Maitiro ekuverenga matanda eLinux uye kuti ungaiwanepi

Paunotarisana nechero matambudziko nekuita kweserver yako, chinhu chekutanga chaunoda kuita tarisa yako Linux matanda. Mune iyo system log, unogona kuwana mamwe anobatsira ekuongorora mameseji kubva kwakasiyana zvikamu zveiyo inoshanda sisitimu senge kernel kana akasiyana masevhisi, saka iwe unogona kuwana kutadza kukonzeresa ipapo.

Yese meseji murogi inogadzirwa mumhedzisiro yezvimwe zviitiko mushandisi sisitimu: kubva kumushandisi, mvumo kune sevhisi kuvhara-pasi kana kutadza kushanda. Zviitiko izvi zvine zvakakosheswa zvakasiyana zvichienderana nekukosha kwazvo. Kune anotevera marudzi ezviitiko muLinux:

1. emerg - kukundikana, kunyanya kukosha;
2. alert - kukurumidza nyevero;
3. crit - chiitiko chakakosha;
4. err - kukanganisa kwakajairika;
5. warn - yambiro yakajairika;
6. notice - chiziviso;
7. info - meseji yeruzivo;
8. debug - ruzivo rwekugadzirisa;

Parizvino, iwo makuru ekucheka matanda masevhisi muLinux ndiwo rsyslog uye systemd-journald. Ivo vanoenda neakawanda emazuva ano ekugovera mapakeji uye vanoshanda vakazvimiririra.

rsyslog

Mapepa ebasa iri anowanikwa mu “/ var / danda /” folda iri muchimiro cheakajairwa mameseji mafaira. Log meseji anoiswa mumafaira akasiyana zvichienderana nerudzi rwechiitiko. Semuyenzaniso, “/var/log/auth.log” ine ruzivo rwemvumo yevashandisi muhurongwa, uye “/var/log/kern.log” ine kernel meseji. Mazita emafaira anogona kusiyana pamapaketi ekugovera, saka ngatitarisei config file kuti tiwane pfungwa yekuti kupi “/etc/rsyslog.d/50-default.conf".

Iyi mitemo inoratidza kuti ndeipi faira ine mhando yega yega yemashoko egi. Chikamu chekuruboshwe chinoratidza mhando yemeseji mune inotevera fomu "[Kwakabva].[Kukosha]” uye chikamu chekurudyi chinoratidza zita refaira regi. Uchinyora mhando yemeseji “*” mavara anogona kuwedzerwa. Zvinoreva kukosha kusina kana kuti “hapana” inoibvisa pakurongwa ngatinyatsoongororai mitemo miviri yekutanga.

“auth,authpriv.* /var/log/auth.log”
“*.*;auth,authpriv.none -/var/log/syslog”

Mutemo wekutanga unoreva kuti mameseji ese anogamuchirwa kubva kumvumo yemagetsi anonyorwa mu "/var/log/auth.log” faira. Kuedza kwemvumo kwese (kwese kwakabudirira uye kwete) kuchanyoreswa mufaira iri./ var / log / syslog” faira. Aya mafaera maviri ndiwo anowanzo nyanya kufarirwa. Mitemo inotevera inotsanangura nzira yekuchengeta kernel logs “kern.” uye tsamba dzebasa retsamba “tsamba."

Log mafaira anogona kuvhurwa nerubatsiro rwechero text editor, senge zvishoma, katsi, muswe. Ngativhure “/var/log/auth.log” faira

less /var/log/auth.log

Mutsara wega wega wefaira iri meseji yakaparadzana yakagamuchirwa kubva kune application kana sevhisi. Mameseji ese zvisinei nekwaanobva ane fomati imwe chete uye ane zvikamu zvishanu. Ngatitorei meseji yakasimbiswa muscreenshot semuenzaniso.

1. Chitambi chemeseji - "Feb 12 06:18:33"
2. Zita rekombuta yakatumira meseji - "vds"
3. Zita rekushandisa kana sevhisi yakatumira meseji - "sshd"
4. Maitiro ID - [653]
5. Runyoro rwemeseji - "Pasiwedhi inogamuchirwa ye mihail kubva 188.19.42.165 port 2849 ssh2"

Uyu waive muenzaniso wekubatana kwakabudirira kune SSH.

Uye heino maitiro asina kubudirira kuedza kupinda mukati:

Iyi faira zvakare inorekodha mirairo ine mvumo yepamusoro

Ngativhure / var / log / syslog faira

Meseji yakasimbiswa pascreenshot ndiyo meseji nezve network network kuvharika.

Zvekutsvaga ruzivo kuburikidza neakareba mameseji mafaira shandisa grep utility. Unogona kuwana ese mameseji akagamuchirwa kubva pptpd service mu "/ var / log / syslog” faira.

grep 'pptpd' /var/log/syslog

Munguva yekuongorora iwe unogona kushandisa muswe utility iyo inogona kuratidza akati wandei ekupedzisira mitsara yemafaira. Command “muswe -f / var / log / syslog” ichakubvumidza kuti utarise matanda kurekodha munguva chaiyo.

Iyo sevhisi rsyslog inochinjika zvikuru uye ine simba. Inogona kushandiswa pakukohwa matanda mumasisitimu emunharaunda pamwe nepamusoro pebhizinesi. Iwe unogona kuwana zvizere zvinyorwa pane webhusaiti yepamutemo https://www.rsyslog.com/

Logs kutenderera muLinux

Kurekodha kwelogi kuri kuitika nguva dzose, saka saizi yemafaira inogara ichikura. Rotation mechanism inovimbisa kuchengetedza otomatiki kwematanda ekare uye kugadzirwa kwemafaira matsva. Zvichienderana nemirairo, zvinogona kuitika zuva nezuva, vhiki nevhiki, pamwedzi kana nehukuru muganhu. Sezvo matanda matsva anogadzirwa, ekare anogona kungobviswa kana kutumirwa neemail. Logs kutenderera kunoitwa ne kubudirira utility. Iwe unogona kuwana iyo huru yekumisikidza mu "/etc/logrotate.conf” faira. Zvemukati zvemafaira zvinogadziriswa zvakare mu “/etc/logrotate.d/”Forodha

Mitemo mitsva inogona kuiswa mukati meiyo huru config file. Nekudaro, zvakanakisa kugadzira faira rakasiyana mu "/etc/logrotate.d/”. Nenguva isipi, pane mafaera mashoma mudhairekitori iri

Ngatitarisei faira "/etc/logrotate.d/rsyslog" iyo ine mitemo yekutenderera yematanda e rsyslog basa.

Chekutanga, mutemo unofanirwa kuve negwara rinoenda kune regi faira uye wobva waenda ese nhungamiro mumabhuraketi akakomberedzwa.

• tenderera 7 - nhamba yemafaira ekuchengeta - 7
• mazuva ose - gadzira faira nyowani mazuva ese
• compress - compress uye chengetedza mafaera ekare

Iwe unogona kuona pane iyo skrini pane iyo "/ var / danda /” folda pane iyo huru logi "syslog” uye 7 archives, inoenderana nemitemo iri muconfig file.

Unogona kuwana tsananguro yakadzama ye logrotate mubhuku rekushandisa, uchiita "murume logrotate” command

Kuunganidza Linux matanda - yakanyorwa

Basa rekukohwa matanda systemd-journald chikamu chekutanga system systemd. Linux log mafaera anochengetwa mu "/var/log/journal/” muchimiro chakakosha uye inogona kuvhurwa nerubatsiro rwe mutori utility. Rekodhi fomati yakafanana chaizvo neye in rsyslog.

murayiro mutori isina hunhu inoratidza marekodhi ese asi haina kukodzera matanda makuru. Ngatitarisei dzimwe sarudzo dzekushandisa iyi.

• journalctl -b - ratidza marekodhi ese kubva pakutanga kwekupedzisira
• journalctl -S "2020-02-17 12:00" -U "2020-02-17 12:10" - ratidza rekodhi mukati meimwe nguva yenguva
• journalctl -u pptpd - ratidza zvinyorwa zveimwe sevhisi
• journalctl -k - ratidza kernel mameseji
• journalctl -p err - ratidza mameseji ezvimwe zvakakosha, mameseji epamusoro mune ino kesi (crit, chenjedzo, kubuda)
• journalctl -f - ratidza mameseji munguva chaiyo

Kuti zvive nani kushanduka iwe unogona kusanganisa idzi sarudzo. Ngatiratidzei kukanganisa kwese kwe pptpd sevhisi

journalctl -u pptpd -p err

Kana iwe ukatsanangura nzira inoenda kune faira rinogoneka sehunhu utility icharatidza mameseji ese anotumirwa nefaira iri. Ngatiratidze mameseji ese anotumirwa nefaira "/usr/bin/sudo” kubvira 04:15 musi waKukadzi 18, 2020. Chokwadi, icharatidza mirairo yese yakaitwa nemvumo dzepamusoro.

journalctl -S "2020-02-18 04:15" /usr/bin/sudo

Kuti uwane kuti ingani disk space log mafaera anotora kutora unotevera kuraira

journalctl --disk-usage

Kuti udzikise faira regi ku1Gb ita murairo unotevera

journalctl --vacuum-size=1G

Kuvhura mabhinari mafaira

Zvino ngatitarisei mamwe mafaera akakosha mu“/ var / danda /” folda inochengeterwa zviyedzo zvese zvekupinda.Mafaira aya ndeebhinari uye anogona kuvhurwa nezvirongwa zvakakosha chete.

/var/log/wtmp ine ruzivo rwekubudirira kuedza kupinda. Shandisa utility yekupedzisira kuivhura.

/var/log/btmp - ine zvese zvakakundikana kuedza kupinda. Inogona kuvhurwa ne lastb ine mvumo yepamusoro. Attribute -n inotsanangura nhamba yemitsara inoratidzwa kubva kumagumo efaira.

/var/log/lastlog - ine nguva yekupedzisira yekuisa chiitiko kune yega account rekodhi. Inogona kuvhurwa nayo lastlog