Khwooo’s Weblog

July 13, 2007

linux system logs

Filed under: linux — Tags: , , , , — khwooo @ 2:09 pm

天那好久沒回來 +_+

因為某些緣故這兩天在研究公司落落長的log
在網路上找了些資料,有關如何分析、切割和讀取log檔案

首先 linux 的 log 在 /var/log/ 下面,裡面有:

/var/log/message: Genreal message and system releated stuff
/var/log/auth.log: Authenication logs
/var/log/kern.log: Kernel logs
/var/log/cron.log: Crond logs
/var/log/maillog: Mail logs
/var/log/httpd/: Apache access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log: MySQL database server log file
/var/log/secure: Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log: Yum log files

關於中文詳述可以參考Linux 私房菜 — 登錄檔的分析啦!

這次有使用到的指令有:

split 切割檔案
lastlog -> /var/log/lastlog
dump-utmp ->/var/run/utmp
last -x -f (wtmp)
ac -d (wtmp)
who /var/log/wtmp
pacct
w

草率貼上來,詳情請 man 一下

參考資料:
Linux log files location …
CERNET 网络应急响应组
linux系統安全(二): 日誌
Linux日志分析的实战专题
資安論壇 :: 觀看文章 – 常見的系統紀錄

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: