Chng 11: Qun l nht k

Linux v phn mm m ngun m 2009

@H Quc Trung 2009

Ni dung
I. Khi nim ghi nht k trong HH Linux II. Nht k trong linux III. Ti u ha qu trnh ghi nht k

@H Quc Trung 2009

I. Khi nim log-nht k

c thng tin v cc thao tc c thc hin c thng tin v cc s kin xy ra Log-nht k l tp hp cc thng bo c h thng sinh ra, lu trong cc tp nht k-log file. Cc thng bo c th l
Thng bo ca h thng Li trong cc thao tc ca h thng Qu trnh ng nhp, ng xut Thng bo t mt s ng dng
@H Quc Trung 2009 3

Cc vn cn quan tm
Ghi nht k v ci g? Ghi nht k nh th no?
Facilities

Ghi nht k vo u?
Destination

@H Quc Trung 2009

C ch ghi nht k
c lp
Cc ng dng t ghi nht k vo cc th mc ring r Kh theo di cc nht k Nht k nhn h iu hnh khng phi l ng dng Cc ng dng kh s dng nht k ca nhau Kh pht hin ng dng c vn

Tp trung

Cc ng dng gi thng bo chung cho mt ng dng chu trch nhim ghi nht k Ty theo mc ng dng nht k s ghi cc thng tin ph hp vo nht k
@H Quc Trung 2009 5

Ni dung
I. Khi nim ghi nht k trong HH Linux II. Nht k trong linux III. Ti u ha qu trnh ghi nht k

@H Quc Trung 2009

II. C ch ghi nht k-linux

S kin ng dng S kin Dch v S kin Thit b

syslogd
B lc cc s kin (theo tp cu hnh) Cc tp nht k Log files

@H Quc Trung 2009

syslog
Chng trnh qun l cc thng bo t cc thnh phn ca h thng c thc hin bng syslogd daemon. Khi ng cng h thng /etc/init.d/syslog { start | stop | reload } Cu hnh ca syslog c lu trong tp /etc/syslog.conf

@H Quc Trung 2009

Tp cu hnh /etc/syslog.conf
Cc dng ca tp cu hnh c dng
Facility . Priority Error condition Action Output destination

Facility l ngun gc sinh ra thng bo priority l mc quan trng ca thng bo Action l thao tc thc hin khi nhn c thng bo
Ghi vo tp, gi email, .
@H Quc Trung 2009 9

Cc loi Facility
Facility auth : authpriv : cron : ftp : kern : lpr : mail : news : syslog : user : uucp : daemon : local0-7 : ngha Thng bo v bo mt h thng lin quan n vic xc thc Thng bo v bo mt h thng lin quan n quyn truy cp Thng bo ca crond Thng bo ca dch v ftp Thng bo ca nhn HH Thng bo ca h thng in n lpr Thng bo lin quan n email Thng bo lin quan n news service Thng bo ca syslogd Thng bo ca cc ng dng NSD Copy file bng UUCP(Unix to Unix Chung ca cc daemon NSD nh ngha
@H Quc Trung 2009 10

Copy)

Priority
Priority emerg alert crit err warning notice info debug ngha Thng bo khn cp cu Bo ng Li phn cng, khng th khc phc Li thng thng Cnh bo Nhc nh Thng tin Thng tin k thut

@H Quc Trung 2009

11

Thao tc
K hiu /file_name @ hostname user_name * Thao tc Ghi vo tp file_name Chuyn n my hostname Gi thng bo cho NSD user_name Gi thng bo cho tt c NSD ang ng nhp vo h thng

@H Quc Trung 2009

12

V d v /etc/syslog.conf
# Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron

/var/log/messages

@H Quc Trung 2009

13

Listing of /etc/syslog.conf
# Everybody gets emergency messages, plus log them on another # machine. *.emerg * *.emerg @10.1.1.254 # Save boot messages also to boot.log local7.* /var/log/boot.log # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice

@H Quc Trung 2009

14

Syslog V d
Ghi kern.info and daemon.notice vo/var/log/log file.
kern.info;daemon.notice /var/log/log cron,news.debug /var/log/debug

@H Quc Trung 2009

15

Cc tp log quan trng

Th mc /var/log/

Tn tp cron maillog messages secure boot.log dmesg lastlog wtmp ngha Thng bo t cc thao tc ca crond Thng bo lin quan n email Cc thng bo ngoi bo mt, email, news Bo mt Khi ng v tt dch v Thng bo ca nhn h iu hnh Thng bo v qu trnh ng nhp ca NSD Thng bo v qu trnh hot ng ca tt c NSD

@H Quc Trung 2009

16

Cng c khc
logger: logs messages to the /var/log/messages file
logger program myscipt ERR

Logrotate: Cp nht v nn cc tp log Cu hnh /etc/logrotate.conf.

@H Quc Trung 2009

17

Ni dung
I. Khi nim ghi nht k trong HH Linux II. Nht k trong linux III. Ti u ha qu trnh ghi nht k

@H Quc Trung 2009

18

Logrotate
Xoay vng cc tp log Sao lu v nn cc d liu log c (nhng vn c th cn n) C th c kch hot theo thi gian hoc theo kch thc Cu hnh /etc/logrotate.d/

@H Quc Trung 2009

19

Cu hnh chung ca logrotae

# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create #compress # RPM packages drop log rotation information into this directory include /etc/logrotate.d # no packages own wtmp -- we'll rotate them here /var/log/wtmp { monthly create 0664 root utmp rotate 1 } # system-specific logs may be also be configured here.
@H Quc Trung 2009 20

Cu hnh cho mt tin trnh c th

[root@localhost root]# cat /etc/logrotate.d/httpd /var/log/httpd/*log { missingok notifempty sharedscripts postrotate /bin/kill -HUP `cat /var/run/httpd.pid 2>/dev/null` 2> /dev/null || true endscript }
@H Quc Trung 2009 21

Cc ty bin ca logrotate
weekly : Cc tp nht k c thc hin nu ngy trong tun hin ti nh hn ngy trong tun khi thc hin kim tra tp nht k hoc kim tra c hn 01 tun. rotate 52 : Tp nht k c x l 52 ln trc khi b xa i hoc gi theo email. compress : Cc tp lu tr c ca nht k c nn ( tit kim khng gian a). missingok : Nu tp nht k khng c, tip tc x l cc tp nht k tip theo. Khng thng bo li. notifempty : Khng x l nu nht k rng. sharedscripts : Cc tp nht k cng thc hin mt kch bn s ch thc hin kch bn mt ln. Nu khng c nht k no c x l, kch bn dng chung ny s khng thc hin. postrotate cu lnh endscript : Cu lnh thc hin sau khi x l xong tp nht k.
@H Quc Trung 2009 22

Bi tp
ng nhp vo h thng bng ti khon ngi qun tr, xem ni dung tp /var/log/messages. Cu lnh no cho bit cc s kin mi nht xy ra trong h thng. Theo di tp ni trn s dng lnh tail Cn c vo tp cu hnh ca logrotate, gii thch tp /var/log/messages c x l th no.
@H Quc Trung 2009 23