Lokacin da kuka fuskanci kowace matsala game da aikin uwar garken ku, abu na farko da kuke so ku yi shi ne duba rajistan ayyukan Linux ɗin ku. A cikin log ɗin tsarin, zaku iya samun wasu saƙon bincike masu taimako daga sassa daban-daban na tsarin aiki kamar kernel ko ayyuka daban-daban, don haka da alama za ku sami dalilin gazawar a can.
Kowane saƙo a cikin log ɗin ana haifar da shi a sakamakon wasu abubuwan da suka faru a cikin tsarin aiki: daga mai amfani, izini zuwa rufe sabis ko gazawar aikace-aikace. Waɗannan al'amuran suna da fifiko daban-daban dangane da yadda suke da mahimmanci. Akwai nau'ikan abubuwan da suka faru a cikin Linux:
emerg- gazawa, mafi girman fifiko;alert- gargadi na gaggawa;crit- lamari mai mahimmanci;err- kuskure na yau da kullun;warn- gargadi na yau da kullun;notice- sanarwa;info- sakon bayanai;debug- bayanin kuskure;
A halin yanzu, manyan ayyukan tattara rajistan ayyukan a cikin Linux sune rsyslog da kuma tsarin-jarida. Suna tafiya tare da yawancin fakitin rarraba na zamani kuma suna aiki da kansu.
rsyslog
Logs na wannan sabis ɗin suna cikin "/ var / log /" babban fayil a matsayin fayilolin rubutu na yau da kullun. Ana sanya saƙon shiga cikin fayiloli daban-daban dangane da nau'in taron. Misali, "/var/log/auth.log” ya ƙunshi bayanai kan izinin masu amfani a cikin tsarin, da “/var/log/kern.log" ya ƙunshi saƙonnin kernel. Sunayen fayiloli na iya bambanta a cikin fakitin rarrabawa, don haka bari mu kalli fayil ɗin daidaitawa don fahimtar menene inda "/etc/rsyslog.d/50-default.conf".
Waɗannan ƙa'idodin suna nuna wane fayil ya ƙunshi kowane nau'in saƙonnin log. Bangaren hagu yana nuna nau'in saƙo a cikin tsari mai zuwa "[Madogararsa].[Mafi fifiko]"kuma bangaren dama yana nuna sunan fayil ɗin log. Yayin rubuta nau'in saƙon"*"za a iya ƙara harafi zuwa. Yana nufin ƙimar wofi ko"m” wanda ya cire shi daga lissafin, bari mu yi la’akari da ƙa’idodin biyu na farko.
“auth,authpriv.* /var/log/auth.log”
“*.*;auth,authpriv.none -/var/log/syslog”Dokar farko tana nufin cewa duk saƙonnin da aka karɓa daga hanyar ba da izini za a rubuta su cikin "/var/log/auth.logDuk yunƙurin ba da izini (dukkan nasara da waɗanda ba a yi nasara ba) za a yi rajista a cikin wannan fayil ɗin.Ka'ida ta biyu tana nuna cewa duk saƙonnin ban da waɗanda ke da alaƙa da izini za a rubuta su cikin "/ var / log / syslog"fayil ɗin. Waɗannan fayilolin guda biyu galibi sune mafi shahara. Dokokin da ke gaba suna bayyana hanyar adana bayanan kwaya"kwarin.*"da rajistan ayyukan mail"mail.*"
Ana iya buɗe fayilolin log tare da taimakon kowane editan rubutu, kamar Kadan, cat, wutsiya. Mu bude”/var/log/auth.log"fayil
less /var/log/auth.log
Kowane layi na fayil ɗin saƙo ne daban da aka karɓa daga aikace-aikacen ko sabis. Duk saƙonni ba tare da la'akari da tushen su suna da tsari ɗaya kuma sun ƙunshi sassa 5 ba. Bari mu ɗauki fitaccen saƙon da ke cikin hoton allo a matsayin misali.
- Tambarin saƙo - "Fabrairu 12 06:18:33"
- Sunan kwamfutar da ta aiko da sakon - "vds"
- Sunan aikace-aikacen ko sabis ɗin da ya aika saƙon - "sshd"
- ID tsari - [653]
- Rubutun saƙo - "Masu kalmar sirri da aka karɓa don mihail daga 188.19.42.165 tashar jiragen ruwa 2849 ssh2"
Wannan misali ne na haɗin kai mai nasara zuwa SSH.
Ga kuma yadda yunƙurin shiga da bai yi nasara ba ya yi kama:
Wannan fayil kuma yana yin rikodin umarni tare da izini na ci gaba
Mu bude / var / log / syslog fayil
Saƙon da aka haskaka akan hoton hoton shine saƙon game da rufe hanyar sadarwa ta hanyar sadarwa.
Don neman bayanai ta amfani da dogon fayilolin rubutu grep mai amfani. Kuna iya samun duk saƙonnin da aka karɓa daga pptpd service in"/ var / log / syslog"fayil.
grep 'pptpd' /var/log/syslog
A lokacin bincike zaka iya amfani dashi wutsiya mai amfani wanda zai iya nuna layuka na ƙarshe na fayiloli da yawa. Umurni"wutsiya -f / var / log / syslog” zai baka damar kallon rikodin rikodin a cikin ainihin-lokaci.
Sabis rsyslog yana da sassauƙa da ƙarfi sosai. Ana iya amfani da shi don girbi rajistan ayyukan a cikin tsarin gida da kuma a matakin kasuwanci. Kuna iya samun cikakkun takardu akan gidan yanar gizon hukuma https://www.rsyslog.com/
Logs juyawa a cikin Linux
Rikodin shiga yana faruwa akai-akai, don haka girman fayilolin yana girma koyaushe. Tsarin juyawa yana tabbatar da adanawa ta atomatik na tsoffin rajistan ayyukan da ƙirƙirar sabbin fayiloli. Dangane da ƙa'idodin, yana iya faruwa kowace rana, mako-mako, kowane wata ko ta iyakar girman. Kamar yadda aka ƙirƙiri sababbin rajistan ayyukan, tsofaffin za a iya share su kawai ko aika ta imel. Jujjuya rajistan ayyukan ta cimma mai amfani. Kuna iya samun babban tsari a cikin "/etc/logrotate.conf"fayil. Ana kuma sarrafa abun cikin fayiloli a cikin"/etc/logrotate.d/”Babban fayil
Ana iya shigar da sabbin dokoki cikin babban fayil ɗin saiti. Koyaya, yana da kyau a ƙirƙiri wani fayil daban a cikin “/etc/logrotate.d/" Ta hanyar tsoho, akwai 'yan fayiloli a cikin wannan kundin adireshi
Bari mu kalli fayil ɗin"/etc/logrotate.d/rsyslog"wanda ya ƙunshi dokokin jujjuya don rajistan ayyukan rsyslog sabis.
Da farko, yakamata doka ta ƙunshi hanyar zuwa fayil ɗin log ɗin sannan tafi duk jagororin cikin maƙallan maƙallan.
- juya 7 - adadin fayiloli don kiyayewa - 7
- kullum - ƙirƙirar sabon fayil kowace rana
- damfara - damfara da adana tsoffin fayiloli
Kuna iya gani a kan sikirin hoton cewa a cikin "/ var / log /" folder akwai babban log"syslog” da kuma 7 archives, wanda yayi daidai da ka'idoji a cikin fayil ɗin daidaitawa.
Kuna iya samun ƙarin cikakken bayanin logrotate a cikin littafin, aiwatar da "mutum logrotate” umarni
Tattara rajistan ayyukan Linux - jarida
Sabis na girbi logs tsarin-jarida wani bangare ne na tsarin farawa tsarin tsarin. Ana adana fayilolin log na Linux a cikin "/var/log/jarida/” a cikin tsari na musamman kuma ana iya buɗe shi tare da taimakon jarida mai amfani. Tsarin rikodin daidai yake da a ciki rsyslog.
umurnin jarida ba tare da sifa ba yana nuna duk bayanan amma bai dace da manyan rajistan ayyukan ba. Bari mu kalli wasu zaɓuɓɓukan wannan abin amfani.
journalctl -b- nuna duk bayanan tun farkon farawajournalctl -S "2020-02-17 12:00" -U "2020-02-17 12:10"- nuna rikodin a cikin wani takamaiman lokacijournalctl -u pptpd- nuna bayanan wani sabisjournalctl -k- nuna saƙonnin kwayajournalctl -p err- nuna saƙonnin takamaiman fifiko, saƙon fifiko mafi girma a cikin wannan yanayin (crit, faɗakarwa, fitowar)journalctl -f- nuna saƙonni a cikin ainihin-lokaci
Don ingantacciyar sassauci zaku iya haɗa waɗannan zaɓuɓɓukan. Bari mu nuna duk kurakurai na pptpd sabis
journalctl -u pptpd -p err
Idan ka saka hanyar zuwa fayil ɗin da za a iya aiwatarwa azaman sifa mai amfani zai nuna duk saƙonnin da wannan fayil ɗin ya aika. Bari mu nuna duk saƙonnin da fayil ɗin ya aika “/usr/bin/sudo” tun daga 04:15 akan Fabrairu 18, 2020. A zahiri, zai nuna duk umarnin da aka aiwatar tare da izini mafi girma.
journalctl -S "2020-02-18 04:15" /usr/bin/sudo
Don nemo nawa fayilolin log ɗin sararin faifai ke ɗauka don aiwatar da umarni mai zuwa
journalctl --disk-usageDomin iyakance fayil ɗin log ɗin zuwa 1Gb aiwatar da umarni mai zuwa
journalctl --vacuum-size=1GBuɗe fayilolin binary
Yanzu bari mu kalli wasu fayiloli na musamman a cikin "/ var / log /” babban fayil inda ake adana duk ƙoƙarin shiga. Waɗannan fayilolin binary ne kuma ana iya buɗe su da shirye-shirye na musamman kawai.
/var/log/wtmp ya ƙunshi bayani kan nasarar ƙoƙarin shiga. Yi amfani da mai amfani na ƙarshe don buɗe shi.
/var/log/btmp - ya ƙunshi duk ƙoƙarin shiga da bai yi nasara ba. Ana iya buɗe shi da lastb tare da izini na ci gaba. Siffa -n yana bayyana adadin layin da aka nuna daga ƙarshen fayil ɗin.
/var/log/lastlog - ya ƙunshi lokacin aikin shiga na ƙarshe don kowane rikodin asusun. Ana iya buɗe shi da karshe
