/var/log --- 系统重要日志文件
var/log/messages——系统或服务运行状态日志文件(正确信息 错误信息-error/faild)
[root@oldboy0708 log]# cat /var/log/secure
Jul 13 17:01:01 oldboy0708 systemd: Started Session 30 of user root.
Jul 13 18:01:01 oldboy0708 systemd: Started Session 31 of user root.
Jul 13 18:53:21 oldboy0708 systemd-logind: Removed session 13.
Jul 13 19:01:01 oldboy0708 systemd: Started Session 32 of user root.
Jul 13 20:01:01 oldboy0708 systemd: Started Session 33 of user root.
(日志信息产生时间) (主机名称) (系统信息) (具体信息的描述)
/var/log/secure ——安全文件 记录用户的登录信息
[root@oldboyedu0708 ~]# cat /var/log/secure
Jul 11 11:57:37 oldboy0708 sshd[7825]: pam_unix(sshd:session): session closed for user root
Jul 11 11:57:38 oldboy0708 sshd[7895]: Accepted password for root from 10.0.0.1 port 4087 ssh2
Jul 11 11:57:38 oldboy0708 sshd[7895]: pam_unix(sshd:session): session opened for user root by (uid=0)
(登录到主机时间) (主机名称) (登录的方式) (登录的提示信息)
如何查看日志文件信息:
第一种方法: 只看日志文件前几行
[root@oldboyedu ~]# head -3 oldboy.log --- 默认看前10行内容
第二种方法: 只看日志文件后几行
[root@oldboyedu ~]# tail -3 oldboy.log
第三种方法: 查看文件中指定内容的行(过滤 筛选)
grep --- 擅长过滤信息
格式:grep "过滤内容" (绝对路径)
[root@oldboyedu0708 ~]# grep "Failed" /var/log/secure
Jul 11 13:59:24 oldboy0708 sshd[7494]: Failed password for invalid user root from 10.0.0.1 port 4645 ssh2
Jul 11 13:59:31 oldboy0708 sshd[7494]: Failed password for invalid user root from 10.0.0.1 port 4645 ssh2
Jul 12 12:04:33 oldboy0708 sshd[12030]: Failed password for liuxu from 10.0.0.1 port 6786 ssh2
第四种方法: 实时追踪查看日志的变化
tail -f /var/log/secure
