cat /var/log/*.log
å¦ææ¥å¿å¨æ´æ°ï¼å¦ä½å®æ¶æ¥ç tail -f /var/log/messages
è¿å¯ä»¥ä½¿ç¨ watch -d -n 1 cat /var/log/messages
-d表示é«äº®ä¸åçå°æ¹ï¼-n表示å¤å°ç§å·æ°ä¸æ¬¡ã
该æ令ï¼ä¸ä¼ç´æ¥è¿åå½ä»¤è¡ï¼èæ¯å®æ¶æå°æ¥å¿æ件ä¸æ°å¢å çå
容ï¼è¿ä¸ç¹æ§ï¼å¯¹äºæ¥çæ¥å¿æ¯é常ææçãå¦ææ³ç»æ¢è¾åºï¼æ Ctrl+C å³å¯ã
å¨Linuxç³»ç»ä¸ï¼æä¸ä¸ªä¸»è¦çæ¥å¿åç³»ç»ï¼
ããè¿æ¥æ¶é´æ¥å¿--ç±å¤ä¸ªç¨åºæ§è¡ï¼æ纪å½åå
¥å°/var/log/wtmpå/var/run/utmpï¼loginçç¨åºæ´æ°wtmpåutmpæ件ï¼ä½¿ç³»ç»ç®¡çåè½å¤è·è¸ªè°å¨ä½æ¶ç»å½å°ç³»ç»ã
ããè¿ç¨ç»è®¡--ç±ç³»ç»å
æ ¸æ§è¡ãå½ä¸ä¸ªè¿ç¨ç»æ¢æ¶ï¼ä¸ºæ¯ä¸ªè¿ç¨å¾è¿ç¨ç»è®¡æ件ï¼pacctæacctï¼ä¸åä¸ä¸ªçºªå½ãè¿ç¨ç»è®¡çç®çæ¯ä¸ºç³»ç»ä¸çåºæ¬æå¡æä¾å½ä»¤ä½¿ç¨ç»è®¡ã
ããé误æ¥å¿--ç±syslogdï¼8ï¼æ§è¡ãåç§ç³»ç»å®æ¤è¿ç¨ãç¨æ·ç¨åºåå
æ ¸éè¿syslogï¼3ï¼åæ件/var/log/messagesæ¥åå¼å¾æ³¨æçäºä»¶ãå¦å¤æ许å¤UNIXç¨åºå建æ¥å¿ãåHTTPåFTPè¿æ ·æä¾ç½ç»æå¡çæå¡å¨ä¹ä¿æ详ç»çæ¥å¿ã
ãã常ç¨çæ¥å¿æ件å¦ä¸ï¼
ããaccess-logãããããããã 纪å½HTTP/webçä¼ è¾
ããacct/pacctãããããããã 纪å½ç¨æ·å½ä»¤
ããaculogãããããããããã 纪å½MODEMçæ´»å¨
ããbtmpãããããããããããã纪å½å¤±è´¥ç纪å½
ããlastlogãã纪å½æè¿å 次æåç»å½çäºä»¶åæåä¸æ¬¡ä¸æåçç»å½
ããmessagesããããä»syslogä¸è®°å½ä¿¡æ¯ï¼æçé¾æ¥å°syslogæ件ï¼ç³»ç»å¯å¨åçä¿¡æ¯åé误æ¥å¿ï¼æ¯Red Hat Linuxä¸æ常ç¨çæ¥å¿ä¹ä¸
ããsudologãããããããããã 纪å½ä½¿ç¨sudoååºçå½ä»¤
ããsulogãããããããããã 纪å½ä½¿ç¨suå½ä»¤ç使ç¨
ããsyslogãããã ä»syslogä¸è®°å½ä¿¡æ¯ï¼é常é¾æ¥å°messagesæ件ï¼
ããutmpãããããããããããã纪å½å½åç»å½çæ¯ä¸ªç¨æ·
ããwtmpããããããããä¸ä¸ªç¨æ·æ¯æ¬¡ç»å½è¿å
¥åéåºæ¶é´çæ°¸ä¹
纪å½
ããxferlogãããããããããã 纪å½FTPä¼è¯
/var/log/secureä¸å®å
¨ç¸å
³çæ¥å¿ä¿¡æ¯
/var/log/maillog ä¸é®ä»¶ç¸å
³çæ¥å¿ä¿¡æ¯
/var/log/cron ä¸å®æ¶ä»»å¡ç¸å
³çæ¥å¿ä¿¡æ¯
/var/log/spooler ä¸UUCPånews设å¤ç¸å
³çæ¥å¿ä¿¡æ¯
/var/log/boot.log å®æ¤è¿ç¨å¯å¨ååæ¢ç¸å
³çæ¥å¿æ¶æ¯
ããutmpãwtmpålastlogæ¥å¿æ件æ¯å¤æ°éç¨UNIXæ¥å¿åç³»ç»çå
³é®--ä¿æç¨æ·ç»å½è¿å
¥åéåºç纪å½ãæå
³å½åç»å½ç¨æ·çä¿¡æ¯è®°å½å¨æ件utmpä¸ï¼ç»å½è¿å
¥åéåºçºªå½å¨æ件wtmpä¸ï¼æåä¸æ¬¡ç»å½æ件å¯ä»¥ç¨lastlogå½ä»¤å¯çãæ°æ®äº¤æ¢ãå
³æºåéèµ·ä¹è®°å½å¨wtmpæ件ä¸ãææç纪å½é½å
å«æ¶é´æ³ãè¿äºæ件ï¼lastlogé常ä¸å¤§ï¼å¨å
·æ大éç¨æ·çç³»ç»ä¸å¢é¿ååè¿
éãä¾å¦wtmpæ件å¯ä»¥æ éå¢é¿ï¼é¤éå®ææªåã许å¤ç³»ç»ä»¥ä¸å¤©æè
ä¸å¨ä¸ºåä½æwtmpé
ç½®æ循ç¯ä½¿ç¨ãå®é常ç±cronè¿è¡çèæ¬æ¥ä¿®æ¹ãè¿äºèæ¬éæ°å½å并循ç¯ä½¿ç¨wtmpæ件ãé常ï¼wtmpå¨ç¬¬ä¸å¤©ç»æåå½å为wtmp.1ï¼ç¬¬äºå¤©åwtmp.1å为wtmp.2ççï¼ç´å°wtmp.7ã
ããæ¯æ¬¡æä¸ä¸ªç¨æ·ç»å½æ¶ï¼loginç¨åºå¨æ件lastlogä¸å¯çç¨æ·çUIDãå¦ææ¾å°äºï¼åæç¨æ·ä¸æ¬¡ç»å½ãéåºæ¶é´å主æºååå°æ åè¾åºä¸ï¼ç¶åloginç¨åºå¨lastlogä¸çºªå½æ°çç»å½æ¶é´ãå¨æ°çlastlog纪å½åå
¥åï¼utmpæ件æå¼å¹¶æå
¥ç¨æ·çutmp纪å½ã该纪å½ä¸ç´ç¨å°ç¨æ·ç»å½éåºæ¶å é¤ãutmpæ件被åç§å½ä»¤æ件使ç¨ï¼å
æ¬whoãwãusersåfingerã
ããä¸ä¸æ¥ï¼loginç¨åºæå¼æ件wtmpéå ç¨æ·çutmp纪å½ãå½ç¨æ·ç»å½éåºæ¶ï¼å
·ææ´æ°æ¶é´æ³çåä¸utmp纪å½éå å°æ件ä¸ãwtmpæ件被ç¨åºlaståac使ç¨ã
ããå
·ä½å½ä»¤
ããwtmpåutmpæ件é½æ¯äºè¿å¶æ件ï¼ä»ä»¬ä¸è½è¢«è¯¸å¦tailå½ä»¤åªè´´æå并ï¼ä½¿ç¨catå½ä»¤ï¼ãç¨æ·éè¦ä½¿ç¨whoãwãusersãlaståacæ¥ä½¿ç¨è¿ä¸¤ä¸ªæ件å
å«çä¿¡æ¯ã
ããwhoï¼whoå½ä»¤æ¥è¯¢utmpæ件并æ¥åå½åç»å½çæ¯ä¸ªç¨æ·ãWhoç缺çè¾åºå
æ¬ç¨æ·åãç»ç«¯ç±»åãç»å½æ¥æåè¿ç¨ä¸»æºãä¾å¦ï¼whoï¼å车ï¼æ¾ç¤º
ããchyangãããã pts/0 Augãããã 18 15:06
ããynguoãããã pts/2 Augãããã 18 15:32
ããynguoãããã pts/3 Augãããã 18 13:55
ããlewisãããã pts/4 Augãããã 18 13:35
ããynguoãããã pts/7 Augãããã 18 14:12
ããylouãããã pts/8 Augãããã 18 14:15
ããå¦æææäºwtmpæ件åï¼åwhoå½ä»¤æ¥è¯¢ææ以åç纪å½ãå½ä»¤who /var/log/wtmpå°æ¥åèªä»wtmpæ件å建æå æ¹ä»¥æ¥çæ¯ä¸æ¬¡ç»å½ã
ããwï¼wå½ä»¤æ¥è¯¢utmpæ件并æ¾ç¤ºå½åç³»ç»ä¸æ¯ä¸ªç¨æ·åå®æè¿è¡çè¿ç¨ä¿¡æ¯ãä¾å¦ï¼wï¼å车ï¼æ¾ç¤ºï¼3:36pm up 1 day, 22:34, 6 users, load average: 0.23, 0.29, 0.27ã
ããUSERãã TTYããããFROMãããã LOGIN@ IDLE JCPU PCPUããWHAT
ããchyang pts/0 202.38.68.242ãã3:06pm 2:04 0.08s 0.04s -bash
ynguo pts/2 202.38.79.47ãã 3:32pm 0.00s 0.14s 0.05ãã w
ããlewis pts/3 202.38.64.233ãã1:55pm 30:39 0.27s 0.22s -bash
ããlewis pts/4 202.38.64.233ãã1:35pm 6.00s 4.03s 0.01s sh /home/users/
ããynguo pts/7 simba.nic.ustc.e 2:12pm 0.00s 0.47s 0.24s telnet mail
ããylouããpts/8 202.38.64.235ãã2:15pm 1:09m 0.10s 0.04sãã-bash
ããusersï¼usersç¨åç¬çä¸è¡æå°åºå½åç»å½çç¨æ·ï¼æ¯ä¸ªæ¾ç¤ºçç¨æ·å对åºä¸ä¸ªç»å½ä¼è¯ãå¦æä¸ä¸ªç¨æ·æä¸æ¢ä¸ä¸ªç»å½ä¼è¯ï¼é£ä»çç¨æ·åå°æ¾ç¤ºç¸åç次æ°ãä¾å¦ï¼usersï¼å车ï¼æ¾ç¤ºï¼chyang lewis lewis ylou ynguo ynguo
ãlastï¼lastå½ä»¤å¾åæç´¢wtmpæ¥æ¾ç¤ºèªä»æ件第ä¸æ¬¡å建以æ¥ç»å½è¿çç¨æ·ãä¾å¦ï¼
ããchyang pts/9ãã202.38.68.242 Tue Aug 1 08:34 - 11:23 (02:49)
ããcfanããpts/6ãã202.38.64.224 Tue Aug 1 08:33 - 08:48 (00:14)
ããchyang pts/4ãã202.38.68.242 Tue Aug 1 08:32 - 12:13 (03:40)
ããlewis pts/3ãã202.38.64.233 Tue Aug 1 08:06 - 11:09 (03:03)
ããlewis pts/2ãã202.38.64.233 Tue Aug 1 07:56 - 11:09 (03:12)
ããå¦æææäºç¨æ·ï¼é£ä¹laståªæ¥å该ç¨æ·çè¿ææ´»å¨ï¼ä¾å¦ï¼last ynguoï¼å车ï¼æ¾ç¤ºï¼
ããynguoããpts/4 simba.nic.ustc.e Fri Aug 4 16:50 - 08:20 (15:30)
ããynguoããpts/4 simba.nic.ustc.e Thu Aug 3 23:55 - 04:40 (04:44)
ããynguoããpts/11 simba.nic.ustc.e Thu Aug 3 20:45 - 22:02 (01:16)
ããynguoããpts/0 simba.nic.ustc.e Thu Aug 3 03:17 - 05:42 (02:25)
ããynguoããpts/0 simba.nic.ustc.e Wed Aug 2 01:04 - 03:16 1+02:12)
ããynguoããpts/0 simba.nic.ustc.e Wed Aug 2 00:43 - 00:54 (00:11)
ããynguoããpts/9 simba.nic.ustc.e Thu Aug 1 20:30 - 21:26 (00:55)
ããacï¼acå½ä»¤æ ¹æ®å½åç/var/log/wtmpæ件ä¸çç»å½è¿å
¥åéåºæ¥æ¥åç¨æ·è¿ç»çæ¶é´ï¼å°æ¶ï¼ï¼å¦æä¸ä½¿ç¨æ å¿ï¼åæ¥åæ»çæ¶é´ãä¾å¦ï¼acï¼å车ï¼æ¾ç¤ºï¼total 5177.47
ããac -dï¼å车ï¼æ¾ç¤ºæ¯å¤©çæ»çè¿ç»æ¶é´
ããAug 12 total 261.87
ããAug 13 total 351.39
ããAug 14 total 396.09
ããAug 15 total 462.63
ããAug 16 total 270.45
ããAug 17 total 104.29
ããToday total 179.00
ããac -p ï¼å车ï¼æ¾ç¤ºæ¯ä¸ªç¨æ·çæ»çè¿æ¥æ¶é´
ããynguo 193.23
ããyucao 3.35
ããrong 133.40
ããhdai 10.52
ããzjzhu 52.87
ããzqzhou 13.14
ããliangliu 24.34
ããtotal 5178.22
ããlastlogï¼lastlogæ件å¨æ¯æ¬¡æç¨æ·ç»å½æ¶è¢«æ¥è¯¢ãå¯ä»¥ä½¿ç¨lastlogå½ä»¤æ¥æ£æ¥æç¹å®ç¨æ·ä¸æ¬¡ç»å½çæ¶é´ï¼å¹¶æ ¼å¼åè¾åºä¸æ¬¡ç»å½æ¥å¿/var/log/lastlogçå
容ãå®æ ¹æ®UIDæåºæ¾ç¤ºç»å½åã端å£å·ï¼ttyï¼åä¸æ¬¡ç»å½æ¶é´ãå¦æä¸ä¸ªç¨æ·ä»æªç»å½è¿ï¼lastlogæ¾ç¤º"**Never logged**ã注æéè¦ä»¥rootè¿è¡è¯¥å½ä»¤ï¼ä¾å¦ï¼
ããrongãããããã5ãã 202.38.64.187ãããããããã Fri Aug 18 15:57:01 +0800 2000
ããdbbãããããããããããããããããããããããããã **Never logged in**
ããxinchenãããããããããããããããããããããããã **Never logged in**
ããpb9511ãããããããããããããããããããããããã **Never logged in**
ããxchenãããã 0ãã 202.38.64.190ãããããããã Sun Aug 13 10:01:22 +0800 2000
温馨提示:答案为网友推荐,仅供参考