개요 : 시스템에 로그 메시지를 남기고 처리하는 프로그램과설정 파일을 모두 합쳐서 부르는 말 
          syslogd에 의해 파일,외부서버,메일 등으로 로그를 보낸다.

- /etc/syslog.conf
 이곳에 정의된 정보에 의해 메시지를 보냄


# /etc/init.d/syslog start
# /etc/init.d/syslog stop




실습


텔넷 접속 확인 로그
1----------------------------------130p
bash-2.05# cat /etc/hosts > /dev/sysmsg
bash-2.05# cd /etc
bash-2.05# cp syslog.conf syslog.conf.orig

bash-2.05# tail -f /var/adm/messages

Dec 12 15:30:59 server110 sendmail[229]: [ID 702911 mail.alert] unable to qualify my own domain name (server110) -- using short name
Dec 12 15:31:00 server110 sendmail[228]: [ID 702911 mail.alert] unable to qualify my own domain name (server110) -- using short name
Dec 12 15:31:14 server110 hsfs: [ID 204484 kern.notice] NOTICE: hsfs: Warning: the file system mounted on /cdrom/20040114_000414
Dec 12 15:31:14 server110 does not conform to the ISO-9660 specification:
Dec 12 15:31:14 server110 hsfs: [ID 269722 kern.notice]  trailing blanks or null characters in file or directory name.
Dec 12 15:31:14 server110 hsfs: [ID 674684 kern.notice] Due to this error, the file system may not be correctly interpreted.
Dec 12 15:31:14 server110 hsfs: [ID 532498 kern.notice] Other such errors in this file system will be silently ignored.
Dec 12 15:31:54 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 12 15:32:46 server110 last message repeated 4 times
Dec 12 16:01:32 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption

텔넷으로 접속하는 로그를 보기위해 준비

2----------------------------------

bash-2.05# telnet localhost

Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


SunOS 5.9

login: root
Password:
Last login: Thu Dec 15 17:23:56 from 172.16.7.81
Sun Microsystems Inc.   SunOS 5.9       Generic January 2003
# exit
Connection to localhost closed by foreign host.
bash-2.05#
현재는 텔넷으로 접속했다가 나와도 아무 로그가 남지 않는다.



3----------------------------

bash-2.05# vi /etc/init.d/inetsvc

"/etc/init.d/inetsvc" 261 lines, 7172 characters
#!/sbin/sh
#
# Copyright 2004 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident  "@(#)inetsvc    1.31    04/03/16 SMI"

#
# This is third phase of TCP/IP startup/configuration.  This script
# runs after the NIS/NIS+ startup script.  We run things here that may
# depend on NIS/NIS+ maps.
#

case "$1" in
'start')
        ;; # Fall through -- rest of script is the initialization code

'stop')
        /usr/bin/pkill -x -u 0 'in.named|inetd'
        exit 0
        ;;

*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac

# If boot variables are not set, set variables we use
[ -z "$_INIT_UTS_NODENAME" ] && _INIT_UTS_NODENAME=`/usr/bin/uname -n`

if [ -z "$_INIT_PREV_LEVEL" ]; then
        set -- `/usr/bin/who -r`
        _INIT_PREV_LEVEL="$9"
fi

#
# wait_nis
?usr/sbin
else
        mcastif=$_INIT_UTS_NODENAME
fi

echo "Setting default IPv4 interface for multicast:" \
    "add net 224.0/4: gateway $mcastif"

/usr/sbin/route -n add -interface 224.0/4 -gateway "$mcastif" >/dev/null
) &

#
# Remove the _INIT_ environment variables before running inetd.
#
unset `env | sed -n 's/^\(_INIT_.*\)=.*/\1/p'`
#
# Run inetd in "standalone" mode (-s flag) so that it doesn't have
# to submit to the will of SAF.  Why did we ever let them change inetd?
#
/usr/sbin/inetd -s -t
~
~
/usr/sbin/inetd -s 뒤에 -t 옵션 붙인다.

 


 

bash-2.05# vi /etc/default/inetd

"/etc/default/inetd" [Read only] 23 lines, 719 characters
#ident  "@(#)inetd.dfl  1.2     01/12/23 SMI"
#
# Copyright (c) 2001 by Sun Microsystems, Inc.
# All rights reserved.
#
# /etc/default/inetd
#
# inetd default settings processed via inetd(1M).
#

# ENABLE_CONNECTION_LOGGING affects the tracing of incoming TCP
# connections, see inetd(1M) for details.  The default value is "NO".  A
# value of "YES" (any case) results in tracing of connections; any other
# value is ignored.
#
ENABLE_CONNECTION_LOGGING=YES

# ENABLE_TCPWRAPPERS affects the wrapping of TCP services, see inetd(1M)
# and tcpd(1M) for details.  The default value is "NO".  A value of "YES"
# (any case) results in wrapping all TCP services with libwrap; any other
# value is ignored.
#
#ENABLE_TCPWRAPPERS=NO
~
~
~

#ENABLE_CONNECTION_LOGGING=NO 의 주석을 제거하고 YES로 편집한다.

 


 

bash-2.05# /etc/init.d/inetsvc stop
bash-2.05# /etc/init.d/inetsvc start

Setting netmask of pcn0 to 255.255.255.0
Setting default IPv4 interface for multicast: add net 224.0/4: gateway server110
bash-2.05#
재시작

 

bash-2.05# telnet localhost

텔넷으로 접속시도

4-----------------------------------
로그가 남는다.

Dec 12 15:31:14 server110 hsfs: [ID 204484 kern.notice] NOTICE: hsfs: Warning: the file system mounted on /cdrom/20040114_000414
Dec 12 15:31:14 server110 does not conform to the ISO-9660 specification:
Dec 12 15:31:14 server110 hsfs: [ID 269722 kern.notice]  trailing blanks or null characters in file or directory name.
Dec 12 15:31:14 server110 hsfs: [ID 674684 kern.notice] Due to this error, the file system may not be correctly interpreted.
Dec 12 15:31:14 server110 hsfs: [ID 532498 kern.notice] Other such errors in this file system will be silently ignored.
Dec 12 15:31:54 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 12 15:32:46 server110 last message repeated 4 times
Dec 12 16:01:32 server110 pcn: [ID 201777 kern.info] NOTICE: pcn: possible RX frame corruption
Dec 15 17:37:41 server110 inetd[671]: [ID 317013 daemon.notice] telnet[673] from 127.0.0.1 32974
Dec 15 17:38:55 server110 inetd[671]: [ID 317013 daemon.notice] telnet[680] from 127.0.0.1 32975

 


 


loghost쪽으로 로그 보내기

bash-2.05# vi /etc/syslog.conf


"/etc/syslog.conf" 35 lines, 1001 characters
#ident  "@(#)syslog.conf        1.5     98/12/14 SMI"   /* SunOS 5.0 */
#
# Copyright (c) 1991-1998 by Sun Microsystems, Inc.
# All rights reserved.
#
# syslog configuration file.
#
# This file is processed by m4 so be careful to quote (`') names
# that match m4 reserved words.  Also, within ifdef's, arguments
# containing commas must be quoted.
#
*.err;kern.notice;auth.notice                   /dev/sysmsg
*.err;kern.debug;daemon.notice;mail.crit        /var/adm/messages

*.alert;kern.err;daemon.err                     operator
*.alert                                         root

*.emerg                                         *

# if a non-loghost machine chooses to have authentication messages
# sent to the loghost machine, un-comment out the following line:
#auth.notice                    ifdef(`LOGHOST', /var/log/authlog, @loghost)

mail.debug                      ifdef(`LOGHOST', /var/log/syslog, @loghost)

#
# non-loghost machines will use the following lines to cause "user"
# log messages to be logged locally.
#
ifdef(`LOGHOST', ,
user.err                                        /dev/sysmsg
user.err                                        /var/adm/messages
user.alert                                      `root, operator'
user.emerg                                      *
)

local0.notice   /var/log/local0.log
~
"/etc/syslog.conf" 37 lines, 1036 characters

로칼.노티스 로그 지정파일에 남기라고 맨 밑에 추가
local0.notice <tab>  /var/log/local0.log

--------------------------------------------------
bash-2.05#
bash-2.05# touch /var/log/local0.log
bash-2.05# pkill -HUP syslogd
bash-2.05# tail -f /var/log/local0.log
로그파일 만들어 놓고
-------------------------------------
bash-2.05# logger -p local0.notice "Notice"

로그남음Dec 15 17:47:44 server110 root: [ID 702911 local0.notice] Notice

bash-2.05# logger -p local0.crit "Critical"
Dec 15 17:48:34 server110 root: [ID 702911 local0.crit] Critical

bash-2.05# logger -p local0.info "Information"
안남음
--------------------------------------
================================131

bash-2.05# vi /etc/syslog.conf

local0.notice   @LOGHOST

로칼0.노티스 이상수준의 에러 나면 loghost에 에러메시지 출력

bash-2.05# vi /etc/hosts
"/etc/hosts" [Read only] 6 lines, 101 characters
#
# Internet host table
#
127.0.0.1       localhost
172.16.7.110    server110
172.16.7.111    server111       loghost
로그호스트 바꿔주기

bash-2.05# pkill -HUP syslogd

----------------------------
bash-2.05# logger -p local0.crit

bash-2.05# logger -p local0.notice

loghost 쪽 로그에 에러메세지 출력됨
 

 

Posted by 딩구르

댓글을 달아 주세요