generating reports and analyzing logs 黃雁亭 陳麗雯 廖榆恬 1
TRANSCRIPT
Generating Reports and Analyzing Logs
黃雁亭陳麗雯廖榆恬
1
Outline
• Log Report• Syslogd• Configure the Syslog• Syslog Server• Logrotate• Summery
2
Log Report
• What is Log Report?• A report includes…..– Date, time, host, service& related function and
message.
• Ex:– May 28 11:23:48 ip005 su: pam_unix(su:session): session
opened for user root by imliving(uid=500)
3
Log Report (cont.)• Why log report?• You need to – Know the errors– See the actions
• Two types– Capture bad strings immediately, ignore the rest.– Ignore “okay” strings, report on what’s left.
4
Syslogd
• The service to reporting the log. • ps aux | grep syslog– USER PID %CPU %MEM VSZ RSS TTY STAT START TIME
COMMAND – root 4294 0.0 0.0 1716 568 ? Ss Mar31 0:00 syslogd -m 0
• chkconfig --list syslog– syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
5
Configure the Syslog
• /etc/syslog.conf– The service.– The level of the information.– The location of the file.
• Ex:– mail.info /var/log/maillog_info
6
Configure the Syslog (cont.)
• The main services are auth, authpriv, cron, daemon, kern, lpr, mail, mark, news, security (same as auth), syslog, user, uucp and local0 through local7.
7
Configure the Syslog (cont.)• The level of the information– Info, notice, warning(warn)– Err(error), crit, alert– Emerg(panic)
• Symbol– .– .=– .!
8
Configure the Syslog (cont.)
• How to add the log report– vi /etc/syslog.conf– /etc/init.d/syslog restart
9
Syslog Server
Syslogd/etc/syslog.conf
cron mail auth ...
log
Syslogd/etc/sysconfig/
syslog
logClient
Server
10
Syslog Server (cont.)
• Server– vi /etc/sysconfig/syslog– SYSLOGD_OPTIONS="-m 0 -r" – /etc/init.d/syslog restart – netstat -lunp | grep syslog
• Client– vi /etc/syslog.conf– *.*@10.10.21.69 11
Logrotate
• Change the name of old log file.• Create a new empty log file.• Report the log on the new file.• Reserve the old file for a period of time.
12
Logrotate (cont.)
LogLog.1
Log
Log
Log
Log.1
Log.1
Log.1
Log.2
Log.2
Log.2
Log.3
Log.3 Log.4
1
2
3
4
13
Logrotate (cont.)
• vi /etc/logrotate.conf• Execute: logrotate [-vf] logfile– logrotate -v /etc/logrotate.conf– logrotate -vf /etc/logrotate.conf
14
Summary
• Log Report can see the action and the error.• Syslogd can classify the log report and
centralize the management.• Logrotate can keep the log file size not too
big.
15
Reference
• http://phorum.study-area.org/ 酷 ! 學園• http://linux.vbird.org/ 鳥哥的私房菜
16
Thanks for your listening.
17