🍅\u5173\u6ce8\u3010\u58a8\u5c9a\u521b\u5ba2\u3011,\u56de\u590d\u3010\u6bd5\u8bbe\u3011,\u8d60\u9001\u514d\u8d39\u6bd5\u8bbe\u8d44\u6e90,\u5177\u4f53\u8054\u7cfb\u65b9\u5f0f\u89c1\u6587\u672b🍅<\/p>\n
Linux \u7cfb\u7edf\u4e2d\u6709\u591a\u79cd\u65e5\u5fd7\u6587\u4ef6,\u5b83\u4eec\u8bb0\u5f55\u4e86\u7cfb\u7edf\u7684\u4e0d\u540c\u65b9\u9762\u7684\u4fe1\u606f,\u5e2e\u52a9\u7cfb\u7edf\u7ba1\u7406\u5458\u548c\u5f00\u53d1\u4eba\u5458\u4e86\u89e3\u7cfb\u7edf\u72b6\u6001\u548c\u8bca\u65ad\u95ee\u9898\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5e38\u89c1\u7684\u7cfb\u7edf\u65e5\u5fd7\u6587\u4ef6:<\/p>\n
\/var\/log\/messages:\u8fd9\u662f\u6700\u5e38\u89c1\u7684\u65e5\u5fd7\u6587\u4ef6\u4e4b\u4e00,\u7528\u4e8e\u5b58\u50a8\u5168\u5c40\u7cfb\u7edf\u6d88\u606f,\u5305\u62ec\u542f\u52a8\u4fe1\u606f\u3001\u7cfb\u7edf\u9519\u8bef\u3001\u786c\u4ef6\u9519\u8bef\u7b49\u3002\u5b83\u5bf9\u4e8e\u8bca\u65ad\u7cfb\u7edf\u95ee\u9898\u975e\u5e38\u6709\u7528\u3002<\/p>\n<\/li>\n
\/var\/log\/auth.log:\u8fd9\u4e2a\u65e5\u5fd7\u6587\u4ef6\u4e13\u95e8\u7528\u4e8e\u8bb0\u5f55\u8ba4\u8bc1\u65e5\u5fd7,\u6bd4\u5982\u7528\u6237\u767b\u5f55\u3001sudo \u547d\u4ee4\u7684\u4f7f\u7528\u7b49\u3002\u5728 Debian \u57fa\u7840\u7684\u7cfb\u7edf\u4e2d,\u8fd9\u4e2a\u6587\u4ef6\u975e\u5e38\u91cd\u8981,\u7528\u4e8e\u8ffd\u8e2a\u7cfb\u7edf\u8bbf\u95ee\u548c\u5b89\u5168\u4e8b\u4ef6\u3002<\/p>\n<\/li>\n
\/var\/log\/secure:\u5728\u57fa\u4e8e Red Hat \u7684\u7cfb\u7edf\u4e2d(\u5982 CentOS\u3001Fedora),\u8fd9\u4e2a\u6587\u4ef6\u7684\u529f\u80fd\u4e0e \/var\/log\/auth.log \u7c7b\u4f3c,\u7528\u4e8e\u5b58\u50a8\u8ba4\u8bc1\u65e5\u5fd7\u548c\u5b89\u5168\u76f8\u5173\u7684\u4fe1\u606f\u3002<\/p>\n<\/li>\n
\/var\/log\/syslog:\u8fd9\u4e2a\u6587\u4ef6\u5305\u542b\u4e86\u7cfb\u7edf\u9664\u4e86\u4e0a\u8ff0\u5185\u5bb9\u4e4b\u5916\u7684\u5176\u4ed6\u6d88\u606f\u3002\u4e0d\u540c\u7a0b\u5e8f\u548c\u670d\u52a1\u7684\u65e5\u5fd7\u4fe1\u606f\u90fd\u53ef\u80fd\u88ab\u8bb0\u5f55\u5728\u8fd9\u91cc,\u5177\u4f53\u53d6\u51b3\u4e8e\u7cfb\u7edf\u7684\u914d\u7f6e\u3002<\/p>\n<\/li>\n
\/var\/log\/boot.log:\u6b64\u65e5\u5fd7\u6587\u4ef6\u5305\u542b\u7cfb\u7edf\u542f\u52a8\u8fc7\u7a0b\u4e2d\u7684\u6d88\u606f,\u53ef\u4ee5\u5e2e\u52a9\u8bca\u65ad\u542f\u52a8\u8fc7\u7a0b\u4e2d\u7684\u95ee\u9898\u3002<\/p>\n<\/li>\n
\/var\/log\/dmesg:\u6b64\u6587\u4ef6\u5305\u542b\u5185\u6838\u4ea7\u751f\u7684\u6d88\u606f,\u5982\u786c\u4ef6\u9a71\u52a8\u548c\u63a5\u53e3\u4fe1\u606f,\u975e\u5e38\u91cd\u8981,\u7528\u4e8e\u8bca\u65ad\u786c\u4ef6\u76f8\u5173\u7684\u95ee\u9898\u3002<\/p>\n<\/li>\n
\/var\/log\/kern.log:\u5305\u542b\u5185\u6838\u4ea7\u751f\u7684\u6d88\u606f,\u4e3b\u8981\u7528\u4e8e\u8bca\u65ad\u548c\u8bb0\u5f55\u4e0e\u5185\u6838\u76f8\u5173\u7684\u4e8b\u4ef6\u3002<\/p>\n<\/li>\n
\/var\/log\/cron.log:\u8bb0\u5f55\u4e86cron \u5b88\u62a4\u8fdb\u7a0b\u7684\u65e5\u5fd7\u4fe1\u606f,\u5305\u62ec\u8ba1\u5212\u4efb\u52a1\u7684\u6267\u884c\u60c5\u51b5\u3002<\/p>\n<\/li>\n
\/var\/log\/mail.log:\u7528\u4e8e\u8bb0\u5f55\u90ae\u4ef6\u670d\u52a1\u5668\u7684\u65e5\u5fd7\u4fe1\u606f,\u5982\u53d1\u9001\u548c\u63a5\u6536\u90ae\u4ef6\u7684\u8bb0\u5f55\u3002<\/p>\n<\/li>\n
\/var\/log\/apache2\/access.log \u548c \/var\/log\/apache2\/error.log(\u5bf9\u4e8e Apache Web \u670d\u52a1\u5668)\u6216\u8005 \/var\/log\/nginx\/access.log \u548c \/var\/log\/nginx\/error.log(\u5bf9\u4e8e Nginx Web \u670d\u52a1\u5668):\u8fd9\u4e9b\u65e5\u5fd7\u6587\u4ef6\u5206\u522b\u8bb0\u5f55\u4e86 Web \u670d\u52a1\u5668\u7684\u8bbf\u95ee\u65e5\u5fd7\u548c\u9519\u8bef\u65e5\u5fd7\u3002<\/p>\n<\/li>\n
\u8fd9\u4e9b\u65e5\u5fd7\u6587\u4ef6\u662f\u7cfb\u7edf\u7ba1\u7406\u5458\u65e5\u5e38\u68c0\u67e5\u7684\u91cd\u8981\u8d44\u6e90,\u901a\u8fc7\u5b83\u4eec\u53ef\u4ee5\u76d1\u63a7\u7cfb\u7edf\u5065\u5eb7\u72b6\u51b5\u3001\u8bca\u65ad\u95ee\u9898\u4ee5\u53ca\u8fdb\u884c\u5b89\u5168\u5ba1\u8ba1\u3002\u4e0d\u540c\u7684\u53d1\u884c\u7248\u53ef\u80fd\u4f1a\u6709\u6240\u5dee\u5f02,\u4f46\u5927\u4f53\u4e0a\u90fd\u5305\u542b\u8fd9\u4e9b\u65e5\u5fd7\u6587\u4ef6\u6216\u7c7b\u4f3c\u7684\u529f\u80fd\u6587\u4ef6\u3002<\/p>\n
\u52a8\u6001\u76d1\u542c Linux \u65e5\u5fd7\u6587\u4ef6,\u901a\u5e38\u6307\u7684\u662f\u5b9e\u65f6\u67e5\u770b\u65e5\u5fd7\u6587\u4ef6\u4e2d\u65b0\u589e\u7684\u5185\u5bb9\u3002\u8fd9\u5bf9\u4e8e\u76d1\u63a7\u7cfb\u7edf\u6d3b\u52a8\u3001\u8bca\u65ad\u95ee\u9898\u7b49\u573a\u666f\u975e\u5e38\u6709\u7528\u3002\u6709\u51e0\u79cd\u5e38\u7528\u7684\u65b9\u6cd5\u53ef\u4ee5\u5b9e\u73b0\u52a8\u6001\u76d1\u542c:<\/p>\n
tail \u547d\u4ee4\u53ef\u4ee5\u7528\u6765\u67e5\u770b\u6587\u4ef6\u7684\u6700\u540e\u51e0\u884c\u5185\u5bb9\u3002\u5f53\u4e0e -f \u53c2\u6570\u4e00\u8d77\u4f7f\u7528\u65f6,tail -f \u4f1a\u6301\u7eed\u76d1\u89c6\u6307\u5b9a\u7684\u6587\u4ef6,\u5f53\u6587\u4ef6\u589e\u957f\u65f6,\u65b0\u6dfb\u52a0\u7684\u5185\u5bb9\u4f1a\u5b9e\u65f6\u663e\u793a\u51fa\u6765\u3002\u8fd9\u662f\u6700\u5e38\u89c1\u548c\u7b80\u5355\u7684\u52a8\u6001\u76d1\u542c\u65e5\u5fd7\u6587\u4ef6\u7684\u65b9\u6cd5\u3002<\/p>\n
\u4f8b\u5982,\u52a8\u6001\u76d1\u542c\u7cfb\u7edf\u6d88\u606f\u65e5\u5fd7:<\/p>\n
tail<\/span> -f<\/span> \/var\/log\/messages<\/p>\n less \u547d\u4ee4\u4e5f\u53ef\u4ee5\u7528\u4e8e\u52a8\u6001\u76d1\u542c\u65e5\u5fd7\u3002\u9996\u5148\u4f7f\u7528 less \u6253\u5f00\u4e00\u4e2a\u65e5\u5fd7\u6587\u4ef6,\u7136\u540e\u6309\u4e0b Shift+F,less \u4f1a\u8fdb\u5165\u7c7b\u4f3c tail -f \u7684\u76d1\u89c6\u6a21\u5f0f,\u5b9e\u65f6\u663e\u793a\u65e5\u5fd7\u6587\u4ef6\u7684\u65b0\u5185\u5bb9\u3002<\/p>\n \u4f8b\u5982,\u4f7f\u7528 less \u76d1\u542c\u5b89\u5168\u65e5\u5fd7:<\/p>\n less<\/span> +F \/var\/log\/auth.log<\/p>\n \u6309\u4e0b Ctrl+C \u53ef\u4ee5\u9000\u51fa\u76d1\u89c6\u6a21\u5f0f,\u56de\u5230\u6b63\u5e38\u7684 less \u6d4f\u89c8\u6a21\u5f0f\u3002<\/p>\n multitail \u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u5de5\u5177,\u5b83\u4e0d\u4ec5\u53ef\u4ee5\u52a8\u6001\u76d1\u542c\u591a\u4e2a\u65e5\u5fd7\u6587\u4ef6,\u8fd8\u53ef\u4ee5\u5728\u4e00\u4e2a\u7a97\u53e3\u4e2d\u4ee5\u5206\u5c4f\u7684\u5f62\u5f0f\u663e\u793a,\u8fd8\u652f\u6301\u65e5\u5fd7\u6587\u4ef6\u7684\u5f69\u8272\u663e\u793a,\u4f7f\u5f97\u65e5\u5fd7\u7684\u9605\u8bfb\u66f4\u52a0\u76f4\u89c2\u3002<\/p>\n \u5b89\u88c5 multitail(\u5982\u679c\u7cfb\u7edf\u4e2d\u6ca1\u6709\u9884\u88c5\u7684\u8bdd):<\/p>\n sudo<\/span> apt-get<\/span> install<\/span> multitail # Debian\/Ubuntu<\/span> \u52a8\u6001\u76d1\u542c\u591a\u4e2a\u65e5\u5fd7\u6587\u4ef6:<\/p>\n multitail \/var\/log\/apache2\/access.log \/var\/log\/apache2\/error.log<\/p>\n \u5bf9\u4e8e\u4f7f\u7528 systemd \u7684\u7cfb\u7edf,journalctl \u662f\u67e5\u770b\u548c\u76d1\u63a7\u7cfb\u7edf\u65e5\u5fd7\u7684\u5f3a\u5927\u5de5\u5177\u3002\u4f7f\u7528 -f \u53c2\u6570,\u53ef\u4ee5\u52a8\u6001\u76d1\u542c\u7cfb\u7edf\u7684\u65e5\u5fd7\u3002<\/p>\n \u4f8b\u5982,\u52a8\u6001\u76d1\u542c\u7cfb\u7edf\u65e5\u5fd7:<\/p>\n journalctl -f<\/span><\/p>\n journalctl \u63d0\u4f9b\u4e86\u8bb8\u591a\u5f3a\u5927\u7684\u8fc7\u6ee4\u9009\u9879,\u53ef\u4ee5\u6839\u636e\u65f6\u95f4\u3001\u670d\u52a1\u3001\u4f18\u5148\u7ea7\u7b49\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u65e5\u5fd7\u3002<\/p>\n \u8fd9\u4e9b\u65b9\u6cd5\u5404\u6709\u4f18\u52bf,\u53ef\u4ee5\u6839\u636e\u4e0d\u540c\u7684\u9700\u6c42\u548c\u573a\u666f\u9009\u62e9\u5408\u9002\u7684\u5de5\u5177\u6765\u52a8\u6001\u76d1\u542c Linux \u7cfb\u7edf\u7684\u65e5\u5fd7\u6587\u4ef6\u3002<\/p>\n \u67e5\u8be2 Linux \u65e5\u5fd7\u6587\u4ef6\u5e76\u8fc7\u6ee4\u51fa\u542b\u6709\u7279\u5b9a\u5173\u952e\u8bcd\u7684\u884c\u662f\u4e00\u79cd\u5e38\u89c1\u7684\u65e5\u5fd7\u5206\u6790\u6280\u672f,\u8fd9\u6709\u52a9\u4e8e\u5feb\u901f\u5b9a\u4f4d\u5230\u95ee\u9898\u6216\u8005\u7279\u5b9a\u4e8b\u4ef6\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u5b9e\u7528\u7684\u65b9\u6cd5\u6765\u5b9e\u73b0\u8fd9\u4e00\u76ee\u6807:<\/p>\n grep \u662f\u6700\u57fa\u672c\u4e5f\u662f\u6700\u5f3a\u5927\u7684\u6587\u672c\u641c\u7d22\u5de5\u5177\u4e4b\u4e00,\u5b83\u53ef\u4ee5\u641c\u7d22\u5305\u542b\u6307\u5b9a\u6a21\u5f0f(\u53ef\u4ee5\u662f\u5b57\u7b26\u4e32\u6216\u6b63\u5219\u8868\u8fbe\u5f0f)\u7684\u884c\u3002<\/p>\n \u4f8b\u5982,\u641c\u7d22 \/var\/log\/syslog \u6587\u4ef6\u4e2d\u5305\u542b\u5173\u952e\u8bcd \u201cerror\u201d \u7684\u884c:<\/p>\n grep<\/span> "error"<\/span> \/var\/log\/syslog<\/p>\n \u5982\u679c\u4f60\u60f3\u540c\u65f6\u67e5\u770b\u5339\u914d\u884c\u7684\u4e0a\u4e0b\u6587(\u4f8b\u5982,\u663e\u793a\u6bcf\u4e2a\u5339\u914d\u884c\u524d\u540e\u54042\u884c),\u53ef\u4ee5\u4f7f\u7528 -C(\u4e0a\u4e0b\u6587)\u9009\u9879:<\/p>\n grep<\/span> -C<\/span> 2<\/span> "error"<\/span> \/var\/log\/syslog<\/p>\n awk \u662f\u4e00\u4e2a\u5f3a\u5927\u7684\u6587\u672c\u5904\u7406\u5de5\u5177,\u5b83\u4e0d\u4ec5\u53ef\u4ee5\u7528\u4e8e\u641c\u7d22\u6587\u672c,\u8fd8\u53ef\u4ee5\u8fdb\u884c\u66f4\u590d\u6742\u7684\u6587\u672c\u5904\u7406\u548c\u5206\u6790\u3002<\/p>\n \u4f8b\u5982,\u641c\u7d22 \/var\/log\/auth.log \u6587\u4ef6\u4e2d\u5305\u542b \u201cfailed\u201d \u7684\u884c:<\/p>\n awk<\/span> '\/failed\/'<\/span> \/var\/log\/auth.log<\/p>\n \u867d\u7136 sed \u4e3b\u8981\u7528\u4e8e\u6587\u672c\u66ff\u6362,\u4f46\u5b83\u4e5f\u53ef\u4ee5\u7528\u6765\u8fc7\u6ee4\u542b\u6709\u7279\u5b9a\u6a21\u5f0f\u7684\u884c\u3002<\/p>\n \u4f8b\u5982,\u6253\u5370 \/var\/log\/dmesg \u4e2d\u5305\u542b \u201cusb\u201d \u7684\u6240\u6709\u884c:<\/p>\n sed<\/span> -n<\/span> '\/usb\/p'<\/span> \/var\/log\/dmesg<\/p>\n less \u547d\u4ee4\u63d0\u4f9b\u4e86\u4e00\u4e2a\u67e5\u770b\u6587\u4ef6\u5185\u5bb9\u7684\u63a5\u53e3,\u4f60\u53ef\u4ee5\u5728\u5176\u4e2d\u641c\u7d22\u5b57\u7b26\u4e32\u3002<\/p>\n \u6253\u5f00\u6587\u4ef6\u540e,\u4f60\u53ef\u4ee5\u6309 \/ \u952e\u540e\u8f93\u5165\u4f60\u8981\u641c\u7d22\u7684\u5173\u952e\u8bcd,\u7136\u540e\u6309\u56de\u8f66\u952e:<\/p>\n less<\/span> \/var\/log\/messages<\/p>\n \u7136\u540e\u8f93\u5165:<\/p>\n \/error<\/p>\n \u8fd9\u4f1a\u641c\u7d22\u5e76\u9ad8\u4eae\u663e\u793a\u6240\u6709\u5305\u542b \u201cerror\u201d \u7684\u884c\u3002<\/p>\n \u8bb8\u591a Linux \u7cfb\u7edf\u4f1a\u538b\u7f29\u65e7\u7684\u65e5\u5fd7\u6587\u4ef6\u4ee5\u8282\u7701\u7a7a\u95f4,\u8fd9\u4e9b\u6587\u4ef6\u901a\u5e38\u4ee5 .gz \u7ed3\u5c3e\u3002zgrep \u547d\u4ee4\u53ef\u4ee5\u5728\u8fd9\u4e9b\u538b\u7f29\u6587\u4ef6\u4e2d\u641c\u7d22\u6587\u672c,\u65e0\u9700\u5148\u89e3\u538b\u3002<\/p>\n \u4f8b\u5982,\u641c\u7d22\u6240\u6709\u538b\u7f29\u7684 .log.gz \u6587\u4ef6\u4e2d\u5305\u542b \u201cwarning\u201d \u7684\u884c:<\/p>\n zgrep "warning"<\/span> \/var\/log\/*.gz<\/p>\n \u8fd9\u4e9b\u65b9\u6cd5\u53ef\u4ee5\u5e2e\u52a9\u4f60\u6709\u6548\u5730\u5e26\u5173\u952e\u8bcd\u67e5\u8be2 Linux \u65e5\u5fd7\u6587\u4ef6,\u5feb\u901f\u5b9a\u4f4d\u611f\u5174\u8da3\u7684\u4fe1\u606f\u6216\u95ee\u9898\u3002<\/p>\n \u683c\u5f0f\u5316\u8f93\u51fa\u663e\u793a Linux \u65e5\u5fd7\u6587\u4ef6\u53ef\u4ee5\u8ba9\u65e5\u5fd7\u5185\u5bb9\u66f4\u52a0\u6613\u4e8e\u9605\u8bfb\u548c\u7406\u89e3,\u7279\u522b\u662f\u5f53\u4f60\u9700\u8981\u4ece\u5927\u91cf\u65e5\u5fd7\u6570\u636e\u4e2d\u63d0\u53d6\u5173\u952e\u4fe1\u606f\u65f6\u3002\u8fd9\u91cc\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u5b9e\u73b0\u683c\u5f0f\u5316\u8f93\u51fa:<\/p>\n awk \u662f\u4e00\u4e2a\u975e\u5e38\u5f3a\u5927\u7684\u6587\u672c\u5904\u7406\u5de5\u5177,\u5b83\u53ef\u4ee5\u7528\u6765\u683c\u5f0f\u5316\u65e5\u5fd7\u6587\u4ef6\u7684\u8f93\u51fa\u3002\u4f60\u53ef\u4ee5\u4f7f\u7528 awk \u7684\u6253\u5370(print)\u529f\u80fd\u6765\u9009\u62e9\u548c\u91cd\u65b0\u6392\u5217\u65e5\u5fd7\u6587\u4ef6\u4e2d\u7684\u5b57\u6bb5\u3002<\/p>\n \u4f8b\u5982,\u5982\u679c\u4f60\u60f3\u683c\u5f0f\u5316 \/var\/log\/syslog \u6587\u4ef6\u7684\u8f93\u51fa,\u53ea\u663e\u793a\u65e5\u671f\u3001\u65f6\u95f4\u548c\u65e5\u5fd7\u6d88\u606f,\u53ef\u4ee5\u8fd9\u6837\u505a:<\/p>\n awk<\/span> '{print $1, $2, $3, $5, $6, $0}'<\/span> \/var\/log\/syslog<\/p>\n \u8fd9\u91cc,$1, $2, $3, $5, $6 \u8868\u793a\u65e5\u5fd7\u884c\u4e2d\u7684\u5b57\u6bb5,$0 \u8868\u793a\u6574\u4e2a\u884c\u3002\u4f60\u53ef\u4ee5\u6839\u636e\u65e5\u5fd7\u7684\u683c\u5f0f\u8c03\u6574\u5b57\u6bb5\u7f16\u53f7\u3002<\/p>\n cut \u547d\u4ee4\u53ef\u4ee5\u4ece\u6bcf\u884c\u4e2d\u526a\u5207\u51fa\u6587\u672c\u6bb5,\u975e\u5e38\u9002\u5408\u7528\u4e8e\u4ece\u56fa\u5b9a\u683c\u5f0f\u7684\u6587\u672c(\u5982\u65e5\u5fd7\u6587\u4ef6)\u4e2d\u63d0\u53d6\u5217\u3002<\/p>\n \u4f8b\u5982,\u5982\u679c\u4f60\u53ea\u5bf9 \/var\/log\/auth.log \u4e2d\u7684\u65e5\u671f\u3001\u65f6\u95f4\u548c\u4e8b\u4ef6\u6d88\u606f\u611f\u5174\u8da3,\u53ef\u4ee5\u4f7f\u7528:<\/p>\n cut<\/span> -d' '<\/span> -f1-3,6- \/var\/log\/auth.log<\/p>\n \u8fd9\u91cc,-d' ' \u5b9a\u4e49\u7a7a\u683c\u4e3a\u5b57\u6bb5\u5206\u9694\u7b26,-f1-3,6- \u9009\u62e9\u4e86\u7b2c1\u5230\u7b2c3\u4e2a\u5b57\u6bb5,\u4ee5\u53ca\u4ece\u7b2c6\u4e2a\u5b57\u6bb5\u5230\u884c\u5c3e\u7684\u6240\u6709\u5b57\u6bb5\u3002<\/p>\n \u7ed3\u5408\u4f7f\u7528 grep \u547d\u4ee4\u548c\u6b63\u5219\u8868\u8fbe\u5f0f\u53ef\u4ee5\u5e2e\u52a9\u4f60\u8fc7\u6ee4\u548c\u663e\u793a\u5305\u542b\u7279\u5b9a\u6a21\u5f0f\u7684\u65e5\u5fd7\u884c\u3002\u5982\u679c\u4f60\u60f3\u8fdb\u4e00\u6b65\u683c\u5f0f\u5316\u8fd9\u4e9b\u884c\u7684\u663e\u793a,\u53ef\u4ee5\u5c06 grep \u7684\u8f93\u51fa\u901a\u8fc7\u7ba1\u9053\u4f20\u9012\u7ed9 awk\u3001cut \u6216\u5176\u4ed6\u6587\u672c\u5904\u7406\u5de5\u5177\u3002<\/p>\n \u4f8b\u5982,\u8fc7\u6ee4 \/var\/log\/messages \u4e2d\u7684\u9519\u8bef\u65e5\u5fd7,\u5e76\u683c\u5f0f\u5316\u8f93\u51fa:<\/p>\n grep<\/span> "error"<\/span> \/var\/log\/messages |<\/span> cut<\/span> -d' '<\/span> -f1-3,5-<\/p>\n sed \u662f\u53e6\u4e00\u4e2a\u6587\u672c\u5904\u7406\u5de5\u5177,\u53ef\u4ee5\u7528\u4e8e\u683c\u5f0f\u5316\u8f93\u51fa\u65e5\u5fd7\u6587\u4ef6\u3002\u901a\u8fc7\u4f7f\u7528 sed \u7684\u66ff\u6362\u529f\u80fd,\u4f60\u53ef\u4ee5\u9ad8\u4eae\u6216\u66ff\u6362\u65e5\u5fd7\u6587\u4ef6\u4e2d\u7684\u7279\u5b9a\u6587\u672c,\u4f7f\u8f93\u51fa\u66f4\u6613\u4e8e\u9605\u8bfb\u3002<\/p>\n \u4f8b\u5982,\u9ad8\u4eae\u663e\u793a \/var\/log\/dmesg \u4e2d\u5305\u542b \u201cerror\u201d \u7684\u6587\u672c:<\/p>\n sed<\/span> 's\/error\/\\\\x1b[31m&\\\\x1b[0m\/g'<\/span> \/var\/log\/dmesg<\/p>\n \u8fd9\u91cc\u4f7f\u7528\u4e86 ANSI \u8f6c\u4e49\u5e8f\u5217\u6765\u5c06\u5339\u914d\u7684\u6587\u672c\u53d8\u4e3a\u7ea2\u8272\u3002<\/p>\n \u5bf9\u4e8e\u4f7f\u7528 systemd \u7684\u7cfb\u7edf,journalctl \u63d0\u4f9b\u4e86\u591a\u79cd\u683c\u5f0f\u5316\u8f93\u51fa\u9009\u9879\u3002\u4f8b\u5982,\u4f60\u53ef\u4ee5\u4f7f\u7528 -o \u9009\u9879\u6765\u6307\u5b9a\u8f93\u51fa\u683c\u5f0f,\u5982 JSON\u3002<\/p>\n \u8f93\u51fa\u65e5\u5fd7\u4e3a JSON \u683c\u5f0f:<\/p>\n journalctl -o<\/span> json-pretty<\/p>\n \u8fd9\u5c06\u4ee5\u6613\u4e8e\u9605\u8bfb\u7684 JSON \u683c\u5f0f\u8f93\u51fa\u65e5\u5fd7,\u4fbf\u4e8e\u89e3\u6790\u548c\u5206\u6790\u3002<\/p>\n \u901a\u8fc7\u8fd9\u4e9b\u65b9\u6cd5,\u4f60\u53ef\u4ee5\u6839\u636e\u9700\u8981\u9009\u62e9\u5408\u9002\u7684\u5de5\u5177\u548c\u547d\u4ee4\u6765\u683c\u5f0f\u5316\u8f93\u51fa Linux \u65e5\u5fd7\u6587\u4ef6,\u4f7f\u5176\u66f4\u52a0\u6e05\u6670\u548c\u6709\u7528\u3002<\/p>\n \u5c06\u547d\u4ee4\u7ec4\u5408\u6210\u7ba1\u9053,\u4ee5\u5b9e\u73b0\u5b9e\u65f6\u76d1\u63a7\u5e26\u6709\u5173\u952e\u5b57\u7684\u65e5\u5fd7,\u662f\u4e00\u79cd\u9ad8\u6548\u7684\u65e5\u5fd7\u5206\u6790\u6280\u672f\u3002\u8fd9\u901a\u5e38\u6d89\u53ca\u5230\u4f7f\u7528 tail\u3001grep \u4ee5\u53ca\u5176\u4ed6\u6587\u672c\u5904\u7406\u547d\u4ee4\u7684\u7ec4\u5408\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u57fa\u672c\u7684\u6b65\u9aa4\u8bf4\u660e,\u4ee5\u53ca\u4e00\u4e2a\u5b9e\u9645\u7684\u4f8b\u5b50:<\/p>\n \u4f7f\u7528 tail -f:\u8fd9\u4e2a\u547d\u4ee4\u7528\u4e8e\u5b9e\u65f6\u76d1\u63a7\u65e5\u5fd7\u6587\u4ef6\u7684\u65b0\u589e\u5185\u5bb9\u3002-f \u53c2\u6570\u8ba9 tail \u547d\u4ee4\u6301\u7eed\u8fd0\u884c,\u52a8\u6001\u663e\u793a\u65e5\u5fd7\u6587\u4ef6\u7684\u6700\u65b0\u8ffd\u52a0\u5185\u5bb9\u3002<\/p>\n<\/li>\n \u914d\u5408 grep \u8fc7\u6ee4:\u901a\u8fc7\u7ba1\u9053 (|) \u5c06 tail -f \u7684\u8f93\u51fa\u4f20\u9012\u7ed9 grep \u547d\u4ee4,\u53ef\u4ee5\u5b9e\u65f6\u8fc7\u6ee4\u51fa\u5305\u542b\u7279\u5b9a\u5173\u952e\u5b57\u7684\u65e5\u5fd7\u884c\u3002<\/p>\n<\/li>\n (\u53ef\u9009)\u8fdb\u4e00\u6b65\u5904\u7406:\u5982\u679c\u9700\u8981,\u53ef\u4ee5\u5c06 grep \u7684\u8f93\u51fa\u518d\u901a\u8fc7\u7ba1\u9053\u4f20\u9012\u7ed9\u5176\u4ed6\u547d\u4ee4(\u5982 awk, sed, cut \u7b49)\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u5904\u7406\u6216\u683c\u5f0f\u5316\u3002<\/p>\n<\/li>\n \u5047\u8bbe\u4f60\u60f3\u5b9e\u65f6\u76d1\u63a7 \/var\/log\/syslog \u6587\u4ef6,\u5bfb\u627e\u5305\u542b \u201cerror\u201d \u5173\u952e\u5b57\u7684\u65e5\u5fd7\u884c\u3002\u4f60\u53ef\u4ee5\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u7ec4\u5408:<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> grep<\/span> "error"<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u4f1a\u6301\u7eed\u8fd0\u884c,\u5b9e\u65f6\u663e\u793a \/var\/log\/syslog \u6587\u4ef6\u4e2d\u65b0\u589e\u7684\u5305\u542b \u201cerror\u201d \u7684\u65e5\u5fd7\u884c\u3002<\/p>\n \u4f7f\u7528 egrep \u8fdb\u884c\u591a\u5173\u952e\u5b57\u8fc7\u6ee4:\u5982\u679c\u4f60\u60f3\u540c\u65f6\u76d1\u63a7\u591a\u4e2a\u5173\u952e\u5b57,\u53ef\u4ee5\u4f7f\u7528 egrep(\u6216 grep -E),\u5e76\u901a\u8fc7\u7ba1\u9053\u7b26 (|) \u5728\u5173\u952e\u5b57\u4e4b\u95f4\u8fdb\u884c\u903b\u8f91\u201c\u6216\u201d\u64cd\u4f5c\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> egrep<\/span> "error|warning|critical"<\/span>\n <\/li>\n \u5ffd\u7565\u5927\u5c0f\u5199:\u4f7f\u7528 grep \u7684 -i \u53c2\u6570\u53ef\u4ee5\u5ffd\u7565\u5173\u952e\u5b57\u7684\u5927\u5c0f\u5199\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> grep<\/span> -i<\/span> "error"<\/span>\n <\/li>\n \u5f69\u8272\u9ad8\u4eae\u5173\u952e\u5b57:\u4f7f\u7528 grep \u7684 –color \u53c2\u6570\u53ef\u4ee5\u5c06\u5339\u914d\u7684\u5173\u952e\u5b57\u4ee5\u5f69\u8272\u9ad8\u4eae\u663e\u793a,\u4ece\u800c\u66f4\u5bb9\u6613\u5730\u4ece\u5927\u91cf\u6587\u672c\u4e2d\u8bc6\u522b\u51fa\u6765\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> grep<\/span> –color<\/span> "error"<\/span>\n <\/li>\n<\/ul>\n \u901a\u8fc7\u8fd9\u79cd\u65b9\u5f0f,\u4f60\u53ef\u4ee5\u7075\u6d3b\u5730\u7ec4\u5408\u4e0d\u540c\u7684\u547d\u4ee4,\u6839\u636e\u81ea\u5df1\u7684\u9700\u6c42\u5b9e\u65f6\u76d1\u63a7\u548c\u5206\u6790\u65e5\u5fd7\u6587\u4ef6\u4e2d\u7684\u7279\u5b9a\u4fe1\u606f\u3002<\/p>\n \u65e5\u5fd7\u52a8\u6001\u622a\u53d6\u901a\u5e38\u6307\u7684\u662f\u5728\u65e5\u5fd7\u6587\u4ef6\u751f\u6210\u65f6,\u5b9e\u65f6\u63d0\u53d6\u5176\u4e2d\u7684\u7279\u5b9a\u4fe1\u606f\u6216\u6839\u636e\u4e00\u5b9a\u7684\u6761\u4ef6\u5bf9\u5176\u8fdb\u884c\u7b5b\u9009\u3002\u8fd9\u5728\u76d1\u63a7\u7cfb\u7edf\u72b6\u6001\u3001\u5b89\u5168\u5ba1\u8ba1\u6216\u95ee\u9898\u8bca\u65ad\u65f6\u7279\u522b\u6709\u7528\u3002\u5b9e\u73b0\u65e5\u5fd7\u52a8\u6001\u622a\u53d6\u53ef\u4ee5\u901a\u8fc7\u591a\u79cd\u65b9\u5f0f,\u8fd9\u91cc\u5c06\u4ecb\u7ecd\u51e0\u79cd\u5e38\u7528\u7684\u65b9\u6cd5:<\/p>\n \u8fd9\u662f\u6700\u7b80\u5355\u76f4\u63a5\u7684\u65b9\u5f0f,\u9002\u7528\u4e8e\u5feb\u901f\u76d1\u63a7\u548c\u7b5b\u9009\u7279\u5b9a\u5173\u952e\u8bcd\u7684\u65e5\u5fd7\u6761\u76ee\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> grep<\/span> "\u7279\u5b9a\u5173\u952e\u8bcd"<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u4f1a\u5b9e\u65f6\u663e\u793a \/var\/log\/syslog \u4e2d\u5305\u542b\u201c\u7279\u5b9a\u5173\u952e\u8bcd\u201d\u7684\u884c\u3002\u4f60\u53ef\u4ee5\u6839\u636e\u9700\u8981\u66f4\u6362\u65e5\u5fd7\u6587\u4ef6\u8def\u5f84\u548c\u5173\u952e\u8bcd\u3002<\/p>\n \u5f53\u9700\u8981\u57fa\u4e8e\u66f4\u590d\u6742\u7684\u903b\u8f91\u8fdb\u884c\u65e5\u5fd7\u622a\u53d6\u65f6,awk \u662f\u4e00\u4e2a\u975e\u5e38\u5f3a\u5927\u7684\u5de5\u5177\u3002\u5b83\u4e0d\u4ec5\u53ef\u4ee5\u57fa\u4e8e\u6a21\u5f0f\u5339\u914d\u8fdb\u884c\u6587\u672c\u7b5b\u9009,\u8fd8\u53ef\u4ee5\u8fdb\u884c\u6587\u672c\u5206\u6790\u548c\u5904\u7406\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> awk<\/span> '\/\u9519\u8bef\u6a21\u5f0f1|\u9519\u8bef\u6a21\u5f0f2\/ {print $0}'<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u4f1a\u5b9e\u65f6\u7b5b\u9009\u51fa\u5305\u542b\u201c\u9519\u8bef\u6a21\u5f0f1\u201d\u6216\u201c\u9519\u8bef\u6a21\u5f0f2\u201d\u7684\u65e5\u5fd7\u884c\u3002<\/p>\n sed \u662f\u6d41\u7f16\u8f91\u5668,\u53ef\u4ee5\u7528\u6765\u5b9e\u73b0\u66f4\u7075\u6d3b\u7684\u6587\u672c\u7f16\u8f91\u548c\u5904\u7406\u4efb\u52a1,\u5982\u66ff\u6362\u3001\u5220\u9664\u3001\u63d2\u5165\u7b49\u3002<\/p>\n tail<\/span> -f<\/span> \/var\/log\/syslog |<\/span> sed<\/span> -n<\/span> '\/\u6a21\u5f0f\/p'<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u5b9e\u65f6\u5730\u4ece \/var\/log\/syslog \u4e2d\u7b5b\u9009\u51fa\u5305\u542b\u67d0\u4e2a\u6a21\u5f0f\u7684\u884c\u3002<\/p>\n multitail \u5141\u8bb8\u4f60\u5728\u4e00\u4e2a\u7ec8\u7aef\u7a97\u53e3\u4e2d\u540c\u65f6\u76d1\u63a7\u591a\u4e2a\u65e5\u5fd7\u6587\u4ef6,\u8fd8\u53ef\u4ee5\u5bf9\u4e0d\u540c\u7684\u6587\u4ef6\u5e94\u7528\u4e0d\u540c\u7684\u8fc7\u6ee4\u89c4\u5219\u3002<\/p>\n multitail -e<\/span> "\u9519\u8bef\u6a21\u5f0f1"<\/span> -l<\/span> "tail -f \/var\/log\/syslog"<\/span> -e<\/span> "\u9519\u8bef\u6a21\u5f0f2"<\/span> -l<\/span> "tail -f \/var\/log\/auth.log"<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u540c\u65f6\u76d1\u63a7 \/var\/log\/syslog \u548c \/var\/log\/auth.log \u4e24\u4e2a\u65e5\u5fd7\u6587\u4ef6,\u5206\u522b\u7b5b\u9009\u51fa\u5305\u542b\u201c\u9519\u8bef\u6a21\u5f0f1\u201d\u548c\u201c\u9519\u8bef\u6a21\u5f0f2\u201d\u7684\u884c\u3002<\/p>\n \u5bf9\u4e8e\u4f7f\u7528 systemd \u7684\u7cfb\u7edf,journalctl \u547d\u4ee4\u63d0\u4f9b\u4e86\u5f3a\u5927\u7684\u65e5\u5fd7\u67e5\u770b\u548c\u7b5b\u9009\u529f\u80fd,\u652f\u6301\u6309\u65f6\u95f4\u3001\u670d\u52a1\u3001\u4f18\u5148\u7ea7\u7b49\u591a\u79cd\u6761\u4ef6\u7b5b\u9009\u65e5\u5fd7\u3002<\/p>\n journalctl -f<\/span> |<\/span> grep<\/span> "\u7279\u5b9a\u5173\u952e\u8bcd"<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u5b9e\u65f6\u663e\u793a\u7cfb\u7edf\u65e5\u5fd7\u4e2d\u5305\u542b\u201c\u7279\u5b9a\u5173\u952e\u8bcd\u201d\u7684\u6761\u76ee\u3002<\/p>\n \u901a\u8fc7\u8fd9\u4e9b\u65b9\u6cd5,\u4f60\u53ef\u4ee5\u7075\u6d3b\u5730\u5b9e\u73b0\u65e5\u5fd7\u52a8\u6001\u622a\u53d6,\u6839\u636e\u5b9e\u9645\u9700\u6c42\u9009\u62e9\u5408\u9002\u7684\u5de5\u5177\u548c\u6280\u672f\u3002\u8fd9\u5bf9\u4e8e\u5b9e\u65f6\u65e5\u5fd7\u5206\u6790\u548c\u7cfb\u7edf\u76d1\u63a7\u6765\u8bf4\u662f\u975e\u5e38\u91cd\u8981\u7684\u6280\u80fd\u3002<\/p>\n \u5b9e\u73b0 Linux \u65e5\u5fd7\u533a\u95f4\u622a\u53d6\u610f\u5473\u7740\u63d0\u53d6\u65e5\u5fd7\u6587\u4ef6\u4e2d\u6307\u5b9a\u65f6\u95f4\u533a\u95f4\u6216\u884c\u53f7\u533a\u95f4\u5185\u7684\u5185\u5bb9\u3002\u8fd9\u5bf9\u4e8e\u5206\u6790\u7279\u5b9a\u4e8b\u4ef6\u6216\u95ee\u9898\u975e\u5e38\u6709\u7528\u3002\u4ee5\u4e0b\u662f\u51e0\u79cd\u65b9\u6cd5\u6765\u5b9e\u73b0\u65e5\u5fd7\u533a\u95f4\u622a\u53d6:<\/p>\n \u5982\u679c\u4f60\u77e5\u9053\u9700\u8981\u622a\u53d6\u7684\u65e5\u5fd7\u5185\u5bb9\u7684\u8d77\u59cb\u548c\u7ed3\u675f\u884c\u53f7,\u53ef\u4ee5\u4f7f\u7528 sed \u547d\u4ee4:<\/p>\n sed<\/span> -n<\/span> '\u8d77\u59cb\u884c\u53f7,\u7ed3\u675f\u884c\u53f7p'<\/span> \u65e5\u5fd7\u6587\u4ef6<\/p>\n \u4f8b\u5982,\u622a\u53d6 \/var\/log\/syslog \u6587\u4ef6\u7684\u7b2c100\u884c\u5230\u7b2c200\u884c:<\/p>\n sed<\/span> -n<\/span> '100,200p'<\/span> \/var\/log\/syslog<\/p>\n awk \u53ef\u4ee5\u57fa\u4e8e\u590d\u6742\u7684\u6a21\u5f0f\u548c\u6761\u4ef6\u6765\u5904\u7406\u6587\u672c,\u5305\u62ec\u6839\u636e\u65f6\u95f4\u622a\u53d6\u65e5\u5fd7\u533a\u95f4\u3002\u5982\u679c\u65e5\u5fd7\u4e2d\u5305\u542b\u65f6\u95f4\u6233,\u4f60\u53ef\u4ee5\u8fd9\u6837\u505a:<\/p>\n awk<\/span> '\/\u8d77\u59cb\u6a21\u5f0f\/,\/\u7ed3\u675f\u6a21\u5f0f\/'<\/span> \u65e5\u5fd7\u6587\u4ef6<\/p>\n \u4f8b\u5982,\u622a\u53d6 \/var\/log\/syslog \u4e2d\u4ece"Jan 1 12:00:00"\u5230"Jan 2 12:00:00"\u4e4b\u95f4\u7684\u65e5\u5fd7:<\/p>\n awk<\/span> '\/Jan 1 12:00:00\/,\/Jan 2 12:00:00\/'<\/span> \/var\/log\/syslog<\/p>\n \u7ed3\u5408 grep \u548c\u6b63\u5219\u8868\u8fbe\u5f0f\u53ef\u4ee5\u5b9e\u73b0\u57fa\u4e8e\u7279\u5b9a\u6a21\u5f0f\u7684\u65e5\u5fd7\u622a\u53d6\u3002\u5982\u679c\u662f\u6309\u65e5\u671f\u622a\u53d6,\u53ef\u4ee5\u8fd9\u6837:<\/p>\n grep<\/span> -E<\/span> '^(\u65e5\u671f1|\u65e5\u671f2|\u65e5\u671f3)'<\/span> \u65e5\u5fd7\u6587\u4ef6<\/p>\n \u4f8b\u5982,\u622a\u53d6 \/var\/log\/auth.log \u4e2d\u6240\u67092023\u5e741\u67081\u65e5\u7684\u65e5\u5fd7:<\/p>\n grep<\/span> -E<\/span> '^Jan 1'<\/span> \/var\/log\/auth.log<\/p>\n \u5bf9\u4e8e\u4f7f\u7528 systemd \u7684\u7cfb\u7edf,journalctl \u63d0\u4f9b\u4e86\u6309\u65f6\u95f4\u622a\u53d6\u65e5\u5fd7\u7684\u529f\u80fd,\u975e\u5e38\u65b9\u4fbf:<\/p>\n journalctl –since<\/span> "2023-01-01 12:00:00"<\/span> –until<\/span> "2023-01-02 12:00:00"<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u622a\u53d6\u4ece2023\u5e741\u67081\u65e5\u4e2d\u5348\u52301\u67082\u65e5\u4e2d\u5348\u7684\u6240\u6709\u7cfb\u7edf\u65e5\u5fd7\u3002<\/p>\n \u5728\u67d0\u4e9b\u60c5\u51b5\u4e0b,\u5355\u4e00\u5de5\u5177\u53ef\u80fd\u65e0\u6cd5\u6ee1\u8db3\u6240\u6709\u9700\u6c42,\u4f60\u53ef\u80fd\u9700\u8981\u5c06\u591a\u4e2a\u547d\u4ee4\u7ed3\u5408\u8d77\u6765\u4f7f\u7528\u3002\u4f8b\u5982,\u4f7f\u7528 grep \u8fc7\u6ee4\u7279\u5b9a\u65e5\u671f\u7684\u65e5\u5fd7,\u7136\u540e\u7528 awk \u8fdb\u4e00\u6b65\u5904\u7406\u8f93\u51fa\u7ed3\u679c:<\/p>\n grep<\/span> 'Jan 1'<\/span> \/var\/log\/syslog |<\/span> awk<\/span> '{print $5, $6, $0}'<\/span><\/p>\n \u901a\u8fc7\u8fd9\u4e9b\u65b9\u6cd5,\u4f60\u53ef\u4ee5\u6839\u636e\u9700\u8981\u4ece Linux \u65e5\u5fd7\u6587\u4ef6\u4e2d\u622a\u53d6\u7279\u5b9a\u533a\u95f4\u7684\u5185\u5bb9,\u65e0\u8bba\u662f\u57fa\u4e8e\u884c\u53f7\u8fd8\u662f\u65f6\u95f4\u533a\u95f4\u3002\u8fd9\u5bf9\u4e8e\u65e5\u5fd7\u5206\u6790\u548c\u95ee\u9898\u8bca\u65ad\u6765\u8bf4\u975e\u5e38\u6709\u7528\u3002<\/p>\n \u5f53 Linux \u4e0b\u7684\u65e5\u5fd7\u6587\u4ef6\u53d8\u5f97\u8fc7\u5927\u65f6,\u5b83\u4eec\u4e0d\u4ec5\u4f1a\u5360\u7528\u5927\u91cf\u78c1\u76d8\u7a7a\u95f4,\u800c\u4e14\u8fd8\u4f1a\u4f7f\u65e5\u5fd7\u5904\u7406\u53d8\u5f97\u4f4e\u6548\u3002\u65e5\u5fd7\u6587\u4ef6\u7684\u5206\u5272\u548c\u8f6c\u50a8\u53ef\u4ee5\u5e2e\u52a9\u7ba1\u7406\u8fd9\u4e9b\u5927\u6587\u4ef6\u3002\u8fd9\u91cc\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u5b9e\u73b0\u65e5\u5fd7\u5206\u5272\u548c\u8f6c\u50a8:<\/p>\n logrotate \u662f Linux \u4e0a\u7528\u4e8e\u81ea\u52a8\u7ba1\u7406\u3001\u538b\u7f29\u3001\u5220\u9664\u548c\u8f6e\u8f6c\u65e5\u5fd7\u6587\u4ef6\u7684\u6807\u51c6\u5de5\u5177\u3002\u5927\u591a\u6570 Linux \u53d1\u884c\u7248\u90fd\u9884\u88c5\u4e86 logrotate \u5e76\u4e14\u5df2\u7ecf\u914d\u7f6e\u597d\u4e86\u7528\u4e8e\u7cfb\u7edf\u65e5\u5fd7\u7684\u8f6e\u8f6c\u7b56\u7565\u3002<\/p>\n \u4f8b\u5982,\u4e3a \/var\/log\/myapp.log \u521b\u5efa\u4e00\u4e2a\u7b80\u5355\u7684 logrotate \u914d\u7f6e\u53ef\u80fd\u770b\u8d77\u6765\u50cf\u8fd9\u6837:<\/p>\n \/var\/log\/myapp.log { \u8fd9\u4e2a\u914d\u7f6e\u610f\u5473\u7740 logrotate \u5c06\u6bcf\u5929\u8f6e\u8f6c myapp.log,\u4fdd\u75597\u5929\u7684\u65e5\u5fd7,\u538b\u7f29\u65e7\u65e5\u5fd7,\u5982\u679c\u65e5\u5fd7\u6587\u4ef6\u4e0d\u5b58\u5728\u5219\u5ffd\u7565,\u7a7a\u65e5\u5fd7\u6587\u4ef6\u4e0d\u8f6e\u8f6c,\u4e14\u521b\u5efa\u65b0\u7684\u65e5\u5fd7\u6587\u4ef6,\u8bbe\u7f6e\u76f8\u5e94\u7684\u6743\u9650\u548c\u6240\u6709\u8005\u3002<\/p>\n \u5982\u679c\u4f60\u9700\u8981\u7acb\u5373\u5206\u5272\u4e00\u4e2a\u8fc7\u5927\u7684\u65e5\u5fd7\u6587\u4ef6,\u800c\u4e0d\u7b49\u5f85 logrotate \u7684\u81ea\u52a8\u6267\u884c,\u53ef\u4ee5\u624b\u52a8\u8fdb\u884c\u3002\u4e00\u79cd\u65b9\u6cd5\u662f\u4f7f\u7528 split \u547d\u4ee4\u5206\u5272\u6587\u4ef6,\u53e6\u4e00\u79cd\u65b9\u6cd5\u662f\u76f4\u63a5\u79fb\u52a8\u5f53\u524d\u65e5\u5fd7\u6587\u4ef6\u7136\u540e\u901a\u77e5\u76f8\u5173\u670d\u52a1\u521b\u5efa\u4e00\u4e2a\u65b0\u7684\u65e5\u5fd7\u6587\u4ef6\u3002<\/p>\n mv<\/span> \/var\/log\/large.log \/var\/log\/large.log.old<\/p>\n systemctl restart myservice<\/p>\n \u6216\u8005,\u5982\u679c\u670d\u52a1\u652f\u6301\u4e0d\u91cd\u542f\u5373\u53ef\u91cd\u65b0\u6253\u5f00\u65e5\u5fd7\u6587\u4ef6\u7684\u4fe1\u53f7(\u4f8b\u5982,\u8bb8\u591a\u5b88\u62a4\u8fdb\u7a0b\u4f1a\u5728\u63a5\u6536\u5230 SIGHUP \u4fe1\u53f7\u65f6\u91cd\u65b0\u6253\u5f00\u65e5\u5fd7\u6587\u4ef6),\u4f60\u53ef\u4ee5\u53d1\u9001 SIGHUP:<\/p>\n pkill<\/span> -HUP<\/span> myservice<\/p>\n \u5bf9\u4e8e\u6ca1\u6709\u901a\u8fc7 logrotate \u7ba1\u7406\u7684\u81ea\u5b9a\u4e49\u65e5\u5fd7\u6216\u7279\u5b9a\u9700\u6c42,\u4f60\u53ef\u4ee5\u7f16\u5199\u4e00\u4e2a\u7b80\u5355\u7684\u811a\u672c\u6765\u5206\u5272\u65e5\u5fd7,\u7136\u540e\u901a\u8fc7 cron \u5b9a\u671f\u6267\u884c\u8fd9\u4e2a\u811a\u672c\u3002<\/p>\n \u521b\u5efa\u5206\u5272\u811a\u672c:\u7f16\u5199\u4e00\u4e2a\u811a\u672c\u6765\u79fb\u52a8\u65e5\u5fd7\u6587\u4ef6,\u5e76\u901a\u77e5\u76f8\u5173\u670d\u52a1\u3002<\/p>\n<\/li>\n \u8bbe\u7f6e cron \u4efb\u52a1:\u901a\u8fc7 crontab -e \u6dfb\u52a0\u4e00\u4e2a\u5b9a\u65f6\u4efb\u52a1\u6765\u5b9a\u671f\u6267\u884c\u4f60\u7684\u5206\u5272\u811a\u672c\u3002<\/p>\n<\/li>\n<\/ul>\n \u8bb0\u5f97\u5728\u6267\u884c\u65e5\u5fd7\u5206\u5272\u540e,\u9002\u5f53\u5730\u538b\u7f29\u548c\u6e05\u7406\u65e7\u7684\u65e5\u5fd7\u6587\u4ef6,\u4ee5\u8282\u7701\u78c1\u76d8\u7a7a\u95f4\u5e76\u4fdd\u6301\u65e5\u5fd7\u7ba1\u7406\u7684\u9ad8\u6548\u6027\u3002<\/p>\n Linux\u7cfb\u7edf\u4e2d,\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u548c\u7ba1\u7406\u5de5\u5177\u5bf9\u4e8e\u76d1\u63a7\u7cfb\u7edf\u5065\u5eb7\u3001\u8bca\u65ad\u95ee\u9898\u4ee5\u53ca\u5b89\u5168\u5ba1\u8ba1\u81f3\u5173\u91cd\u8981\u3002\u4e0b\u9762\u662f\u4e00\u4e9b\u5173\u952e\u7684\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u548c\u7ba1\u7406\u5de5\u5177\u7684\u7b80\u8ff0:<\/p>\n Syslog:<\/p>\n Systemd Journal:<\/p>\n Logrotate:<\/p>\n Logwatch \/ Logcheck:<\/p>\n Graylog \/ ELK Stack:<\/p>\n Linux\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1\u548c\u7ba1\u7406\u5de5\u5177\u4e3a\u7cfb\u7edf\u7ba1\u7406\u5458\u63d0\u4f9b\u4e86\u5f3a\u5927\u7684\u652f\u6301,\u5e2e\u52a9\u4ed6\u4eec\u76d1\u63a7\u7cfb\u7edf\u6d3b\u52a8\u3001\u5feb\u901f\u8bca\u65ad\u95ee\u9898\u5e76\u6267\u884c\u5b89\u5168\u5ba1\u8ba1\u3002\u4ece\u57fa\u7840\u7684Syslog\u670d\u52a1\u5230\u590d\u6742\u7684\u65e5\u5fd7\u5206\u6790\u5e73\u53f0\u5982ELK Stack,\u8fd9\u4e9b\u5de5\u5177\u548c\u670d\u52a1\u6db5\u76d6\u4e86\u4ece\u7b80\u5355\u5230\u590d\u6742\u7684\u5404\u79cd\u65e5\u5fd7\u7ba1\u7406\u9700\u6c42\u3002\u5408\u7406\u9009\u62e9\u548c\u914d\u7f6e\u8fd9\u4e9b\u5de5\u5177,\u53ef\u4ee5\u6781\u5927\u63d0\u9ad8\u65e5\u5fd7\u7ba1\u7406\u7684\u6548\u7387\u548c\u6548\u679c\u3002<\/p>\n \u5bf9 Nginx \u8bbf\u95ee\u65e5\u5fd7\u7684\u5206\u6790\u53ef\u4ee5\u5e2e\u52a9\u4f60\u4e86\u89e3\u7f51\u7ad9\u7684\u6d41\u91cf\u6a21\u5f0f\u3001\u8bc6\u522b\u6f5c\u5728\u7684\u5b89\u5168\u95ee\u9898\u3001\u4f18\u5316\u7f51\u7ad9\u6027\u80fd\u7b49\u3002\u65e5\u5fd7\u6587\u4ef6\u901a\u5e38\u4f4d\u4e8e \/var\/log\/nginx\/access.log,\u4f46\u8fd9\u53ef\u80fd\u6839\u636e\u4f60\u7684\u5b89\u88c5\u548c\u914d\u7f6e\u800c\u6709\u6240\u4e0d\u540c\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u57fa\u672c\u547d\u4ee4\u548c\u5de5\u5177,\u7528\u4e8e\u5206\u6790 Nginx \u8bbf\u95ee\u65e5\u5fd7:<\/p>\n \u67e5\u770b\u6700\u9891\u7e41\u7684 IP \u5730\u5740<\/p>\n awk<\/span> '{print $1}'<\/span> \/var\/log\/nginx\/access.log |<\/span> sort<\/span> |<\/span> uniq<\/span> -c<\/span> |<\/span> sort<\/span> -nr<\/span> |<\/span> head<\/span><\/p>\n \u8fd9\u4e2a\u547d\u4ee4\u63d0\u53d6\u6240\u6709\u7684 IP \u5730\u5740,\u8ba1\u6570\u3001\u6392\u5e8f\u5e76\u5217\u51fa\u51fa\u73b0\u6b21\u6570\u6700\u591a\u7684 IP \u5730\u5740\u3002<\/p>\n<\/li>\n \u5206\u6790\u6700\u5e38\u8bf7\u6c42\u7684\u9875\u9762<\/p>\n awk<\/span> '{print $7}'<\/span> \/var\/log\/nginx\/access.log |<\/span> sort<\/span> |<\/span> uniq<\/span> -c<\/span> |<\/span> sort<\/span> -nr<\/span> |<\/span> head<\/span><\/p>\n \u8fd9\u4f1a\u663e\u793a\u6700\u5e38\u88ab\u8bf7\u6c42\u7684\u9875\u9762\u8def\u5f84\u3002<\/p>\n<\/li>\n \u68c0\u67e5\u8fd4\u56de\u72b6\u6001\u7801<\/p>\n awk<\/span> '{print $9}'<\/span> \/var\/log\/nginx\/access.log |<\/span> sort<\/span> |<\/span> uniq<\/span> -c<\/span> |<\/span> sort<\/span> -nr<\/span><\/p>\n \u901a\u8fc7\u8fd9\u4e2a\u547d\u4ee4,\u4f60\u53ef\u4ee5\u770b\u5230\u5404\u79cd HTTP \u72b6\u6001\u7801\u7684\u5206\u5e03\u60c5\u51b5,\u4e86\u89e3\u662f\u5426\u6709\u5927\u91cf\u7684 4xx \u6216 5xx \u9519\u8bef\u3002<\/p>\n<\/li>\n \u67e5\u627e\u7279\u5b9a\u65f6\u95f4\u6bb5\u7684\u8bf7\u6c42<\/p>\n awk<\/span> '$4 >= "[06\/Feb\/2024:00:00:00" && $4 <= "[06\/Feb\/2024:23:59:59"'<\/span> \/var\/log\/nginx\/access.log<\/p>\n \u4fee\u6539\u65e5\u671f\u4ee5\u9002\u5e94\u4f60\u7684\u9700\u6c42,\u8fd9\u5bf9\u4e8e\u5206\u6790\u7279\u5b9a\u4e8b\u4ef6\u6216\u95ee\u9898\u975e\u5e38\u6709\u7528\u3002<\/p>\n<\/li>\n \u9664\u4e86\u8fd9\u4e9b\u57fa\u672c\u547d\u4ee4,\u8fd8\u6709\u4e00\u4e9b\u5de5\u5177\u53ef\u4ee5\u5e2e\u52a9\u4f60\u66f4\u6df1\u5165\u5730\u5206\u6790 Nginx \u8bbf\u95ee\u65e5\u5fd7:<\/p>\n GoAccess<\/p>\n Awstats<\/p>\n Logstash<\/p>\n \u901a\u8fc7\u8fd9\u4e9b\u547d\u4ee4\u548c\u5de5\u5177,\u4f60\u53ef\u4ee5\u4ece\u591a\u4e2a\u7ef4\u5ea6\u5206\u6790 Nginx \u8bbf\u95ee\u65e5\u5fd7,\u4ece\u800c\u83b7\u5f97\u5173\u4e8e\u7f51\u7ad9\u6027\u80fd\u3001\u7528\u6237\u884c\u4e3a\u548c\u6f5c\u5728\u5b89\u5168\u95ee\u9898\u7684\u5b9d\u8d35\u89c1\u89e3\u3002<\/p>\n Apache\u65e5\u5fd7\u5206\u6790\u5bf9\u4e8e\u7406\u89e3\u7f51\u7ad9\u7684\u8bbf\u95ee\u6a21\u5f0f\u3001\u76d1\u63a7\u670d\u52a1\u5668\u6027\u80fd\u3001\u8bca\u65ad\u9519\u8bef\u548c\u5b89\u5168\u5206\u6790\u81f3\u5173\u91cd\u8981\u3002Apache\u901a\u5e38\u6709\u4e24\u79cd\u4e3b\u8981\u7684\u65e5\u5fd7\u6587\u4ef6:\u8bbf\u95ee\u65e5\u5fd7(\u901a\u5e38\u662faccess_log)\u548c\u9519\u8bef\u65e5\u5fd7(\u901a\u5e38\u662ferror_log)\u3002\u4ee5\u4e0b\u662f\u4e00\u4e9b\u7528\u4e8e\u5206\u6790 Apache \u65e5\u5fd7\u548c\u67e5\u770b\u670d\u52a1\u5668\u72b6\u6001\u7684\u65b9\u6cd5:<\/p>\n \u67e5\u770b\u6700\u5e38\u8bbf\u95ee\u7684\u9875\u9762<\/p>\n awk<\/span> '{print $7}'<\/span> \/var\/log\/apache2\/access.log |<\/span> sort<\/span> |<\/span> uniq<\/span> -c<\/span> |<\/span> sort<\/span> -nr<\/span> |<\/span> head<\/span><\/p>\n \u8fd9\u5c06\u663e\u793a\u6700\u9891\u7e41\u8bf7\u6c42\u7684URL\u3002<\/p>\n<\/li>\n \u67e5\u627e\u6700\u6d3b\u8dc3\u7684IP\u5730\u5740<\/p>\n awk<\/span> '{print $1}'<\/span> \/var\/log\/apache2\/access.log |<\/span> sort<\/span> |<\/span> uniq<\/span> -c<\/span> |<\/span> sort<\/span> -nr<\/span> |<\/span> head<\/span><\/p>\n \u4f7f\u7528\u6b64\u547d\u4ee4\u53ef\u4ee5\u627e\u5230\u53d1\u51fa\u6700\u591a\u8bf7\u6c42\u7684\u524d\u51e0\u4e2aIP\u5730\u5740\u3002<\/p>\n<\/li>\n \u5206\u6790\u7279\u5b9a\u72b6\u6001\u7801\u7684\u8bf7\u6c42<\/p>\n awk<\/span> '($9 ~ \/404\/)'<\/span> \/var\/log\/apache2\/access.log 2. \u4f7f\u7528 less \u547d\u4ee4<\/h5>\n
3. \u4f7f\u7528 multitail \u547d\u4ee4<\/h5>\n
\nsudo<\/span> yum install<\/span> multitail # CentOS\/RedHat<\/span><\/p>\n4. \u4f7f\u7528 journalctl \u547d\u4ee4<\/h5>\n
3.\u5982\u4f55\u5e26\u5173\u952e\u8bcd\u67e5\u8be2Linux\u65e5\u5fd7\u6587\u4ef6 ?<\/h4>\n
1. \u4f7f\u7528 grep \u547d\u4ee4<\/h5>\n
2. \u4f7f\u7528 awk \u547d\u4ee4<\/h5>\n
3. \u4f7f\u7528 sed \u547d\u4ee4<\/h5>\n
4. \u4f7f\u7528 less \u547d\u4ee4<\/h5>\n
5. \u7ed3\u5408\u4f7f\u7528 zgrep \u547d\u4ee4\u641c\u7d22\u538b\u7f29\u7684\u65e5\u5fd7\u6587\u4ef6<\/h5>\n
4.\u5982\u4f55\u683c\u5f0f\u5316\u8f93\u51fa\u663e\u793aLinux\u65e5\u5fd7\u6587\u4ef6 ?<\/h4>\n
1. \u4f7f\u7528 awk \u547d\u4ee4<\/h5>\n
2. \u4f7f\u7528 cut \u547d\u4ee4<\/h5>\n
3. \u4f7f\u7528 grep \u547d\u4ee4\u4e0e\u6b63\u5219\u8868\u8fbe\u5f0f<\/h5>\n
4. \u4f7f\u7528 sed \u547d\u4ee4<\/h5>\n
5. \u4f7f\u7528 journalctl \u547d\u4ee4<\/h5>\n
5.\u7b80\u8ff0\u5982\u4f55\u5c06\u547d\u4ee4\u7ec4\u5408\u6210\u7ba1\u9053,\u5b9e\u73b0\u5b9e\u65f6\u76d1\u63a7\u5e26\u6709\u5173\u952e\u5b57\u7684\u65e5\u5fd7?<\/h4>\n
\u57fa\u672c\u6b65\u9aa4<\/h5>\n
\u5b9e\u9645\u4f8b\u5b50<\/h5>\n
\u9ad8\u7ea7\u7528\u6cd5<\/h5>\n
\n
6.\u89e3\u91ca\u5982\u4f55\u5b9e\u73b0\u65e5\u5fd7\u52a8\u6001\u622a\u53d6 ?<\/h4>\n
1. \u4f7f\u7528 tail \u548c grep \u7684\u7ec4\u5408<\/h5>\n
2. \u4f7f\u7528 awk \u5b9e\u73b0\u590d\u6742\u7684\u6587\u672c\u5904\u7406<\/h5>\n
3. \u7ed3\u5408\u4f7f\u7528 sed \u8fdb\u884c\u6d41\u7f16\u8f91<\/h5>\n
4. \u4f7f\u7528 multitail \u76d1\u63a7\u591a\u4e2a\u6587\u4ef6<\/h5>\n
5. \u5229\u7528 journalctl \u7684\u8fc7\u6ee4\u529f\u80fd<\/h5>\n
7.\u7b80\u8ff0\u5982\u4f55\u5b9e\u73b0Linux\u65e5\u5fd7\u533a\u95f4\u622a\u53d6 ?<\/h4>\n
1. \u4f7f\u7528 sed \u547d\u4ee4\u6839\u636e\u884c\u53f7\u622a\u53d6<\/h5>\n
2. \u4f7f\u7528 awk \u547d\u4ee4\u6839\u636e\u6a21\u5f0f\u622a\u53d6<\/h5>\n
3. \u4f7f\u7528 grep \u547d\u4ee4\u4e0e\u6b63\u5219\u8868\u8fbe\u5f0f<\/h5>\n
4. \u4f7f\u7528 journalctl \u547d\u4ee4\u622a\u53d6\u65f6\u95f4\u533a\u95f4\u7684\u65e5\u5fd7<\/h5>\n
\u7ed3\u5408\u5de5\u5177\u4f7f\u7528<\/h5>\n
8.\u5982\u4f55Linux\u4e0b\u65e5\u5fd7\u6587\u4ef6\u8fc7\u5927,\u5982\u4f55\u5b9e\u73b0\u5206\u5272,\u8f6c\u50a8 ?<\/h4>\n
1. \u4f7f\u7528 logrotate<\/h5>\n
\n
\n daily
\n rotate 7
\n compress
\n delaycompress
\n missingok
\n notifempty
\n create 640 root adm
\n}<\/p>\n2. \u624b\u52a8\u5206\u5272\u65e5\u5fd7\u6587\u4ef6<\/h5>\n
\n
\n
3. \u4f7f\u7528 cron \u4efb\u52a1\u5b9a\u671f\u5206\u5272\u65e5\u5fd7<\/h5>\n
\n
9.\u7b80\u8ff0Linux\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1,\u65e5\u5fd7\u7ba1\u7406\u5de5\u5177 ?<\/h4>\n
\u65e5\u5fd7\u8bb0\u5f55\u670d\u52a1<\/h5>\n
\n
\n
\u65e5\u5fd7\u7ba1\u7406\u5de5\u5177<\/h5>\n
\n
\n
\n
\u5c0f\u7ed3<\/h5>\n
10.\u7b80\u8ff0\u5982\u4f55\u5bf9Nginx\u8bbf\u95ee\u65e5\u5fd7\u5206\u6790\u4ee5\u53ca\u5e38\u7528\u7684\u547d\u4ee4 ?<\/h4>\n
\u5e38\u7528\u547d\u4ee4<\/h5>\n
\u65e5\u5fd7\u5206\u6790\u5de5\u5177<\/h5>\n
\n
\n
\n
11.\u5982\u4f55\u5bf9Apache\u65e5\u5fd7\u5206\u6790\u4e0e\u72b6\u6001\u67e5\u770b\u65b9\u6cd5 ?<\/h4>\n
\u5206\u6790 Apache \u8bbf\u95ee\u65e5\u5fd7<\/h5>\n