linux 系统日志

1.日志系统：syslog 和syslog-ng（next generation）

2.syslog是个服务：是一个统一的结构，系统常见的、固定的设施（facility）用这个服务记录日志

3.syslog服务：服务名就叫syslog　

[root@node3 log]# chkconfig --list |grep syslog
rsyslog            0:off    1:off    2:on    3:on    4:on    5:on    6:off
[root@node3 /]# service rsyslog status
rsyslogd (pid  991) is running...
[root@node3 /]# 

klogd：内核，专门负责记录内核产生的日志信息   /var/log/dmesg　

　　/sbin/init 之后　

syslogd： 系统，负责非内核产生的日志信息  /var/log/messages

日志需要滚动（日志切割）：messages-20170622 messages-20170612

logrotate 专门的日志计划  /etc/cron.daily/logrotate  /etc/logrotate.conf

  

[root@node3 log]# cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

/var/log/maillog邮件系统产生的日志

/var/log/secure  登录产生的日志  可以写个脚本，每天运行一下，生成一个报告

配置文件：/etc/syslog.conf(Centos 6起，/etc/syslog.conf不再有，而是/etc/rsyslog.conf代替)