less /etc/logrotate.d/*
vi /etc/syslog.conf
facility.priority
facility: auth,auth-priv,cron,daemon,kern,lpr,mail,mark,news,security,syslog,user,uucp,local0 through local7
priority: 恐龍din穿著we杯子c吃掉美國人a然後就會講英文e
dinwecae
debug
info
notice
warn
error
crit (critiical)
alert
emerg (emergency)
kern.*;*.=crit * #write to all
*.emerg @sysadmin.acme.com #傳給其他主機
*.info;mail.none;authpriv.none /var/log/messages #絕對路徑告知寫入某檔案
service syslop restart
logger -p daemon.info This is a test
logger -p kern.panic Kernel panic! Please log off NOW!
vi /etc/logrotate.conf
logrotate -f /etc/logrotate.conf #force a logroate
cd /var/log
ls -lR
**tools
grep, grep -v, logcheck, logdigest
logwatch,logsurfer
swatch #transfer log to email
less /var/log/messages
less /var/log/secure
less /var/log/warn
less /var/lob/mail*
less /var/log/lastlog #last successful login
less /var/log/secure #fail logins 看誰在搞鬼
less /var/log/wtmp #successful logins 成功 login 時間
less /var/run/utmp #currently logged in users 列出所有user並顯示最後登錄時間
***tools about login check
w
who
id
last #-down logout , tty2 atl+ctrl+f2,: is x windown 看看系統那些人最近login
lastlog
請注意apache及samba 用另外的logger
dns bind 9 用預設的