【CentOS 7筆記51】,Linux系統日誌#
shallow丿ovecentos
Linux系統日誌session
- var/log/messages #系統日誌
- /etc/logrotate.conf #日誌切割配置文件
- 參考http://my.oschina.net/u/2000675/blog/908189
- dmesg命令
- /var/log/dmesg #日誌
- last命令,調用的文件時/var/log/wtmp
- blast命令查看登陸失敗的用戶,對應文件時/var/log/btmp
- /var/log/secure
[root@localhost ~]# less /var/log/messages Dec 5 03:44:01 localhost rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="694" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Dec 5 03:50:01 localhost systemd: Started Session 33 of user root. Dec 5 03:50:01 localhost systemd: Starting Session 33 of user root. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/wpa_supplicant.service is marked executable. Please remove executable permission bits. Proceeding anyway. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/ebtables.service is marked executable. Please remove executable permission bits. Proceeding anyway. Dec 5 03:51:38 localhost systemd: Configuration file /usr/lib/systemd/system/auditd.service is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway. Dec 5 04:00:01 localhost systemd: Started Session 34 of user root. Dec 5 04:00:01 localhost systemd: Starting Session 34 of user root. Dec 5 04:01:01 localhost systemd: Started Session 35 of user root. Dec 5 04:01:01 localhost systemd: Starting Session 35 of user root. Dec 5 04:10:01 localhost systemd: Started Session 36 of user root. Dec 5 04:10:01 localhost systemd: Starting Session 36 of user root. /var/log/messages [root@localhost ~]# du -sh !$ du -sh /var/log/messages 312K /var/log/messages [root@localhost ~]# ls /var/log/messages* /var/log/messages /var/log/messages-20171121 /var/log/messages-20171205 /var/log/messages-20171113 /var/log/messages-20171127
[root@localhost ~]# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# uncomment this if you want your log files compressed
#compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
minsize 1M
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}
# system-specific logs may be also be configured here.
每週切割一次,保留四個,並建立一個新的文件,dateext爲後綴,是否壓縮,而且也會對/var/log/wtmp和/var/log/btmp進行切割,不過只保留一個,而月切割less
[root@localhost ~]# ls /etc/logrotate.d/ named ppp samba syslog vsftpd wpa_supplicant yum
[root@localhost ~]# cat /etc/logrotate.d/syslog
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
系統錯誤日誌ssh
[root@localhost ~]# dmesg . . . [root@localhost ~]# dmesg -c . . . [root@localhost ~]# dmesg
系統啓動日誌ide
[root@localhost ~]# ls /var//log/dmesg /var//log/dmesg [root@localhost ~]# less /var//log/dmesg [ 0.000000] Initializing cgroup subsys cpuset [ 0.000000] Initializing cgroup subsys cpu [ 0.000000] Initializing cgroup subsys cpuacct [ 0.000000] Linux version 3.10.0-123.el7.x86_64 (builder@kbuilder.dev.centos.org) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon Jun 30 12:09:22 UTC 2014 [ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-123.el7.x86_64 root=UUID=915e2a85-8d48-4667-9001-eae59adccb98 ro vconsole.keymap=us crashkernel=auto vconsole.font=latarcyrheb-sun16 rhgb quiet LANG=en_US.UTF-8 [ 0.000000] Disabled fast string operations [ 0.000000] e820: BIOS-provided physical RAM map: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable [ 0.000000] BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved [ 0.000000] BIOS-e820: [mem 0x00000000000dc000-0x00000000000fffff] reserved [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x000000007fedffff] usable [ 0.000000] BIOS-e820: [mem 0x000000007fee0000-0x000000007fefefff] ACPI data [ 0.000000] BIOS-e820: [mem 0x000000007feff000-0x000000007fefffff] ACPI NVS [ 0.000000] BIOS-e820: [mem 0x000000007ff00000-0x000000007fffffff] usable /var//log/dmesg
[root@localhost ~]# last root pts/1 192.168.9.1 Thu Dec 7 08:06 still logged in root pts/0 192.168.9.1 Thu Dec 7 04:30 - 08:10 (03:39) root tty1 Thu Dec 7 04:24 still logged in reboot system boot 3.10.0-123.el7.x Thu Dec 7 04:23 - 09:30 (05:06) root pts/0 192.168.9.1 Tue Dec 5 09:23 - down (11:14) root pts/1 192.168.9.1 Tue Dec 5 02:50 - 11:19 (08:28) root pts/0 192.168.9.1 Mon Dec 4 23:47 - 03:26 (03:39) root tty1 Mon Dec 4 23:40 - 20:37 (20:56) reboot system boot 3.10.0-123.el7.x Mon Dec 4 23:40 - 20:37 (20:57) root pts/1 192.168.9.1 Sat Dec 2 10:22 - down (03:30) root tty1 Sat Dec 2 04:38 - 13:52 (09:14) root pts/0 192.168.9.1 Sat Dec 2 02:51 - 11:40 (08:48) root tty1 Sat Dec 2 02:49 - 04:38 (01:49) reboot system boot 3.10.0-123.el7.x Sat Dec 2 02:46 - 13:53 (11:06) root tty1 Fri Dec 1 23:56 - 00:06 (00:10) reboot system boot 3.10.0-123.el7.x Fri Dec 1 23:53 - 13:53 (13:59) root tty1 Fri Dec 1 23:44 - 23:53 (00:08) reboot system boot 3.10.0-123.el7.x Fri Dec 1 23:43 - 23:53 (00:09) root pts/0 192.168.9.1 Fri Dec 1 22:34 - crash (01:09) root tty1 Fri Dec 1 22:34 - 22:45 (00:11) reboot system boot 3.10.0-123.el7.x Fri Dec 1 22:33 - 23:53 (01:19) root pts/0 192.168.9.1 Fri Dec 1 22:24 - crash (00:09) root tty1 Fri Dec 1 22:23 - 22:33 (00:09) reboot system boot 3.10.0-123.el7.x Fri Dec 1 22:22 - 23:53 (01:30) root pts/0 192.168.9.1 Fri Dec 1 09:29 - down (00:48) reboot system boot 3.10.0-123.el7.x Fri Dec 1 09:28 - 10:17 (00:49) root pts/0 192.168.9.1 Fri Dec 1 07:14 - down (02:09) root tty1 Fri Dec 1 07:13 - 09:23 (02:09) reboot system boot 3.10.0-123.el7.x Fri Dec 1 07:12 - 09:23 (02:11) root pts/0 192.168.9.1 Tue Nov 28 21:50 - down (04:01) root pts/2 192.168.9.1 Tue Nov 28 07:45 - 18:36 (10:50) root pts/2 192.168.9.1 Tue Nov 28 07:44 - 07:45 (00:01) root pts/3 192.168.9.1 Tue Nov 28 06:41 - 18:41 (12:00) root tty1 Tue Nov 28 06:40 - 01:52 (19:12) root pts/2 192.168.9.1 Tue Nov 28 06:12 - 07:44 (01:32) root pts/1 192.168.9.1 Tue Nov 28 00:36 - 07:56 (07:20) root pts/0 192.168.9.1 Mon Nov 27 20:23 - 08:03 (11:40) root pts/1 192.168.9.1 Mon Nov 27 10:41 - 21:59 (11:18) root pts/0 192.168.9.1 Mon Nov 27 01:23 - 11:22 (09:59) reboot system boot 3.10.0-123.el7.x Mon Nov 27 01:21 - 01:52 (2+00:31) root pts/0 192.168.9.1 Fri Nov 24 05:28 - crash (2+19:52) reboot system boot 3.10.0-123.el7.x Fri Nov 24 05:28 - 01:52 (4+20:24) root pts/0 192.168.9.1 Fri Nov 24 03:50 - down (01:37) reboot system boot 3.10.0-123.el7.x Fri Nov 24 03:50 - 05:27 (01:37) root pts/0 192.168.9.1 Thu Nov 23 15:34 - crash (12:15) root pts/0 192.168.9.1 Thu Nov 23 04:05 - 11:54 (07:49) reboot system boot 3.10.0-123.el7.x Thu Nov 23 04:03 - 05:27 (1+01:24) root pts/1 192.168.9.1 Tue Nov 21 09:49 - crash (1+18:14) root pts/0 192.168.9.1 Mon Nov 20 22:20 - 11:38 (13:18) reboot system boot 3.10.0-123.el7.x Mon Nov 20 22:20 - 05:27 (3+07:07) root pts/2 192.168.9.1 Thu Nov 16 22:34 - down (14:18) root tty1 Thu Nov 16 16:19 - down (20:33) root pts/1 192.168.9.1 Thu Nov 16 15:51 - 23:10 (07:19) root pts/1 192.168.9.1 Thu Nov 16 15:49 - 15:51 (00:02) root pts/0 192.168.9.1 Thu Nov 16 13:01 - 23:20 (10:18) root pts/0 192.168.9.1 Thu Nov 16 07:11 - 11:51 (04:39) reboot system boot 3.10.0-123.el7.x Thu Nov 16 07:11 - 12:53 (1+05:41) root pts/0 192.168.9.1 Thu Nov 16 04:07 - down (03:03) root pts/0 192.168.9.1 Thu Nov 16 02:51 - 04:06 (01:15) reboot system boot 3.10.0-123.el7.x Thu Nov 16 02:50 - 07:10 (04:19) root pts/1 192.168.9.1 Tue Nov 14 22:03 - crash (1+04:47) root pts/0 192.168.9.1 Tue Nov 14 15:06 - 23:55 (08:48) root pts/1 192.168.9.1 Tue Nov 14 09:36 - 11:36 (02:00) root pts/0 192.168.9.1 Mon Nov 13 22:26 - 11:15 (12:48) reboot system boot 3.10.0-123.el7.x Mon Nov 13 22:26 - 07:10 (2+08:44) root pts/0 192.168.9.1 Mon Nov 13 22:10 - down (00:03) reboot system boot 3.10.0-123.el7.x Mon Nov 13 22:09 - 22:14 (00:04) root pts/0 192.168.9.1 Sun Nov 12 21:27 - down (08:16) reboot system boot 3.10.0-123.el7.x Sun Nov 12 21:26 - 05:44 (08:17) root pts/0 192.168.9.1 Sun Nov 12 05:38 - 10:47 (05:09) root pts/0 192.168.9.1 Sat Nov 11 18:53 - 05:37 (10:44) reboot system boot 3.10.0-123.el7.x Sat Nov 11 18:51 - 05:44 (1+10:52) root pts/1 192.168.9.1 Thu Nov 9 09:53 - down (00:07) root pts/0 192.168.9.1 Wed Nov 8 17:23 - down (16:36) root pts/1 192.168.9.1 Wed Nov 8 06:25 - 19:03 (12:38) root pts/0 192.168.9.1 Wed Nov 8 00:56 - 08:10 (07:14) root pts/0 192.168.9.1 Tue Nov 7 22:45 - 00:56 (02:10) root pts/0 192.168.9.1 Tue Nov 7 19:32 - 22:45 (03:12) root pts/1 192.168.9.1 Tue Nov 7 08:57 - 21:06 (12:08) root pts/0 192.168.9.1 Tue Nov 7 05:28 - 10:28 (04:59) root tty1 Tue Nov 7 03:29 - down (2+06:31) reboot system boot 3.10.0-123.el7.x Tue Nov 7 03:28 - 10:00 (2+06:31) reboot system boot 3.10.0-123.el7.x Tue Nov 7 00:42 - 03:28 (02:45) reboot system boot 3.10.0-123.el7.x Mon Nov 6 07:53 - 08:00 (00:06) reboot system boot 3.10.0-123.el7.x Mon Nov 6 07:52 - 07:53 (00:01) reboot system boot 3.10.0-123.el7.x Mon Nov 6 06:11 - 06:11 (00:00) reboot system boot 3.10.0-123.el7.x Mon Nov 6 06:10 - 06:11 (00:00) root tty1 Mon Nov 6 06:09 - down (00:00) root pts/0 192.168.9.1 Mon Nov 6 05:11 - 06:08 (00:57) reboot system boot 3.10.0-123.el7.x Mon Nov 6 05:11 - 06:10 (00:59) root tty1 Mon Nov 6 04:57 - down (00:11) root pts/0 192.168.9.1 Sun Nov 5 20:35 - down (08:33) reboot system boot 3.10.0-123.el7.x Sun Nov 5 20:35 - 05:09 (08:34) root pts/0 192.168.9.1 Sat Nov 4 04:43 - down (03:54) root pts/0 192.168.9.1 Fri Nov 3 21:58 - 04:43 (06:45) root pts/1 192.168.9.1 Fri Nov 3 09:15 - 22:23 (13:08) root pts/0 192.168.9.1 Fri Nov 3 07:01 - 10:54 (03:52) root tty1 Fri Nov 3 06:59 - down (1+01:38) reboot system boot 3.10.0-123.el7.x Fri Nov 3 06:58 - 08:38 (1+01:39) root pts/0 192.168.9.1 Fri Nov 3 05:17 - down (01:11) root tty1 Fri Nov 3 05:17 - down (01:12) reboot system boot 3.10.0-123.el7.x Fri Nov 3 05:17 - 06:29 (01:12) root tty1 Fri Nov 3 05:06 - down (00:10) root pts/0 192.168.9.1 Fri Nov 3 03:55 - down (01:21) reboot system boot 3.10.0-123.el7.x Fri Nov 3 03:52 - 05:17 (01:24) root pts/0 192.168.9.1 Thu Nov 2 14:59 - down (00:00) root pts/1 192.168.9.1 Thu Nov 2 09:29 - 14:59 (05:29) root pts/0 192.168.9.1 Thu Nov 2 07:40 - 11:20 (03:39) reboot system boot 3.10.0-123.el7.x Thu Nov 2 07:36 - 15:00 (07:24) root pts/0 192.168.9.1 Wed Nov 1 03:43 - crash (1+03:52) root pts/0 192.168.9.1 Tue Oct 31 11:52 - 23:00 (11:08) root tty1 Tue Oct 31 08:29 - crash (1+23:06) reboot system boot 3.10.0-123.el7.x Tue Oct 31 08:29 - 15:00 (2+06:31) root pts/0 192.168.9.1 Mon Oct 30 10:06 - 17:47 (07:40) root tty1 Mon Oct 30 09:22 - down (08:24) reboot system boot 3.10.0-123.el7.x Mon Oct 30 07:04 - 17:47 (10:43) root pts/0 192.168.9.1 Sat Oct 28 18:12 - 11:00 (16:47) root tty1 Sat Oct 28 18:04 - crash (1+12:59) reboot system boot 3.10.0-123.el7.x Sat Oct 28 18:04 - 17:47 (1+23:42) root pts/0 192.168.9.1 Sat Oct 28 04:31 - down (00:23) root tty1 Fri Oct 27 23:11 - down (05:44) reboot system boot 3.10.0-123.el7.x Fri Oct 27 23:10 - 04:55 (05:44) root tty1 Fri Oct 27 23:09 - down (00:00) reboot system boot 3.10.0-123.el7.x Fri Oct 27 23:09 - 23:10 (00:01) root tty1 Fri Oct 27 09:16 - down (00:00) root pts/2 192.168.9.1 Fri Oct 27 09:14 - 09:15 (00:01) root pts/1 192.168.9.1 Fri Oct 27 04:21 - down (04:54) root pts/0 192.168.9.1 Fri Oct 27 04:21 - down (04:54) root tty1 Fri Oct 27 03:23 - 09:15 (05:52) reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:23 - 09:16 (05:52) root tty1 Fri Oct 27 03:22 - down (00:00) reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:22 - 03:22 (00:00) root tty1 Fri Oct 27 03:21 - down (00:00) reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:21 - 03:21 (00:00) root tty1 Fri Oct 27 03:20 - down (00:00) reboot system boot 3.10.0-123.el7.x Fri Oct 27 03:20 - 03:21 (00:00) root pts/3 192.168.9.1 Wed Oct 25 21:29 - down (04:53) root pts/2 192.168.9.1 Wed Oct 25 21:29 - down (04:53) root pts/1 192.168.9.1 Wed Oct 25 15:48 - 22:58 (07:09) root pts/0 192.168.9.1 Wed Oct 25 15:48 - 22:57 (07:09) root pts/0 192.168.9.1 Wed Oct 25 15:48 - 15:48 (00:00) root pts/3 192.168.9.1 Wed Oct 25 10:19 - 15:48 (05:28) root pts/2 192.168.9.1 Wed Oct 25 10:19 - 15:48 (05:29) root pts/1 192.168.9.1 Wed Oct 25 04:17 - 11:40 (07:23) root pts/0 192.168.9.1 Wed Oct 25 04:17 - 11:41 (07:23) root tty1 Wed Oct 25 04:16 - down (22:07) reboot system boot 3.10.0-123.el7.x Wed Oct 25 04:15 - 02:23 (22:07) root tty1 Tue Oct 24 22:17 - crash (05:58) reboot system boot 3.10.0-123.el7.x Tue Oct 24 22:17 - 02:23 (1+04:05) root pts/1 192.168.9.1 Tue Oct 24 08:52 - down (00:25) root pts/0 192.168.9.1 Tue Oct 24 08:52 - down (00:25) root tty1 Mon Oct 23 23:45 - down (09:33) reboot system boot 3.10.0-123.el7.x Mon Oct 23 23:43 - 09:18 (09:34) root tty1 Sun Oct 22 07:43 - down (01:43) reboot system boot 3.10.0-123.el7.x Sun Oct 22 07:42 - 09:26 (01:44) root tty1 Sun Oct 22 03:31 - down (02:27) reboot system boot 3.10.0-123.el7.x Sun Oct 22 03:31 - 05:59 (02:27) root tty1 Sat Oct 21 02:57 - down (03:27) reboot system boot 3.10.0-123.el7.x Sat Oct 21 02:48 - 06:25 (03:37) root tty1 Fri Oct 20 16:53 - crash (09:55) reboot system boot 3.10.0-123.el7.x Fri Oct 20 16:53 - 06:25 (13:32) root tty1 Fri Oct 20 07:47 - crash (09:05) reboot system boot 3.10.0-123.el7.x Fri Oct 20 07:47 - 06:25 (22:38) root tty1 Fri Oct 20 07:31 - down (00:00) root tty1 Fri Oct 20 04:36 - 07:30 (02:54) reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:34 - 07:31 (02:57) reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:33 - 07:31 (02:58) root tty1 Fri Oct 20 04:19 - down (00:00) reboot system boot 3.10.0-123.el7.x Fri Oct 20 04:18 - 04:19 (00:00) root tty1 Wed Oct 18 05:20 - down (06:59) reboot system boot 3.10.0-123.el7.x Wed Oct 18 05:19 - 12:20 (07:00) wtmp begins Wed Oct 18 05:19:30 2017
last調用/var/log/wtmp二進制文件post
[root@localhost ~]# lastb btmp begins Fri Dec 1 08:08:01 2017
lastb調用/var/log/btmp二進制文件ui
登陸系統驗證成功就會記錄日誌this
[root@localhost ~]# less /var/log/secure Dec 5 04:44:24 localhost polkitd[958]: Registered Authentication Agent for unix-process:4204:1824850 (system bus name :1.138 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 5 04:44:24 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4204:1824850 (system bus name :1.138, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 5 04:44:30 localhost polkitd[958]: Registered Authentication Agent for unix-process:4230:1825476 (system bus name :1.139 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 5 04:44:30 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4230:1825476 (system bus name :1.139, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 5 04:44:58 localhost polkitd[958]: Registered Authentication Agent for unix-process:4256:1828186 (system bus name :1.140 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 5 04:44:58 localhost polkitd[958]: Unregistered Authentication Agent for unix-process:4256:1828186 (system bus name :1.140, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale e/var/log/secure
登陸系統驗證成功就會記錄日誌,例如:暴力破解,不停嘗試登陸.net
Aunix
[root@localhost ~]# tail -f /var/log/secure Dec 7 04:30:37 localhost sshd[2863]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 7 04:52:50 localhost polkitd[1010]: Registered Authentication Agent for unix-process:2975:175583 (system bus name :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 04:52:50 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:2975:175583 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:22 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 08:06:23 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:24 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 08:06:25 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:45 localhost sshd[4013]: Accepted password for root from 192.168.9.1 port 21445 ssh2 Dec 7 08:06:45 localhost sshd[4013]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 7 08:10:34 localhost sshd[2863]: pam_unix(sshd:session): session closed for user root Dec 7 09:37:09 localhost sshd[4444]: pam_unix(sshd:session): session opened for user root by (uid=0)
B
[root@centos11233 ~]# ssh 192.168.9.134 root@192.168.9.134's password: Last login: Thu Dec 7 08:06:45 2017 from 192.168.9.1
A
[root@localhost ~]# tail -f /var/log/secure Dec 7 04:30:37 localhost sshd[2863]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 7 04:52:50 localhost polkitd[1010]: Registered Authentication Agent for unix-process:2975:175583 (system bus name :1.43 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 04:52:50 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:2975:175583 (system bus name :1.43, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:22 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 08:06:23 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3288:1336838 (system bus name :1.46, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:24 localhost polkitd[1010]: Registered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Dec 7 08:06:25 localhost polkitd[1010]: Unregistered Authentication Agent for unix-process:3650:1337028 (system bus name :1.68, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus) Dec 7 08:06:45 localhost sshd[4013]: Accepted password for root from 192.168.9.1 port 21445 ssh2 Dec 7 08:06:45 localhost sshd[4013]: pam_unix(sshd:session): session opened for user root by (uid=0) Dec 7 08:10:34 localhost sshd[2863]: pam_unix(sshd:session): session closed for user root Dec 7 09:36:38 localhost sshd[4442]: Connection closed by 192.168.9.233 [preauth] Dec 7 09:37:09 localhost sshd[4444]: Accepted password for root from 192.168.9.233 port 51284 ssh2 Dec 7 09:37:09 localhost sshd[4444]: pam_unix(sshd:session): session opened for user root by (uid=0)
B
[root@localhost ~]# logout Connection to 192.168.9.134 closed.
相關文章
- 1. CentOS系統日誌
- 2. linux系統日誌
- 3. linux 系統日誌
- 4. 【Linux日誌】系統日誌及分析
- 5. Linux日誌 系統日誌及分析
- 6. Linux---系統日誌
- 7. Linux--------系統日誌
- 8. Linux系統日誌
- 9. LINUX系統日誌
- 10. Centos修改dhcpd日誌不記入系統日誌
- 更多相關文章...
- • 操作系統(OS)平臺 統計 - 瀏覽器信息
- • 系統定義的TypeHandler - MyBatis教程
- • Tomcat學習筆記(史上最全tomcat學習筆記)
- • Docker容器實戰(七) - 容器眼光下的文件系統
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
歡迎關注本站公眾號,獲取更多信息
相關文章
- 1. CentOS系統日誌
- 2. linux系統日誌
- 3. linux 系統日誌
- 4. 【Linux日誌】系統日誌及分析
- 5. Linux日誌 系統日誌及分析
- 6. Linux---系統日誌
- 7. Linux--------系統日誌
- 8. Linux系統日誌
- 9. LINUX系統日誌
- 10. Centos修改dhcpd日誌不記入系統日誌