170 likes | 331 Views
Generating Reports and Analyzing Logs. 黃雁亭 陳麗雯 廖榆恬. Outline. Log Report Syslogd Configure the Syslog Syslog Server Logrotate Summery. Log Report. What is Log Report? A report includes….. Date, time, host, service& related function and message. Ex:
E N D
Generating Reports and Analyzing Logs 黃雁亭 陳麗雯 廖榆恬
Outline • LogReport • Syslogd • Configure the Syslog • Syslog Server • Logrotate • Summery
Log Report • What is Log Report? • A report includes….. • Date, time, host, service& related function and message. • Ex: • May 28 11:23:48 ip005 su: pam_unix(su:session): session opened for user root by imliving(uid=500)
Log Report (cont.) • Why log report? • You need to • Know the errors • See the actions • Two types • Capture bad strings immediately, ignore the rest. • Ignore “okay” strings, report on what’s left.
Syslogd • The service to reporting the log. • ps aux | grep syslog • USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND • root 4294 0.0 0.0 1716 568 ? Ss Mar31 0:00 syslogd -m 0 • chkconfig --list syslog • syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
Configure the Syslog • /etc/syslog.conf • The service. • The level of the information. • The location of the file. • Ex: • mail.info /var/log/maillog_info
Configure the Syslog (cont.) • The main services are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.
Configure the Syslog (cont.) • The level of the information • Info, notice, warning(warn) • Err(error), crit, alert • Emerg(panic) • Symbol • . • .= • .!
Configure the Syslog (cont.) • How to add the log report • vi /etc/syslog.conf • /etc/init.d/syslog restart
Syslog Server Server Syslogd /etc/sysconfig/syslog Client Syslogd /etc/syslog.conf log log cron mail auth ... 10
Syslog Server (cont.) • Server • vi /etc/sysconfig/syslog • SYSLOGD_OPTIONS="-m 0 -r" • /etc/init.d/syslog restart • netstat -lunp | grep syslog • Client • vi /etc/syslog.conf • *.* @10.10.21.69 11
Logrotate • Change the name of old log file. • Create a new empty log file. • Report the log on the new file. • Reserve the old file for a period of time. 12
Logrotate (cont.) Log Log.1 1 Log Log.1 Log.2 2 3 Log Log.1 Log.2 Log.3 4 Log Log.1 Log.2 Log.3 Log.4 13
Logrotate (cont.) • vi /etc/logrotate.conf • Execute: logrotate [-vf] logfile • logrotate -v /etc/logrotate.conf • logrotate -vf /etc/logrotate.conf 14
Summary • Log Report can see the action and the error. • Syslogd can classify the log report and centralize the management. • Logrotate can keep the log file size not too big. 15
Reference • http://phorum.study-area.org/ 酷! 學園 • http://linux.vbird.org/鳥哥的私房菜 16