How to configure log management on Linux

How to configure log management on Linux

In Linux systems, logs are a key component that records important information such as system running status, application running information, errors and warnings. Properly configuring and managing logs is crucial for system monitoring and troubleshooting. This article will introduce you to how to configure log management on Linux and provide some code examples to help you better understand and practice.

1. Understand the types and locations of log files

First, we need to understand the common log file types and locations in the system. The following are several common log file types and their locations:

1. System Log (System Log): This type of log records the running status, startup and shutdown information of the system, etc. Typically managed by rsyslog and stored in /var/log/syslog or /var/log/messages.
2. Application Log: This type of log is generated by various applications and records the running information and error information of the application. These logs are typically stored in an application-specific directory, such as /var/log/nginx/access.log.
3. Security Log: This type of log records system security events, such as login attempts, authorization requests, etc. In most Linux systems, security logs are recorded in /var/log/secure or /var/log/auth.log.

2. Configure log rotation

Log rotation refers to regularly archiving and compressing log files to prevent log files from being too large or taking up too much storage space. In Linux systems, logrotate is a commonly used log rotation tool.

1. Install logrotate:

$ sudo apt-get install logrotate

2. Configure logrotate:

Create a new configuration file so that we can customize logrotate the behavior of.

$ sudo nano /etc/logrotate.d/myapp

In the configuration file, you can specify parameters such as the log files to be rotated, the rotation interval, and the number of rotated files to retain. For example:

/var/log/myapp/*.log {
    weekly
    rotate 4
    compress
    delaycompress
    missingok
    notifempty
    sharedscripts
}

In the above example, /var/log/myapp/*.log specifies the path of the log file to be rotated, and weekly means weekly Rotate, rotate 4 means to keep the last four rotated files, compress means to compress the rotated files, delaycompress means delayed compression, missingok means if If the log file does not exist, it will be ignored. notifempty means that the log file will not be rotated when it is empty.

3. Perform rotation manually:

You can perform rotation manually to verify that the configuration is correct.

$ sudo logrotate -vf /etc/logrotate.d/myapp

3. Configure log rotation and cleanup strategies

In addition to log rotation, we can also specify log rotation and cleanup strategies in the configuration file. In Linux systems, logrotate supports the following strategies:

1. postrotate: This option specifies the command to be executed after rotation. You can perform operations such as log analysis and database backup under this option.

/var/log/myapp/*.log {
    ...
    postrotate
        /usr/bin/analyze_logs /var/log/myapp/*.log > /dev/null
    endscript
}

2. prerotate: This option specifies the command to be executed before rotation. You can perform some preprocessing operations under this option.

/var/log/myapp/*.log {
    ...
    prerotate
        /usr/bin/sync_logs /var/log/myapp/*.log
    endscript
}

3. size: This option specifies the size of the log file to trigger the rotation operation. The unit can be k (kilobytes) or M (Megabytes).

/var/log/myapp/*.log {
    ...
    size 10M
}

4. maxage: This option specifies the maximum number of days for log file retention.

/var/log/myapp/*.log {
    ...
    maxage 30
}

4. Configure remote log collection

Sometimes, we need to send the contents of the log file to a remote server for central log collection and analysis. In Linux systems, rsyslog is a commonly used log collection and processing tool.

1. Install rsyslog:

$ sudo apt-get install rsyslog

2. Configure rsyslog:

Open the main configuration file of rsyslog and edit the following content:

$ sudo nano /etc/rsyslog.conf

Uncomment the following lines (remove the # at the beginning of the line):

#$ModLoad imudp
#$UDPServerRun 514

At the end of the file, add the following:

*.* @192.168.0.100:514

where, 192.168.0.100 is the IP address of the remote server, 514 is the port number for collecting logs.

3. Restart rsyslog:

$ sudo systemctl restart rsyslog

With the above configuration, the log will be sent to the 514 port of the remote server through the UDP protocol.

Summary:

This article introduces how to configure log management on a Linux system. Starting from understanding log file types and locations, to configuring log rotation, configuring log rotation and cleaning policies, and configuring remote log collection, we provide relevant code examples to help you better understand and practice. Properly configuring and managing logs is crucial for system monitoring and troubleshooting. I hope this article will be helpful to you.

The above is the detailed content of How to configure log management on Linux. For more information, please follow other related articles on the PHP Chinese website!