Linux8.7 Linux系统日志

　　Linux系统日志，system log，记录各种日志，系统、网络、内核、服务等。

[root@chy002 ~]# cat /var/log/messages

　　设想，如果系统所有操作内容都记录在该文件，会导致该文件过大，如何避免。

[root@chy002 ~]# du -sh !$
du -sh /var/log/messages
228K    /var/log/messages

#发现该日志并不大

[root@chy002 ~]# ls /var/log/messages*
/var/log/messages           /var/log/messages-20180121
/var/log/messages-20180108  /var/log/messages-20180130
/var/log/messages-20180119

#防止日志无限制增加，设置了日志切割工具。logrotate
[root@chy002 ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly 每周切割
weekly

# keep 4 weeks worth of backlogs 保留4个
rotate 4

# create new (empty) log files after rotating old ones 创建新文件
create

# use date as a suffix of the rotated file  文件后缀名
dateext

# uncomment this if you want your log files compressed  是否压缩
#compress

#告诉 logrotate 读入存放在/etc/logrotate.d 目录中的日志转储参数，当系统中安装了RPM 软件包时，使用include 选项十分有用。RPM 软件包的日志转储参数一般存放在/etc/logrotate.d 目录。
# RPM packages drop log rotation information into this directory  
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
        minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.

参考https://my.oschina.net/u/2000675/blog/908189

　　

　　dmesy命令，硬件运行日志。与 /var/log/dmesg无关联，该文件为系统启动所记录情况。

　　last命令，查看正确的登录和重启历史。调用的是 /var/log/wtmp，该二进制文件无法cat

　　lastb命令，查看登录失败的历史。调用的是 /var/log/btmp，无法cat

　　安全日志  /var/log/secure ，会记录一些暴力破解等信息