This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
регистрация_событий_в_linux [2016/10/10 13:21] val [Генератор отчетов] |
регистрация_событий_в_linux [2018/03/02 16:09] val [Регистрация сообщений, переданных по сети] |
||
---|---|---|---|
Line 10: | Line 10: | ||
$ logger -t kernel -p kern.emerg 'Kernel Panic' | $ logger -t kernel -p kern.emerg 'Kernel Panic' | ||
</code> | </code> | ||
- | ===== Systemd journald ===== | ||
- | * [[https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs|How To Use Journalctl to View and Manipulate Systemd Logs]] | ||
- | ==== Форматы вывода ==== | ||
- | <code> | ||
- | # journalctl -ra | ||
- | |||
- | # journalctl --no-pager | ||
- | |||
- | # journalctl -o json | ||
- | |||
- | # journalctl -o verbose | ||
- | |||
- | # journalctl -f | ||
- | </code> | ||
- | |||
- | ==== Фильтрация вывода ==== | ||
- | <code> | ||
- | # journalctl -ra -u postfix | ||
- | |||
- | # journalctl -ra -p err | ||
- | |||
- | # man systemd.journal-fields | ||
- | |||
- | # journalctl SYSLOG_FACILITY=2 | ||
- | </code> | ||
- | |||
- | ==== Управление ==== | ||
- | <code> | ||
- | # man journald.conf | ||
- | |||
- | # journalctl --disk-usage | ||
- | |||
- | # journalctl --vacuum-size=1G | ||
- | </code> | ||
- | |||
- | ==== Регистрация сообщений, переданных по сети ==== | ||
- | |||
- | * [[http://unix.stackexchange.com/questions/83173/receiving-syslog-messages-with-a-systemd-arch-linux|Receiving Syslog messages with a systemd]] | ||
===== Сервис rsyslog ===== | ===== Сервис rsyslog ===== | ||
Line 65: | Line 27: | ||
root@server:~# chown syslog:adm /var/log/cisco.log | root@server:~# chown syslog:adm /var/log/cisco.log | ||
- | root@server:~# restart rsyslog | + | root@server:~# service rsyslog restart |
root@server:~# tail -f /var/log/cisco.log | root@server:~# tail -f /var/log/cisco.log | ||
Line 71: | Line 33: | ||
==== Регистрация сообщений, переданных по сети ==== | ==== Регистрация сообщений, переданных по сети ==== | ||
+ | |||
+ | === Сервер === | ||
<code> | <code> | ||
root@server:~# cat /etc/rsyslog.conf | root@server:~# cat /etc/rsyslog.conf | ||
Line 82: | Line 46: | ||
</code> | </code> | ||
+ | === Клиент rsyslog === | ||
+ | <code> | ||
+ | # cat /etc/rsyslog.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | *.* @server.corp13.un | ||
+ | </code> | ||
==== Передача сообщений на STDIN программы ==== | ==== Передача сообщений на STDIN программы ==== | ||
<code> | <code> | ||
Line 94: | Line 65: | ||
root@server:~# service rsyslog restart | root@server:~# service rsyslog restart | ||
</code> | </code> | ||
- | ===== Дополнительные материалы ===== | ||
- | ==== Генератор отчетов logwatch ==== | + | ===== Генератор отчетов logwatch ===== |
* [[http://ashep.org/2012/monitoring-sistemy-pri-pomoshhi-logwatch/|Мониторинг системы при помощи logwatch]] | * [[http://ashep.org/2012/monitoring-sistemy-pri-pomoshhi-logwatch/|Мониторинг системы при помощи logwatch]] | ||
Line 107: | Line 77: | ||
</code> | </code> | ||
- | ==== syslog facility ==== | + | ===== Systemd journald ===== |
+ | * [[https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs|How To Use Journalctl to View and Manipulate Systemd Logs]] | ||
+ | |||
+ | ==== Форматы вывода ==== | ||
+ | <code> | ||
+ | # journalctl -ra | ||
+ | |||
+ | # journalctl --no-pager | ||
+ | |||
+ | # journalctl -o json | ||
+ | |||
+ | # journalctl -o verbose | ||
+ | |||
+ | # journalctl -f | ||
+ | </code> | ||
+ | |||
+ | ==== Фильтрация вывода ==== | ||
+ | <code> | ||
+ | # journalctl -ra -u postfix | ||
+ | |||
+ | # journalctl -ra -p err | ||
+ | |||
+ | # man systemd.journal-fields | ||
+ | |||
+ | # journalctl SYSLOG_FACILITY=2 | ||
+ | </code> | ||
+ | |||
+ | ==== Управление ==== | ||
+ | <code> | ||
+ | # man journald.conf | ||
+ | |||
+ | # journalctl --disk-usage | ||
+ | |||
+ | # journalctl --vacuum-size=1G | ||
+ | </code> | ||
+ | |||
+ | ==== Регистрация сообщений, переданных по сети в journald ==== | ||
+ | |||
+ | * [[http://unix.stackexchange.com/questions/83173/receiving-syslog-messages-with-a-systemd-arch-linux|Receiving Syslog messages with a systemd]] | ||
+ | |||
+ | ==== journalctl SYSLOG_FACILITY ==== | ||
<code> | <code> | ||
0 kernel messages | 0 kernel messages |