|
|
Ubuntu 14.04.6无常规系统日志message日志
8 v f$ r# G8 a4 X: P5 V1 iroot@controller:~# cd /var/log/
; E$ q# V3 J" yroot@controller:/var/log# ls
) U3 x1 f0 {6 O, Y: salternatives.log boot.log chrony dmesg.0 dmesg.3.gz faillog kern.log syslog unattended-upgrades+ j5 X: s p9 z5 y
apt bootstrap.log dist-upgrade dmesg.1.gz dmesg.4.gz fsck landscape ubuntu-advantage.log upstart
4 |& ?. w/ p6 @0 w4 ?auth.log btmp dmesg dmesg.2.gz dpkg.log installer lastlog udev wtmp
8 \( X. Z5 `0 p# n* _- G. s, B. z; F9 ^
默认没有系统日志,和centos系统还是有些区别。& B4 D. K$ r9 C& }) n4 M4 J
通过网页搜索,显示ubuntu系统默认不开启系统日志。- R' o$ U+ A8 J: Y
因为在 /etc/rsyslog.d/50-default.conf 文件中,将其注释掉了
7 m, I5 A" x( l8 h5 Wcat /etc/rsyslog.d/50-default.conf
/ z! x" Z) s: ]% m: q0 K% S* C# Default rules for rsyslog.
2 c$ y% v+ s+ }! r#
& p4 x: C+ _$ Y: R- v3 w9 w% T4 E# For more information see rsyslog.conf(5) and /etc/rsyslog.conf0 F8 u: B0 y2 N* [
#
0 X Y- F) X; s# First some standard log files. Log by facility.
6 _" |) \9 |2 a2 G#" a( A: @6 K) u f4 |; Z
auth,authpriv.* /var/log/auth.log6 A) f. |, { R6 c* l: B
*.*;auth,authpriv.none -/var/log/syslog/ _ F; Q9 q$ S: T
#cron.* /var/log/cron.log% j9 e4 L; i0 d; L1 ~
#daemon.* -/var/log/daemon.log
' Q; v5 i/ l. T4 ]* Q9 F1 K2 Akern.* -/var/log/kern.log \: ^7 e, P$ }! K5 e
#lpr.* -/var/log/lpr.log2 ~- V4 Z, c d- ~6 C& R
mail.* -/var/log/mail.log
2 C4 w- E6 D, I$ v `#user.* -/var/log/user.log
& U4 q8 a J$ W5 c2 G9 t# O# {3 y4 L! R+ a#
% I. j# l3 q& u6 w% u9 _- e# Logging for the mail system. Split it up so that
! a5 @+ `" Y* M1 V* v. Q5 r- O# it is easy to write scripts to parse these files.
2 u( h$ l v, E% |* l#3 c( @8 j3 f1 e+ a1 S
#mail.info -/var/log/mail.info0 G/ I7 q& M. f# ?+ P* d+ ?# u
#mail.warn -/var/log/mail.warn
- r# f" p6 ?$ H. K' I0 J( j2 jmail.err /var/log/mail.err8 Q& w! V, J% l8 C7 l1 Q
#
3 g5 w% H1 f, Q1 _9 ` v# Logging for INN news system.3 x: e! V0 { N( t1 V; m8 I
#" w9 W- G! H% ?
news.crit /var/log/news/news.crit
# ^' L. A5 A knews.err /var/log/news/news.err2 U5 j# P0 h, Z5 q3 v
news.notice -/var/log/news/news.notice/ x2 ^& ]7 N! u; K8 _& ]
#: O2 Y; j$ r- a9 M% r* U6 k/ Y
# Some "catch-all" log files.
( Q* A. j1 i4 V" ~# M8 I#
9 U' t6 {& E- |$ q#*.=debug;\
9 P0 Q5 d2 ?( ~9 \4 M3 M5 t1 z# auth,authpriv.none;\. y" T; I; D3 O. P* M
# news.none;mail.none -/var/log/debug
5 H4 J% ]" i) D2 h- q; |#*.=info;*.=notice;*.=warn;\; C5 j1 d% a) [& f* H
# auth,authpriv.none;\! k/ [5 o- u) J) x. Q( q; i* ~
# cron,daemon.none;\2 k* x% ?0 w/ z/ q( v( Z2 y
# mail,news.none -/var/log/messages
9 W* A" F2 V5 E# s#5 A- V3 D2 N' c( X9 v
# Emergencies are sent to everybody logged in.
, _# T1 g2 a& a7 o2 v$ ~; [. g#/ Q2 \3 T7 D& l/ z+ }7 P, C
*.emerg :omusrmsg:*
9 f9 k. R$ U/ k- e" p. F4 n: |& b#9 d1 E& I$ k3 Q1 y6 M! W! \
# I like to have messages displayed on the console, but only on a virtual
$ L% Z s4 ~- w# console I usually leave idle.
2 y/ b: g: l n r#7 L+ M9 w! u3 e" O/ u {8 K$ x) @6 S
#daemon,mail.*;\: `7 e( [+ P3 M7 I) B$ W
# news.=crit;news.=err;news.=notice;\
: {$ X7 [# g) w3 g& l. `# r5 k& O# *.=debug;*.=info;\; Q6 |+ q7 T8 S; ?7 x- k! M
# *.=notice;*.=warn /dev/tty8$ x8 [3 m: v- K7 ?& e8 I
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,0 v) k! B7 N5 n) \6 Y. U1 G
# you must invoke `xconsole' with the `-file' option:
: q( b' e# q& b }: Q$ F+ b& j#
. ]4 ~ ^% E' ^; C! T& o+ i/ a# $ xconsole -file /dev/xconsole [...] T& P# X$ h: v1 R; x' b( @7 L
#8 T; `6 L0 a7 {( U& \& A
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably3 B- I3 h2 V* Q E B4 `. B
# busy site..
, Q' j3 _- W: i; T8 B#
. D9 G8 z( L2 ` xdaemon.*;mail.*;\
. N4 l s. Y' W9 n news.err;\
# X& d1 i. G5 P- J *.=debug;*.=info;\
6 i) J: k! {* [9 v0 J. w( R *.=notice;*.=warn |/dev/xconsole
, Z+ g) l) ]4 p! E& M" d解决办法:
' ?( K1 X% k# I$ ]5 Z所以需修改该配置文件,将注释放开。
/ @+ q* L5 _5 S; h, F- Kroot@controller:/var/log# vim /etc/rsyslog.d/50-default.conf 9 n! [, ]$ F* R& O' ~% y1 d
( ?) k9 M3 f+ E
# Some "catch-all" log files.
: X" I- a0 l# T! f- X#
& p- r2 _/ J# Q" ?# f8 T*.=debug;\* i" R8 g% V1 |% e' @
auth,authpriv.none;\
" Q8 w: v+ `' O" Q, m news.none;mail.none -/var/log/debug
, f9 X3 J8 C/ e7 R* l*.=info;*.=notice;*.=warn;\3 L j6 L6 c& L* q5 l( S1 u
auth,authpriv.none;\% a: U7 S3 v8 S" q
cron,daemon.none;\8 R6 [& Y% A1 ]0 E7 t
mail,news.none -/var/log/messages `4 U8 T! T1 @! m- {$ w
" K6 P0 ^6 M2 m' U然后重启rsyslog服务即可:
: T) b, l3 z+ ^2 H# F+ ^ [3 }9 h5 O1 L& F/ J# U0 _( a5 S: N& m B
root@controller:/var/log# service rsyslog restart " m# ?9 s( f8 u5 g
rsyslog stop/waiting
5 H& B% L' ~7 x5 }6 ~7 ~% trsyslog start/running, process 749070 [7 ` a5 m" l4 N7 Q
2 F' z8 [ D* y5 Z
) |6 O4 O+ k& } Z4 R4 ]& m/ E& O1 |再次查看,就有日志了:& Y& u6 ]9 A2 c) M9 ?
root@controller:/var/log# ls% D, w4 b \: ^+ ]- E
alternatives.log boot.log chrony dmesg.0 dmesg.3.gz faillog kern.log messages udev wtmp7 ?" M5 {* V4 d- C
apt bootstrap.log dist-upgrade dmesg.1.gz dmesg.4.gz fsck landscape syslog unattended-upgrades6 q) M/ H: k8 } e& k
auth.log btmp dmesg dmesg.2.gz dpkg.log installer lastlog ubuntu-advantage.log upstart3 v2 D7 c, y9 ?2 g2 y" w. P
root@controller:/var/log# 6 ?2 p8 |& O- q% G* _3 _/ |) U7 m
' p! M2 V+ y" f+ g% k4 ]8 ?! F& R5 c2 `* ^7 G
问题解决。0 `, ^( \. t6 J1 r' X" _
# F/ r) |) t( j l N0 H2 N5 B: T |
|
发表于 2022-1-18 15:00:01