linux导出日志命令,linux查看运行日志

参考：如何查看linux系统上常用的日志和二进制登录/var/log/wtmp文件

/var/log [ yuanbao墙@ localhost~] $ CD/var/log/[ yuanbao墙@ localhost log ] $ pwd； ls-lwtmpsecuremessagesmaillog/var/log-rw---1 root root0nov 1606336056 maillog-rw---1 root root 3184978 nov 1800336027消息传递- rw---1 36025安全为了在var/log/wtmp中记录登录信息，防止他人更改数据，该文件是二进制文件。 用cat看内容的话会乱码。 可以使用last命令或last -f /var/log/wtmp。 虽然也有博客说可以用reset命令解决，但是我没有成功。 参考： Linux因为cat查看了数据文件，导致了乱码。 可以使用od命令显示二进制文件。

[yuanbaoqiang@localhost ~] $ lastyuanbaoq 3360033600 wed nov 1800336011 stillloggedinrebootsystemboot4. 18.0-193.28.1.wed nov 1800336010 still runnnion 041 ) rebootsystemboot4. 18.0-193.28.1.tue nov 170:36-08:19 ) 043333339 yanbaoq 336003:0 monnov 160633:000000 93.28.1.monnov 1606336002-0936002 yuanbaoq 3360033600 monnov 160:22-down (003:45 ) yuanbaoqtty2tty2monnov 160336036 ) ) 652 rebootsystemboot4. 18.0-193.el8.xmonnov 160:09-04336008 (00336059 ) yuanbaoq 33600:0 monnov 160:7 193.el8.xmonnov 160:06-0:08 ((00:02 ) ) ) ) ) 65 rebootsystemboot4. 18.6002 0:0 monnov 1600336046-00:46 rebootsystemboot4. 18.0-193.el8.xmonnov 1600336045-00336059 (0336013 ) yuanbaoov nov160003:03 ) )0yanbaoqtty2tty 2sun nov 152:47-00:03 (00:16 ) rebootsystemboot4. 18.0-193.el8.xsunn 152:40-down(00:03 ) rebootsystemboot4. 18.0-193.el8.xsunnov 152336039-23:43 yanbaoqtty2tty2monnov 16009 8.0-193.el8.xmonnov 1607336021-23:331 yanbaoqtty2tty2monnov 1607336018-down (00:01 ) rebootsystemboot 4.18 . beginsmonnov 16073360163360122020 [ root @ localhostyuanb ]

aoqiang]# od /var/log/wtmp 0000000 000002 000000 000000 000000 000176 000000 000000 0000000000020 000000 000000 000000 000000 000000 000000 000000 0000000000040 000000 000000 000000 000000 077176 000000 062562 0675420000060 072157 000000 000000 000000 000000 000000 000000 0000000000100 000000 000000 000000 000000 000000 000000 027064 0340610000120 030056 030455 031471 062456 034154 074056 033070 0331370000140 000064 000000 000000 000000 000000 000000 000000 0000000000160 000000 000000 000000 000000 000000 000000 000000 000000*0000520 000000 000000 066614 057662 101102 000013 000000 0000000000540 000000 000000 000000 000000 000000 000000 000000 000000*0000600 000001 000000 000065 000000 000176 000000 000000 0000000000620 000000 000000 000000 000000 000000 000000 000000 0000000000640 000000 000000 000000 000000 077176 000000 072562 0661560000660 073145 066145 000000 000000 000000 000000 000000 0000000000700 000000 000000 000000 000000 000000 000000 027064 0340610000720 030056 030455 031471 062456 034154 074056 033070 0331370000740 000064 000000 000000 000000 000000 000000 000000 0000000000760 000000 000000 000000 000000 000000 000000 000000 000000*0001320 000000 000000 066754 057662 134236 000000 000000 0000000001340 000000 000000 000000 000000 000000 000000 000000 000000*0001400 000007 000000 013616 000000 072164 031171 000000 0000000001420 000000 000000 000000 000000 000000 000000 000000 0000000001440 000000 000000 000000 000000 000000 000000 072571 067141...... /var/log/secure

包含了所有与系统相关的信息，诸如登录，tcp_wrapper与xinetd服务，系统登录与网络连接的信息，可以用cat命令查看，但是需要权限。

[yuanbaoqiang@localhost ~]$ cat /var/log/secure cat: /var/log/secure: Permission denied[yuanbaoqiang@localhost ~]$ suPassword: [root@localhost yuanbaoqiang]# cat /var/log/secure Nov 16 07:16:23 localhost polkitd[934]: Loading rules from directory /etc/polkit-1/rules.dNov 16 07:16:23 localhost polkitd[934]: Loading rules from directory /usr/share/polkit-1/rules.dNov 16 07:16:24 localhost polkitd[934]: Finished loading, compiling and executing 10 rulesNov 16 07:16:24 localhost polkitd[934]: Acquired the name org.freedesktop.PolicyKit1 on the system busNov 16 07:16:31 localhost sshd[1173]: Server listening on 0.0.0.0 port 22.Nov 16 07:16:31 localhost sshd[1173]: Server listening on :: port 22.Nov 16 07:17:48 localhost systemd[5683]: pam_unix(systemd-user:session): session opened for user gdm by (uid=0)Nov 16 07:17:48 localhost gdm-launch-environment][5677]: pam_unix(gdm-launch-environment:session): session opened for user gdm by (uid=0)Nov 16 07:17:55 localhost polkitd[934]: Registered Authentication Agent for unix-session:c1 (system bus name :1.80 [/usr/内向的耳机/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)Nov 16 07:18:10 localhost systemd[5994]: pam_unix(systemd-user:session): session opened for user yuanbaoqiang by (uid=0)Nov 16 07:18:11 localhost gdm-password][5984]: pam_unix(gdm-password:session): session opened for user yuanbaoqiang by (uid=0)Nov 16 07:18:20 localhost polkitd[934]: Registered Authentication Agent for unix-session:2 (system bus name :1.246 [/usr/内向的耳机/gnome-shell], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)Nov 16 07:21:12 localhost polkitd[964]: Loading rules from directory /etc/polkit-1/rules.dNov 16 07:21:12 localhost polkitd[964]: Loading rules from directory /usr/share/polkit-1/rules.dNov 16 07:21:12 localhost polkitd[964]: Finished loading, compiling and executing 10 rulesNov 16 07:21:12 localhost polkitd[964]: Acquired the name org.freedesktop.PolicyKit1 on the system busNov 16 07:21:13 localhost sshd[1125]: Server listening on 0.0.0.0 port 22.Nov 16 07:21:13 localhost sshd[1125]: Server listening on :: port 22.... /var/log/messages

系统报错日志，记录着大部分系统服务的输出，很常用。可以用cat查看完整信息，也可以用tail -f /var/log/messages查看文件的结尾信息。

[root@localhost yuanbaoqiang]# tail -f /var/log/messagesNov 18 00:42:06 localhost NetworkManager[1114]: <info> [1605678126.4816] dhcp4 (ens33): state changed bound -> extendedNov 18 00:42:06 localhost dbus-daemon[961]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.16' (uid=0 pid=1114 comm="/usr/s内向的耳机/NetworkManager --no-daemon " label="system_u:system_r:NetworkManager_t:s0")Nov 18 00:42:06 localhost systemd[1]: Starting Network Manager Script Dispatcher Service...Nov 18 00:42:06 localhost dbus-daemon[961]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'Nov 18 00:42:06 localhost systemd[1]: Started Network Manager Script Dispatcher Service.Nov 18 00:42:08 localhost dbus-daemon[961]: [system] Activating via systemd: service name='net.reactivated.Fprint' unit='fprintd.service' requested by ':1.438' (uid=0 pid=3931 comm="su " label="unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023")Nov 18 00:42:08 localhost systemd[1]: Starting Fingerprint Authentication Daemon...Nov 18 00:42:08 localhost dbus-daemon[961]: [system] Successfully activated service 'net.reactivated.Fprint'Nov 18 00:42:08 localhost systemd[1]: Started Fingerprint Authentication Daemon.Nov 18 00:42:14 localhost su[3931]: (to root) yuanbaoqiang on pts/0 /var/log/maillog

包含所有由sendmail、postfix送出的信息和报错邮件系统日志，用cat查看即可。