개요 : 시스템에 로그 메시지를 남기고 처리하는 프로그램과설정 파일을 모두 합쳐서 부르는 말
syslogd에 의해 파일,외부서버,메일 등으로 로그를 보낸다.
- /etc/syslog.conf
이곳에 정의된 정보에 의해 메시지를 보냄
# /etc/init.d/syslog start
# /etc/init.d/syslog stop
실습
텔넷 접속 확인 로그
1----------------------------------130p
bash-2.05# cat /etc/hosts > /dev/sysmsg
bash-2.05# cd /etc
bash-2.05# cp syslog.conf syslog.conf.orig
Dec 12 15:30:59 server110 sendmail[229]: [ID 702911 mail.alert] unable to qualify my own domain name (server110) -- using short name
Dec 12 15:31:00 server110 sendmail[228]: [ID 702911 mail.alert] unable to qualify my own domain name (server110) -- using short name
Dec 12 15:31:14 server110 hsfs: [ID 204484 kern.notice] NOTICE: hsfs: Warning: the file system mounted on /cdrom/20040114_000414
Dec 12 15:31:14 server110 does not conform to the ISO-9660 specification:
Dec 12 15:31:14 server110 hsfs: [ID 269722 kern.notice] trailing blanks or null characters in file or directory name.
Dec 12 15:31:14 server110 hsfs: [ID 674684 kern.notice] Due to this error, the file system may not be correctly interpreted.
Dec 12 15:31:14 server110 hsfs: [ID 532498 kern.notice] Other such errors in this file system will be silently ignored.
Dec 12 15:31:54 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 12 15:32:46 server110 last message repeated 4 times
Dec 12 16:01:32 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
텔넷으로 접속하는 로그를 보기위해 준비
2----------------------------------
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
SunOS 5.9
login: root
Password:
Last login: Thu Dec 15 17:23:56 from 172.16.7.81
Sun Microsystems Inc. SunOS 5.9 Generic January 2003
# exit
Connection to localhost closed by foreign host.
bash-2.05#
현재는 텔넷으로 접속했다가 나와도 아무 로그가 남지 않는다.
3----------------------------
"/etc/init.d/inetsvc" 261 lines, 7172 characters
#!/sbin/sh
#
# Copyright 2004 Sun Microsystems, Inc. All rights reserved.
# Use is subject to license terms.
#
#ident "@(#)inetsvc 1.31 04/03/16 SMI"
#
# This is third phase of TCP/IP startup/configuration. This script
# runs after the NIS/NIS+ startup script. We run things here that may
# depend on NIS/NIS+ maps.
#
case "$1" in
'start')
;; # Fall through -- rest of script is the initialization code
'stop')
/usr/bin/pkill -x -u 0 'in.named|inetd'
exit 0
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
# If boot variables are not set, set variables we use
[ -z "$_INIT_UTS_NODENAME" ] && _INIT_UTS_NODENAME=`/usr/bin/uname -n`
if [ -z "$_INIT_PREV_LEVEL" ]; then
set -- `/usr/bin/who -r`
_INIT_PREV_LEVEL="$9"
fi
#
# wait_nis
?usr/sbin
else
mcastif=$_INIT_UTS_NODENAME
fi
echo "Setting default IPv4 interface for multicast:" \
"add net 224.0/4: gateway $mcastif"
/usr/sbin/route -n add -interface 224.0/4 -gateway "$mcastif" >/dev/null
) &
#
# Remove the _INIT_ environment variables before running inetd.
#
unset `env | sed -n 's/^\(_INIT_.*\)=.*/\1/p'`
#
# Run inetd in "standalone" mode (-s flag) so that it doesn't have
# to submit to the will of SAF. Why did we ever let them change inetd?
#
/usr/sbin/inetd -s -t
~
~
/usr/sbin/inetd -s 뒤에 -t 옵션 붙인다.
"/etc/default/inetd" [Read only] 23 lines, 719 characters
#ident "@(#)inetd.dfl 1.2 01/12/23 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/inetd
#
# inetd default settings processed via inetd(1M).
#
# ENABLE_CONNECTION_LOGGING affects the tracing of incoming TCP
# connections, see inetd(1M) for details. The default value is "NO". A
# value of "YES" (any case) results in tracing of connections; any other
# value is ignored.
#
ENABLE_CONNECTION_LOGGING=YES
# ENABLE_TCPWRAPPERS affects the wrapping of TCP services, see inetd(1M)
# and tcpd(1M) for details. The default value is "NO". A value of "YES"
# (any case) results in wrapping all TCP services with libwrap; any other
# value is ignored.
#
#ENABLE_TCPWRAPPERS=NO
~
~
~
#ENABLE_CONNECTION_LOGGING=NO 의 주석을 제거하고 YES로 편집한다.
bash-2.05# /etc/init.d/inetsvc start
Setting netmask of pcn0 to 255.255.255.0
Setting default IPv4 interface for multicast: add net 224.0/4: gateway server110
bash-2.05#
재시작
텔넷으로 접속시도
4-----------------------------------
로그가 남는다.
Dec 12 15:31:14 server110 hsfs: [ID 204484 kern.notice] NOTICE: hsfs: Warning: the file system mounted on /cdrom/20040114_000414
Dec 12 15:31:14 server110 does not conform to the ISO-9660 specification:
Dec 12 15:31:14 server110 hsfs: [ID 269722 kern.notice] trailing blanks or null characters in file or directory name.
Dec 12 15:31:14 server110 hsfs: [ID 674684 kern.notice] Due to this error, the file system may not be correctly interpreted.
Dec 12 15:31:14 server110 hsfs: [ID 532498 kern.notice] Other such errors in this file system will be silently ignored.
Dec 12 15:31:54 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 12 15:32:46 server110 last message repeated 4 times
Dec 12 16:01:32 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 15 17:37:41 server110 inetd[671]: [ID 317013 daemon.notice] telnet[673] from 127.0.0.1 32974
Dec 15 17:38:55 server110 inetd[671]: [ID 317013 daemon.notice] telnet[680] from 127.0.0.1 32975
loghost쪽으로 로그 보내기
"/etc/syslog.conf" 35 lines, 1001 characters
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words. Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
*.alert;kern.err;daemon.err operator
*.alert root
*.emerg *
# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost)
mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost)
#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err /dev/sysmsg
user.err /var/adm/messages
user.alert `root, operator'
user.emerg *
)
local0.notice /var/log/local0.log
~
"/etc/syslog.conf" 37 lines, 1036 characters
로칼.노티스 로그 지정파일에 남기라고 맨 밑에 추가
local0.notice <tab> /var/log/local0.log
--------------------------------------------------
bash-2.05#
bash-2.05# touch /var/log/local0.log
bash-2.05# pkill -HUP syslogd
bash-2.05# tail -f /var/log/local0.log
로그파일 만들어 놓고
-------------------------------------
bash-2.05# logger -p local0.notice "Notice"
로그남음Dec 15 17:47:44 server110 root: [ID 702911 local0.notice] Notice
bash-2.05# logger -p local0.crit "Critical"
Dec 15 17:48:34 server110 root: [ID 702911 local0.crit] Critical
bash-2.05# logger -p local0.info "Information"
안남음
--------------------------------------
================================131
bash-2.05# vi /etc/syslog.conf
local0.notice @LOGHOST
로칼0.노티스 이상수준의 에러 나면 loghost에 에러메시지 출력
bash-2.05# vi /etc/hosts
"/etc/hosts" [Read only] 6 lines, 101 characters
#
# Internet host table
#
127.0.0.1 localhost
172.16.7.110 server110
172.16.7.111 server111 loghost
로그호스트 바꿔주기
bash-2.05# pkill -HUP syslogd
----------------------------
bash-2.05# logger -p local0.crit
bash-2.05# logger -p local0.notice
loghost 쪽 로그에 에러메세지 출력됨
'UNIX 계열 > Solaris9 - VMware기반' 카테고리의 다른 글
| 솔라리스 - 텔넷으로 접속 허가 설정 (0) | 2011.12.15 |
|---|---|
| 솔라리스 - swap (0) | 2011.12.15 |
| 솔라리스 - AutoFS (0) | 2011.12.15 |
| NFS - 2 문제 (디스크 장착 및 NFC로 백업서버 구축) (0) | 2011.12.14 |
| NFS - 1 원리 및 간단한 예제 (0) | 2011.12.14 |
