知乎专栏 |
注意 | |
---|---|
很多2011年前很多Linux发行版使用syslog,但自2011之后,各种Linux发行版逐步向rsyslog迁移。rsyslog成为主流。 |
enables logging from remote machines
# vim /etc/sysconfig/syslog #SYSLOGD_OPTIONS="-m 0" SYSLOGD_OPTIONS="-r -m 0"
# /etc/init.d/syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ]
*.* @172.16.0.9
所有日志将被重定向到172.16.0.9
[root@dev1 test]# service syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ] [root@dev1 test]#
日志的级别
emerg 系统已经不可用,级别为紧急 alert 警报,需要立即处理和解决 crit 既将发生,得需要预防。事件就要发生 warnig 警告 err 错误信息,普通的错误信息 notice 提醒信息,很重要的信息 info 通知信息,属于一般信息 debug 这是调试类信息
#vi /etc/syslog.conf # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none;local1.none;local3.none /var/log/messages #my log local3.* /var/log/my.log
# service syslog restart Shutting down kernel logger: [ OK ] Shutting down system logger: [ OK ] Starting system logger: [ OK ] Starting kernel logger: [ OK ]
ping 192.168.0.1 | logger -it logger_test -p local3.notice
# cat /var/log/my.log Jan 12 18:06:03 dev1 logger_test[10991]: PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data. Jan 12 18:06:03 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=1 ttl=64 time=0.746 ms Jan 12 18:06:04 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=2 ttl=64 time=0.713 ms Jan 12 18:06:05 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=3 ttl=64 time=0.924 ms Jan 12 18:06:06 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=4 ttl=64 time=0.819 ms Jan 12 18:06:08 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=5 ttl=64 time=0.667 ms Jan 12 18:06:09 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=6 ttl=64 time=0.626 ms Jan 12 18:06:10 dev1 logger_test[10991]: 64 bytes from 192.168.0.1: icmp_seq=7 ttl=64 time=0.665 ms