ÔõÑùʹÓÃLinux¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎö
ÔõÑùʹÓÃlinux¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎö
СÐò£º
ÔÚÔËάºÍ¿ª·¢ÊÂÇéÖУ¬ÈÕÖ¾ÖÎÀíºÍÆÊÎöÊǺÜÊÇÖ÷ÒªµÄÒ»ÏîÊÂÇé¡£LinuxϵͳÌṩÁ˸»ºñµÄ¹¤¾ßºÍÏÂÁîÀ´¶ÔÈÕÖ¾¾ÙÐÐÖÎÀíºÍÆÊÎö¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃlinux¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎöµÄһЩ³£¼ûÒªÁìºÍ¹¤¾ß£¬²¢¸½ÉÏÏà¹ØµÄ´úÂëʾÀý¡£
Ò»¡¢ÈÕÖ¾ÖÎÀí
ÈÕÖ¾ÎļþµÄλÖÃ
ÔÚLinuxϵͳÖУ¬ÈÕÖ¾Îļþͨ³£ÉúÑÄÔÚ/var/logĿ¼Ï£¬²î±ðµÄЧÀͺÍÓ¦ÓóÌÐò»á½«×Ô¼ºµÄÈÕÖ¾Îļþ´æ·ÅÔÚ²î±ðµÄ×ÓĿ¼ÖС£³£¼ûµÄ¼¸¸öÖ÷ÒªµÄÈÕÖ¾ÎļþĿ¼ÈçÏ£º
/var/log/auth.log£º¼Í¼ϵͳµÇ¼ºÍÈÏÖ¤Ïà¹ØÊÂÎñ£»
/var/log/messages£º¼Í¼ϵͳÖ÷ÒªÊÂÎñºÍÖÒÑÔÐÅÏ¢£»
/var/log/syslog£º¼Í¼ϵͳЧÀͺÍÄÚºËÏà¹ØÊÂÎñ£»
/var/log/secure£º¼Í¼ϵͳÇå¾²Ïà¹ØÊÂÎñ¡£
Éó²éÈÕÖ¾ÎļþÄÚÈÝ
ʹÓÃLinuxµÄ»ù±¾ÏÂÁîtailºÍcat¿ÉÒÔÉó²éÈÕÖ¾ÎļþµÄÄÚÈÝ¡£tailÏÂÁîÓÃÓÚÏÔʾÎļþµÄ×îºó¼¸ÐУ¬¿ÉÒÔͨ¹ýtail -n À´Ö¸¶¨ÒªÏÔʾµÄÐÐÊý£¬Ê¾ÀýÈçÏ£º
$ tail -n 10 /var/log/auth.log $ tail -f /var/log/messages
µÇ¼ºó¸´ÖÆ
catÏÂÁî¿ÉÒÔÏÔʾÕû¸öÎļþµÄÄÚÈÝ£¬Ê¾ÀýÈçÏ£º
$ cat /var/log/syslog
µÇ¼ºó¸´ÖÆ
ÈÕÖ¾ÎļþµÄѹËõºÍ¹éµµ
ΪÁ˽ÚÔ¼´ÅÅ̿ռ䣬¹ØÓÚ½ÏÁ¿¾ÉµÄÈÕÖ¾Îļþ£¬¿ÉÒÔ¾ÙÐÐѹËõºÍ¹éµµ¡£Ê¹ÓÃLinuxµÄѹËõÏÂÁîgzip¿ÉÒÔ¶ÔÈÕÖ¾Îļþ¾ÙÐÐѹËõ£¬Ê¾ÀýÈçÏ£º
$ gzip /var/log/syslog
µÇ¼ºó¸´ÖÆ
ʹÓÃgzipÏÂÁî»á½«ÔʼÎļþѹËõΪ.gzÃûÌõÄÎļþ£¬¿ÉÒÔʹÓÃgunzipÏÂÁѹËõÎļþ½âѹËõ¡£¹ØÓÚÒѾѹËõµÄÈÕÖ¾Îļþ£¬»¹¿ÉÒÔʹÓÃtarÏÂÁî¾ÙÐй鵵ºÍѹËõ£¬Ê¾ÀýÈçÏ£º
$ tar czf /var/log/archive.tar.gz /var/log/oldlogs/
µÇ¼ºó¸´ÖÆ
ÕâÌõÏÂÁ/var/log/oldlogsĿ¼ÏµÄÎļþ¹éµµ²¢Ñ¹ËõΪ/var/log/archive.tar.gzÎļþ¡£
¶þ¡¢ÈÕÖ¾ÆÊÎö
ʹÓÃgrepÏÂÁî¾ÙÐÐÈÕÖ¾¹ýÂË
grepÏÂÁîÊÇÒ»¸öÇ¿Ê¢µÄÎı¾ËÑË÷¹¤¾ß£¬¿ÉÒÔͨ¹ýÕýÔò±í´ïʽÀ´¹ýÂ˳öÇкÏÌõ¼þµÄÈÕÖ¾¼Í¼¡£Ê¾ÀýÈçÏ£º
$ grep "error" /var/log/syslog $ grep -i "error" /var/log/syslog
µÇ¼ºó¸´ÖÆ
µÚÒ»ÌõÏÂÁî»á²éÕÒ/var/log/syslogÎļþÖк¬ÓДerror”µÄÐУ¬µÚ¶þÌõÏÂÁîµÄ-iÑ¡ÏîÌåÏÖ²»Çø·Ö¾Þϸд¡£
ʹÓÃawkÏÂÁî¾ÙÐÐÈÕÖ¾ÆÊÎö
awkÏÂÁîÊÇÒ»ÖÖ´¦ÀíÎı¾µÄÇ¿Ê¢¹¤¾ß£¬¿ÉÒÔƾָ֤¶¨µÄ×ֶξÙÐÐÊý¾ÝÌáÈ¡ºÍÆÊÎö¡£Ê¾ÀýÈçÏ£º
$ awk '{print $1,$4}' /var/log/syslog $ awk '/error/ {print $0}' /var/log/syslog
µÇ¼ºó¸´ÖÆ
µÚÒ»ÌõÏÂÁ´Ó/var/log/syslogÎļþÖÐÌáÈ¡µÚ1ºÍµÚ4¸ö×ֶΣ¬²¢´òÓ¡³öÀ´£¬µÚ¶þÌõÏÂÁ´òÓ¡³öº¬ÓДerror”µÄÐС£
ʹÓÃÈÕÖ¾ÆÊÎö¹¤¾ß
³ýÁË»ù±¾µÄÏÂÁîÍ⣬ÉÐÓÐһЩרÃÅÓÃÓÚÈÕÖ¾ÆÊÎöµÄ¹¤¾ß£¬ÈçLogstash¡¢ElasticsearchºÍKibana£¨ELK£©µÈ¡£ÕâЩ¹¤¾ß¿ÉÒÔ½«ÈÕÖ¾Êý¾Ýµ¼Èëµ½Êý¾Ý¿âÖУ¬²¢ÌṩÁËÇ¿Ê¢µÄËÑË÷ºÍ¿ÉÊÓ»¯¹¦Ð§£¬Àû±ã¾ÙÐиüÉîÈëºÍÖØ´óµÄÈÕÖ¾ÆÊÎöÊÂÇé¡£
½áÂÛ£º
ͨ¹ý±¾ÎĵÄÏÈÈÝ£¬ÎÒÃÇÏàʶÁËÔõÑùʹÓÃlinux¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎöµÄһЩ»ù±¾ÒªÁìºÍ¹¤¾ß¡£ÊìÁ·ÕÆÎÕÕâЩҪÁìºÍ¹¤¾ß£¬½«ÓÐÖúÓÚÌá¸ßÔËάºÍ¿ª·¢ÊÂÇéµÄЧÂÊ£¬²¢½â¾öһЩ³£¼ûµÄÎÊÌ⡣ϣÍû¶ÁÕßÄܹ»³ä·ÖʹÓÃLinuxϵͳÌṩµÄ¸»ºñ×ÊÔ´£¬¸üºÃµØ¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎö¡£
²Î¿¼×ÊÁÏ£º
Linux»ù´¡ÏÂÁî½Ì³Ì
Linux²Ù×÷ϵͳʵ¼ùÖ¸ÄÏ
´úÂëʾÀý£º£¨ÕâÀïÖ»ÌṩʾÀý£¬ÏÖÕæÏàÐÎÐèҪƾ֤ÏêϸµÄÐèÒªºÍÇéÐξÙÐÐÉèÖú͵÷½â£©
Éó²é×îеÄ10ÌõÈÏÖ¤ÈÕÖ¾¼Í¼£º
$ tail -n 10 /var/log/auth.log
µÇ¼ºó¸´ÖÆ
Éó²éʵʱ¸üеÄϵͳÐÂÎÅÈÕÖ¾£º
$ tail -f /var/log/messages
µÇ¼ºó¸´ÖÆ
ʹÓÃgrepɸѡ³ö°üÀ¨”error”µÄÈÕÖ¾¼Í¼£º
$ grep "error" /var/log/syslog
µÇ¼ºó¸´ÖÆ
ʹÓÃawkÌáÈ¡³ö/var/log/syslogÎļþÖеĵÚ1ºÍµÚ4¸ö×ֶΣº
$ awk '{print $1,$4}' /var/log/syslog
µÇ¼ºó¸´ÖÆ
ÒÔÉϽöΪһЩÈÕÖ¾ÖÎÀíºÍÆÊÎöµÄ»ù±¾Ê¾Àý£¬ÏÖʵӦÓÃÖл¹»áƾ֤ÏêϸÐèÇó¾ÙÐиüÖØ´óµÄ´¦ÀíºÍÆÊÎö¡£Ï£Íû¶ÁÕßÔÚÊÂÇéÖÐÄܳä·ÖÍÚ¾òºÍʹÓÃLinuxÌṩµÄÇ¿Ê¢¹¤¾ßºÍÒªÁ죬¸üºÃµØÍê³ÉÈÕÖ¾ÖÎÀíºÍÆÊÎöµÄÊÂÇé¡£
ÒÔÉϾÍÊÇÔõÑùʹÓÃLinux¾ÙÐÐÈÕÖ¾ÖÎÀíºÍÆÊÎöµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡