AIX系统日志学习笔记之二
2012-02-09 14:11
453 查看
AIX有一个特殊的系统守护进程,syslogd,用于记录系统信息,配置文件在/etc/syslog.conf.这个文件描述syslogd守护进程发送信息时的目的地、激活事件等。
还有一个/etc/syslog.pid文件与syslog.conf配合,syslog.pid只有一行内容,syslogd守护进程的进程ID,可以用来终止或者配置日志守护进程。
我们可以定制/etc/syslog.conf文件,可以定义系统信息的目的地,反映机制等
#cat /etc/syslog.conf
# @(#)34 1.11.2.1 src/bos/etc/syslog/syslog.conf, cmdnet,bos61N, n2011_13B1 2/21/11 04:02:04
#IBM_PROLOG_BEGIN_TAG
# This is anautomatically generated prolog.
#
# bos61Nsrc/bos/etc/syslog/syslog.conf 1.11.2.1
#
# LicensedMaterials - Property of IBM
#
# COPYRIGHTInternational Business Machines Corp. 1988,1989
# All RightsReserved
#
# US GovernmentUsers Restricted Rights - Use, duplication or
# disclosurerestricted by GSA ADP Schedule Contract with IBM Corp.
#
#IBM_PROLOG_END_TAG
#
#COMPONENT_NAME: (CMDNET) Network commands.
#
# FUNCTIONS:
#
# ORIGINS: 27
#
# (C) COPYRIGHTInternational Business Machines Corp. 1988, 1989
# All RightsReserved
# LicensedMaterials - Property of IBM
#
# US GovernmentUsers Restricted Rights - Use, duplication or
# disclosurerestricted by GSA ADP Schedule Contract with IBM Corp.
#
#/etc/syslog.conf - control output of syslogd
#
#
# Each line mustconsist of two parts:-
#
# 1) A selectorto determine the message priorities to which the
# line applies
# 2) An action.
#
# Each line cancontain an optional part:-
#
# 3) Rotation.
#
# The fieldsmust be separated by one or more tabs or spaces.
#
# format:
#
#<msg_src_list> <destination> [rotate [size <size> k|m] [files<files>] [time <time> h|d|w|m|y] [compress] [archive<archive>]]
#
# where<msg_src_list> is a semicolon separated list of<facility>.<priority>
# where:
#
#<facility> is:
# * - all (except mark)
# mark - time marks
功能可选项
# kern,user,mail,daemon, auth,... (seesyslogd(AIX Commands Reference))
#
#<priority> is one of (from high to low):
错误优先级
# emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug
# (meaning all messages of this priority orhigher)
#
#<destination> is:
# /filename - log to this file
# username[,username2...] - write touser(s)
# @hostname - send to syslogd on thismachine
# * - send to all logged in users
#
# [rotate [size<size> k|m] [files <files>] [time <time> h|d|w|m|y][compress] [archive <archive>]] is:
# If <destination> is a regular fileand the word "rotate" is
# specified, then the <destination>is limited by either
# <size> or <time>, or both<size> and <time>. The <size> causes
# the <destination> to be limited to<size>, with <files> files
# kept in the rotation. The <time>causes the <destination> to be rotated after
# <time>. If both <time> and<size> are specified then logfiles
# will be rotated once the the logfilesize exceeds the <size>
# or after <time>, whichever isearlier. The rotated filenames
# are created by appending a period and anumber to <destination>,
# starting with ".0".
#
# If compress option is specified then thelogfile names will be
# generated with a ".Z"extension. The files keyword will be applicable
# to the logfiles which are currentlyunder rotation. For example
# if we specify the compress option thenonly fileis with ".Z" extension
# will be under rotation and number ofsuch files will be limited by
# <files> files. Any logfiles withan extension other than ".Z"
# will not be under the rotation schemeand thus will not be within
# the limit of <files> files.Similarly if we remove the compress
# option then the files which have beengenerated with ".Z" extension
# will no longer be the part of rotationscheme and will not be limited
# by the <files> files.
#
# The minimum size that can be specifiedis 10k, the minimum
# number of files that can be specified is2. The default
# size is 1m (meg) and the default for<files> is unlimited.
# Therefore, if only "rotate" isspecified, the log will be
# rotated with <size> = 1m.
# The compress option means that rotatedlog files that are not
# in use will be compressed.
# The archive option will save rotated logfiles that are not
# in use to <archive>.
# The default is not to rotate log files.
#
# example:
# "mailmessages, at debug or higher, go to Log file. File must exist."
# "allfacilities, at debug and higher, go to console"
# "allfacilities, at crit or higher, go to all users"
# mail.debug /usr/spool/mqueue/syslog
# *.debug /dev/console
# *.crit *
# *.debug /var/log/syslog.out rotate size 100k files 4
# *.crit /var/log/syslog.out rotate time 1d
*.info /var/adm/ras/syslog.caarotate size 1m files 10
/etc/syslog.conf可以定制系统日志的产生和输出,编辑之后需要重启syslogd,才能生效。
下面是一些基本启动和关闭的命令:
#
# lssrc -s syslogd
Subsystem Group PID Status
syslogd ras 5177376 active
# cat /etc/syslog.pid
5177376
# ps -ef | grep syslogd
root 5177376 2162834 0 Feb 01 - 0:04 /usr/sbin/syslogd
root 5898452 5767218 0 10:49:35 pts/1 0:00 grep syslogd
# stopsrc -s syslogd
0513-044 Thesyslogd Subsystem was requested to stop.
# ps -ef | grep syslogd
root 5898454 5767218 0 10:50:01 pts/1 0:00 grep syslogd
# startsrc -s syslogd
0513-059 Thesyslogd Subsystem has been started. Subsystem PID is 5898456.
# ps -ef | grep syslogd
root 5898456 2162834 0 10:50:09 - 0:00 /usr/sbin/syslogd
root 7209178 5767218 0 10:50:20 pts/1 0:00 grep syslogd
#
定制实例:
1 、将调试级或以上的所有邮件功能消息记录到文件 /tmp/mailsyslog,可以输入以下命令:
mail.debug /tmp/mailsyslog
其中:
mail 是功能。
debug 是优先级。
/tmp/mailsyslog 是目标。
2、将除来自邮件功能以外的所有系统消息发送到名为 rigil 的主机(此处可以直接使用IP地址),可以输入以下命令:
*.debug;mail.none @rigil
其中:
* 和 mail 是功能。
debug 和 none 是优先级。
@rigil 是目标。
3、将来自所有功能的emerg 优先级的消息和来自邮件及守护进程的 crit 及以上优先级的消息发送到用户nick 和 jam,可以输入以下命令:
*.emerg;mail,daemon.crit nick, jam
其中:
*、mail 和 daemon 是功能。
emerg 和 crit 是优先级。
nick 和 jam 是目标。
4、将所有邮件功能消息发送到所有用户的终端屏幕,可以输入以下命令:
mail.debug *
其中:
mail 是功能。
debug 是优先级。
* 是目标。
还有一个/etc/syslog.pid文件与syslog.conf配合,syslog.pid只有一行内容,syslogd守护进程的进程ID,可以用来终止或者配置日志守护进程。
我们可以定制/etc/syslog.conf文件,可以定义系统信息的目的地,反映机制等
#cat /etc/syslog.conf
# @(#)34 1.11.2.1 src/bos/etc/syslog/syslog.conf, cmdnet,bos61N, n2011_13B1 2/21/11 04:02:04
#IBM_PROLOG_BEGIN_TAG
# This is anautomatically generated prolog.
#
# bos61Nsrc/bos/etc/syslog/syslog.conf 1.11.2.1
#
# LicensedMaterials - Property of IBM
#
# COPYRIGHTInternational Business Machines Corp. 1988,1989
# All RightsReserved
#
# US GovernmentUsers Restricted Rights - Use, duplication or
# disclosurerestricted by GSA ADP Schedule Contract with IBM Corp.
#
#IBM_PROLOG_END_TAG
#
#COMPONENT_NAME: (CMDNET) Network commands.
#
# FUNCTIONS:
#
# ORIGINS: 27
#
# (C) COPYRIGHTInternational Business Machines Corp. 1988, 1989
# All RightsReserved
# LicensedMaterials - Property of IBM
#
# US GovernmentUsers Restricted Rights - Use, duplication or
# disclosurerestricted by GSA ADP Schedule Contract with IBM Corp.
#
#/etc/syslog.conf - control output of syslogd
#
#
# Each line mustconsist of two parts:-
#
# 1) A selectorto determine the message priorities to which the
# line applies
# 2) An action.
#
# Each line cancontain an optional part:-
#
# 3) Rotation.
#
# The fieldsmust be separated by one or more tabs or spaces.
#
# format:
#
#<msg_src_list> <destination> [rotate [size <size> k|m] [files<files>] [time <time> h|d|w|m|y] [compress] [archive<archive>]]
#
# where<msg_src_list> is a semicolon separated list of<facility>.<priority>
# where:
#
#<facility> is:
# * - all (except mark)
# mark - time marks
功能可选项
# kern,user,mail,daemon, auth,... (seesyslogd(AIX Commands Reference))
#
#<priority> is one of (from high to low):
错误优先级
# emerg/panic,alert,crit,err(or),warn(ing),notice,info,debug
# (meaning all messages of this priority orhigher)
#
#<destination> is:
# /filename - log to this file
# username[,username2...] - write touser(s)
# @hostname - send to syslogd on thismachine
# * - send to all logged in users
#
# [rotate [size<size> k|m] [files <files>] [time <time> h|d|w|m|y][compress] [archive <archive>]] is:
# If <destination> is a regular fileand the word "rotate" is
# specified, then the <destination>is limited by either
# <size> or <time>, or both<size> and <time>. The <size> causes
# the <destination> to be limited to<size>, with <files> files
# kept in the rotation. The <time>causes the <destination> to be rotated after
# <time>. If both <time> and<size> are specified then logfiles
# will be rotated once the the logfilesize exceeds the <size>
# or after <time>, whichever isearlier. The rotated filenames
# are created by appending a period and anumber to <destination>,
# starting with ".0".
#
# If compress option is specified then thelogfile names will be
# generated with a ".Z"extension. The files keyword will be applicable
# to the logfiles which are currentlyunder rotation. For example
# if we specify the compress option thenonly fileis with ".Z" extension
# will be under rotation and number ofsuch files will be limited by
# <files> files. Any logfiles withan extension other than ".Z"
# will not be under the rotation schemeand thus will not be within
# the limit of <files> files.Similarly if we remove the compress
# option then the files which have beengenerated with ".Z" extension
# will no longer be the part of rotationscheme and will not be limited
# by the <files> files.
#
# The minimum size that can be specifiedis 10k, the minimum
# number of files that can be specified is2. The default
# size is 1m (meg) and the default for<files> is unlimited.
# Therefore, if only "rotate" isspecified, the log will be
# rotated with <size> = 1m.
# The compress option means that rotatedlog files that are not
# in use will be compressed.
# The archive option will save rotated logfiles that are not
# in use to <archive>.
# The default is not to rotate log files.
#
# example:
# "mailmessages, at debug or higher, go to Log file. File must exist."
# "allfacilities, at debug and higher, go to console"
# "allfacilities, at crit or higher, go to all users"
# mail.debug /usr/spool/mqueue/syslog
# *.debug /dev/console
# *.crit *
# *.debug /var/log/syslog.out rotate size 100k files 4
# *.crit /var/log/syslog.out rotate time 1d
*.info /var/adm/ras/syslog.caarotate size 1m files 10
/etc/syslog.conf可以定制系统日志的产生和输出,编辑之后需要重启syslogd,才能生效。
下面是一些基本启动和关闭的命令:
#
# lssrc -s syslogd
Subsystem Group PID Status
syslogd ras 5177376 active
# cat /etc/syslog.pid
5177376
# ps -ef | grep syslogd
root 5177376 2162834 0 Feb 01 - 0:04 /usr/sbin/syslogd
root 5898452 5767218 0 10:49:35 pts/1 0:00 grep syslogd
# stopsrc -s syslogd
0513-044 Thesyslogd Subsystem was requested to stop.
# ps -ef | grep syslogd
root 5898454 5767218 0 10:50:01 pts/1 0:00 grep syslogd
# startsrc -s syslogd
0513-059 Thesyslogd Subsystem has been started. Subsystem PID is 5898456.
# ps -ef | grep syslogd
root 5898456 2162834 0 10:50:09 - 0:00 /usr/sbin/syslogd
root 7209178 5767218 0 10:50:20 pts/1 0:00 grep syslogd
#
定制实例:
1 、将调试级或以上的所有邮件功能消息记录到文件 /tmp/mailsyslog,可以输入以下命令:
mail.debug /tmp/mailsyslog
其中:
mail 是功能。
debug 是优先级。
/tmp/mailsyslog 是目标。
2、将除来自邮件功能以外的所有系统消息发送到名为 rigil 的主机(此处可以直接使用IP地址),可以输入以下命令:
*.debug;mail.none @rigil
其中:
* 和 mail 是功能。
debug 和 none 是优先级。
@rigil 是目标。
3、将来自所有功能的emerg 优先级的消息和来自邮件及守护进程的 crit 及以上优先级的消息发送到用户nick 和 jam,可以输入以下命令:
*.emerg;mail,daemon.crit nick, jam
其中:
*、mail 和 daemon 是功能。
emerg 和 crit 是优先级。
nick 和 jam 是目标。
4、将所有邮件功能消息发送到所有用户的终端屏幕,可以输入以下命令:
mail.debug *
其中:
mail 是功能。
debug 是优先级。
* 是目标。
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- AIX系统日志学习笔记之二
- AIX系统日志学习笔记之三
- AIX系统日志学习笔记之三
- AIX系统日志学习笔记之一
- AIX系统日志学习笔记之一
- 大数据技术学习笔记之网站流量日志分析项目:Flume日志采集系统1
- 《AIX 5L 系统管理技术》学习笔记之第六章用户和安全的管理
- [学习笔记]Android日志系统
- SharePoint【学习笔记】-- 将SharePoint 系统日志ULS变为空
- 《AIX 5L 系统管理技术》学习笔记之第四章系统管理工具SMIT
- mysql dba系统学习(6)二进制日志binlog之二
- SharePoint【学习笔记】-- 系统日志Log4net应用
- 《AIX 5L 系统管理技术》学习笔记之第五章对象数据库管理器(ODM)
- Ubuntu 操作系统学习笔记之二--系统目录架构
- hadoop学习笔记之二:分布式系统中的CAP理论
- 《AIX 5L 系统管理技术》学习笔记之第一章AIX操作系统概述
- python学习笔记(日志系统实现)
- Linux初级学习之系统日志 第十章学习笔记
- 《AIX 5L 系统管理技术》学习笔记之第三章启动和关闭AIX操作系统
- aix学习日志(二)之文件系统!