2015年9月14日 星期一

Chapter 10. Analyzing and Storing Logs.

  1. System logging

    The /var/log directory is where these logs are persistently stored.

    The systemd-journald daemon provides an improved log management service that collects messages from the kernel, the early stages of the boot process, standard output and error of daemons as they start up and run, and syslog.

    The rsyslog service then sorts the syslog messages by type (or facility) and priority, and writes them to persistent files in the /var/log directory.


     
  2. Syslog files



    This is configured by the file /etc/rsyslog.conf and by *.conf files in /etc/rsyslog.d.
     
  3. Sample rules section of rsyslog.conf


     
  4. Log file rotation

    Logs are "rotated" by the logrotate utility to keep them from filling up the file system containing /var/log/.
     
  5. Analyze a syslog entry

    The following example will explain the an atomy of a log file message in the /var/log/secure log file:


     
  6. Monitor a log file with tail

    # tail -f  /var/log/secure
     
  7. Send a syslog message with logger

    # logger [-p 服務名稱.等級] "訊息"
     
  8. Finding events with journalctl

    # journalctl [-nrpf] [--since TIME] [--until TIME] _optional
    -n:顯示最近的幾行
    -p:顯示後面所接的訊息重要性排序
    -f: 即時監看
    --since --until:設定開始與結束的時間,讓在該期間的資料輸出而已
    _SYSTEMD_UNIT=unit.service:只輸出 unit.service 的資訊而已
    _PID=pid :只輸出 PID 號碼的資訊
     
  9. Store the system journal per manently

    由於 systemd-journald.servicd 的訊息是不會放到下一次開機後的,所以我們可以利用以下方法儲存。
     
    # mkdir /var/log/journal
    # chown root:systemd-journal /var/log/journal
    #     chmod 2775 /var/log/journal
    # killall -USR1 systemd-journald    # journalctl -b
     
  10. Set local clocks and  time zone

    # timedatectl [commamd]

    list-timezones:列出系統上所有支援的時區名稱
    set-timezone:設定時區位置
    set-time:設定時間
    set-ntp:設定網路校時系統
     
  11. Configuring and monitoring chronyd
     
    The chronyd service is recorded in the driftfile specified in the /etc/chrony.conf configuration file.

    The quality of an NTP time source is determined by the stratum value reported by the time source.

    It is recommended to use the iburst option, because after the service starts, four measure ments are taken in a short time period for a more accurate initial clock synchronization.

    The chronyc command acts as a client to the chronyd service.