • chkconfig --list syslog • syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off

  6. Configure the Syslog • /etc/syslog.conf • The service. • The level of the information. • The location of the file. • Ex: • mail.info /var/log/maillog_info

  7. Configure the Syslog (cont.) • The main services are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.

  8. Configure the Syslog (cont.) • The level of the information • Info, notice, warning(warn) • Err(error), crit, alert • Emerg(panic) • Symbol • . • .= • .!

  9. Configure the Syslog (cont.) • How to add the log report • vi /etc/syslog.conf • /etc/init.d/syslog restart

  10. Syslog Server Server Syslogd /etc/sysconfig/syslog Client Syslogd /etc/syslog.conf log log cron mail auth ... 10

  11. Syslog Server (cont.) • Server • vi /etc/sysconfig/syslog • SYSLOGD_OPTIONS="-m 0 -r" • /etc/init.d/syslog restart • netstat -lunp | grep syslog • Client • vi /etc/syslog.conf • *.* @10.10.21.69 11

  12. Logrotate • Change the name of old log file. • Create a new empty log file. • Report the log on the new file. • Reserve the old file for a period of time. 12

  13. Logrotate (cont.) Log Log.1 1 Log Log.1 Log.2 2 3 Log Log.1 Log.2 Log.3 4 Log Log.1 Log.2 Log.3 Log.4 13

  14. Logrotate (cont.) • vi /etc/logrotate.conf • Execute: logrotate [-vf] logfile • logrotate -v /etc/logrotate.conf • logrotate -vf /etc/logrotate.conf 14

  15. Summary • Log Report can see the action and the error. • Syslogd can classify the log report and centralize the management. • Logrotate can keep the log file size not too big. 15

  16. Reference • http://phorum.study-area.org/ 酷! 學園 • http://linux.vbird.org/鳥哥的私房菜 16

  17. Thanks for your listening. 17

More Related