zoukankan      html  css  js  c++  java

  • 通过journalctl查看日志

    # 查看UID为1000的用户今天以来的日志
    sudo journalctl _UID=1000 --since today

    # 查看1分钟以前的日志
    cqq@snort-ids � ~ � sudo journalctl --since "1 min ago" [13:18:26]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:18:57 CST. --
    4月 24 13:18:19 snort-ids sudo[12664]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/usr/bin/vi /home/cqq/.zshrc
    4月 24 13:18:19 snort-ids sudo[12664]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:18:26 snort-ids sudo[12664]: pam_unix(sudo:session): session closed for user root
    4月 24 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
    4月 24 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:18:50 snort-ids systemd[1]: Started Session c12 of user cqq.
    4月 24 13:18:50 snort-ids systemd-logind[246]: New session c12 of user cqq.
    4月 24 13:18:57 snort-ids sudo[12743]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl --since 1 min ago
    4月 24 13:18:57 snort-ids sudo[12743]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)

    # 查看某个单元/服务的日志
    cqq@snort-ids � ~ � sudo journalctl -u ssh.service --since today [13:37:48]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:37:58 CST. --
    4月 24 13:06:43 snort-ids sshd[12157]: Accepted password for cqq from 192.168.10.247 port 52067 ssh2
    4月 24 13:06:43 snort-ids sshd[12157]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
    4月 24 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    4月 24 13:28:10 snort-ids sshd[13096]: Accepted password for cqq from 192.168.10.247 port 56326 ssh2
    4月 24 13:28:10 snort-ids sshd[13096]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
    cqq@snort-ids � ~ � sudo journalctl -u apache2 --since "2015-01-10" [13:38:49]
    -- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:41:03 CST. --
    4月 21 18:55:57 snort-ids systemd[1]: Starting The Apache HTTP Server...
    4月 21 18:55:59 snort-ids systemd[1]: Started The Apache HTTP Server.
    4月 22 01:59:04 snort-ids systemd[1]: Stopping The Apache HTTP Server...
    4月 22 01:59:04 snort-ids systemd[1]: Stopped The Apache HTTP Server.
    4月 22 01:59:04 snort-ids systemd[1]: Starting The Apache HTTP Server...
    4月 22 01:59:05 snort-ids systemd[1]: Started The Apache HTTP Server.
    4月 22 06:25:52 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 22 06:25:52 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
    4月 23 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 23 06:25:34 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
    4月 24 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
    4月 24 06:25:35 snort-ids systemd[1]: Reloaded The Apache HTTP Server.

    # 查看实时日志
    cqq@snort-ids � ~ � sudo journalctl -f [13:18:51]
    [sudo] cqq 的密码:
    -- Logs begin at Fri 2016-11-04 01:16:43 CST. --
    4月 24 13:23:27 snort-ids sudo[12888]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
    4月 24 13:25:01 snort-ids CRON[12942]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
    4月 24 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session closed for user root
    4月 24 13:25:10 snort-ids sudo[12888]: pam_unix(sudo:session): session closed for user root
    4月 24 13:25:57 snort-ids sudo[12990]: cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
    4月 24 13:25:57 snort-ids sudo[12990]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    4月 24 13:26:06 snort-ids sudo[12990]: pam_unix(sudo:session): session closed for user root
    4月 24 13:26:15 snort-ids sudo[13017]: cqq : TTY=pts/1 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
    4月 24 13:26:15 snort-ids sudo[13017]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
    24
    25
    26
    27
    28
    29
    30
    31
    32
    33
    34
    35
    36
    37
    38
    39
    40
    41
    42
    43
    44
    45
    46
    47
    48
    49
    50
    51
    52
    53
    54
    举个栗子。
    先查看某个unit/service的状态,发现它failed,然后输出该unit/service的内容(到底写的是什么,错误在哪里),发现错误是因为按照别人教程上写的,没把ruby的路径搞对,然后查看一下这个unit/service的日志,果然是有错的。
  • 相关阅读:
    HDU Railroad (记忆化)
    HDU 1227 Fast Food
    HDU 3008 Warcraft
    asp vbscript 检测客户端浏览器和操作系统(也可以易于升级到ASP.NET)
    Csharp 讀取大文本文件數據到DataTable中,大批量插入到數據庫中
    csharp 在万年历中计算显示农历日子出错
    csharp create ICS file extension
    CSS DIV Shadow
    DataTable search keyword
    User select fontface/color/size/backgroundColor设置 字体,颜色,大小,背景色兼容主流浏览器
  • 原文地址:https://www.cnblogs.com/agang-php/p/12588404.html
Copyright © 2011-2022 走看看