Home >Operation and Maintenance >Linux Operation and Maintenance >Study the contents of each field in Linux log files
Linux, as a widely used operating system, has a powerful log system to record important information during system operation. Log files are usually stored in the /var/log directory, which contains various types of log files, such as system logs, security logs, etc. This article will take an in-depth look at the contents of each column in a Linux log file and explain the meaning of each column with specific code examples.
Syslog is one of the most common log systems in Linux, recording various operating information of the system. Syslog log files are usually stored in the /var/log directory, and the most common one is the syslog file. The following is an example content of a syslog log file:
Mar 10 08:30:45 localhost cron[1234]: (root) CMD (run-parts /etc/cron.daily) Mar 10 10:15:20 localhost sshd[5678]: Failed password for user1 from 192.168.1.100 port 22 Mar 11 14:55:30 localhost kernel: Out of memory: Kill process 4321 (apache2) score 500 or sacrifice child
In the above example, each line of log content usually contains the following columns:
The auth.log log file records the system’s authentication and authorization information and can be used to track user logins and permission changes. The following is an example content of an auth.log log file:
Mar 10 08:30:45 localhost sshd[1234]: Accepted publickey for user2 from 192.168.1.101 port 22 Mar 10 10:15:20 localhost sudo: user1 : TTY=pts/0 ; PWD=/home/user1 ; USER=root ; COMMAND=/bin/bash Mar 11 14:55:30 localhost su: pam_unix(su:session): session opened for user2 by user1(uid=0)
In the auth.log log file, each line of log content usually contains the following columns:
Kernel log file records the running information of the Linux kernel and can be used to diagnose system hardware and software problems. Generally speaking, the path of the Kernel log file is /var/log/kern.log. The following is an example content of a Kernel log file:
Mar 10 08:30:45 localhost kernel: [ 123.456789] eth0: link up (1000Mbps/Full duplex) Mar 10 10:15:20 localhost kernel: [ 234.567890] CPU0: Core temperature above threshold, cpu clock throttled (total events = 1) Mar 11 14:55:30 localhost kernel: [ 345.678901] Out of memory: Kill process 4321 (apache2) score 500 or sacrifice child
In the Kernel log file, each line of log content usually contains the following columns:
The following is a sample code for filtering specific logs in auth.log through the grep command:
grep "Accepted publickey" /var/log/auth.log
The above example will output auth The .log contains the log content of "Accepted publickey", which is convenient for users to view specific public key login information.
Through the introduction and sample code of this article, readers can have a deeper understanding of the meaning of each column in the Linux log file, and how to process and filter the log file through the command line tool. System administrators can use this information to monitor the operating status of the system, discover and solve problems in a timely manner, and ensure the stability and security of the system.
The above is the detailed content of Study the contents of each field in Linux log files. For more information, please follow other related articles on the PHP Chinese website!