- 论坛徽章:
- 0
|
Configuring syslog Messaging
The inetd daemon uses the syslog command to record incoming network connection requests made by using Transmission Control Protocol (TCP).
The inetd daemon is the network listener process for many network services. The inetd daemon listens for service requests on the TCP and User Datagram Protocol (UDP) ports associated with each of the services listed in the inetd configuration file. When a request arrives, the inetd daemon executes the server program associated with the service. You can modify the behavior of the inetd daemon to log TCP connections by using the syslogd daemon.# inetadm -p
NAME=VALUE
bind_addr=”"
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp
_trace=FALSE
tcp_wrappers=FALSE
Tracing for all services is enabled using the following command:# inetadm -M tcp_trace=TRUE
# inetadm -p
NAME=VALUE
bind_addr=”"
bind_fail_max=-1
bind_fail_interval=-1
max_con_rate=-1
max_copies=-1
con_rate_offline=-1
failrate_cnt=40
failrate_interval=60
inherit_env=TRUE
tcp_trace=TRUE
tcp_wrappers=FALSE
Note: The Internet daemon inetd provides services for many network protocols, including the Telnet and File Transfer Protocol (FTP) protocols.
You can enable the trace option for each inetd-managed service to send messages to the syslogd daemon. Use the inetadm command to modify the settings of the service to enable TCP tracing. When you enable the trace option, it uses the daemon.notice to log the client’s IP address and TCP port number, and the name of the service. To enable tracing TCP connections automatically, each service may have its trace capability enabled separately.
For example, to allow tracing of telnet sessions, the following command is issued:
# inetadm -m telnet tcp_trace=TRUE
# inetadm -l telnet
SCOPE NAME=VALUE
name=”telnet”
endpoint_type=”stream”
proto=”tcp6″
isrpc=FALSE
wait=FALSE
exec=”/usr/sbin/in.telnetd”
user=”root”
default bind_addr=”"
default bind_fail_max=-1
default bind_fail_interval=-1
default max_con_rate=-1
default max_copies=-1
default con_rate_offline=-1
default failrate_cnt=40
default failrate_interval=60
default inherit_env=TRUE
tcp_trace=TRUE
default tcp_wrappers=FALSEgrep inetd /etc/init.d/inetsvc
Note: The change is immediately recognized. There is no requirement to restart any daemon process.
The /etc/syslog.conf file configures the syslogd daemon so that it selectively distributes the messages sent to it from the inetd daemon.
# grep daemon.notice /etc/syslog.conf
*.err;kern.debug;daemon.notice;mail.crit /var/adm/messages
All daemon messages of level notice or higher are sent to the /var/adm/messages file due to the daemon.notice entry in the /etc/syslog.conf file.
Note: The /var/adm/messages file must exist. If it does not exist, create it, and then stop and start the syslogd daemon, or messages will not be written to the file.
You can monitor the designated syslog file, in the /var/adm directory, in real time using the command tail -f. The tail -f command holds the file open so that you can view messages being written to the file by the syslogd daemon.
Viewing Messages In Real Time
To view messages sent to the /var/adm/messages file, perform the command:# tail -f /var/adm/messages
The Explore shows the log entry generated by a
telnet
request to system host1 from IP address 192.9.200.1 on Port 45800. The table lists each field in this figure and its corresponding result.
The syslogd Logged Entry Description
Number
Field
Result
1
Date/time
Jun 14 13:15:39
2
Local host name
host1
3
Process name/PID number
inetd[2359]
4
MsgID number/ selector facility.level
[ID 317013 daemon.notice]
5
Incoming request
telnet
6
PPID number
[2361]
7
IP address
192.9.200.1
8
Port number
45800
To exit the /var/adm/messages file, press Control-C.
Note: Should any unusual activity occur, use scripts to automatically parse the log files, and then send the information to support personnel.
The logger command enables you to send messages to the syslogd daemon. A system administrator can write administrative shell scripts that report the status of backups, or other functions by using the logger command.
The syntax of the logger command is:logger [ -i ] [ -f file ] [ -p priority ] [ -t tag ] [ message ]
where: You can specify the message priority as a facility.level pair. For example, -p local3.info assigns the message priority of the info level in the local3 facility. The default priority is user.notice.
logger Command Options
Option
Description
-i
Logs the process ID of the logger command with each line
-f file
Uses the contents of file as the message to log (file must exist)
-p priority
Enters the message with the specified priority
-t tag
Marks each line added to the log file with the specified tag
message
Concatenates the string arguments of the message in the order specified, separated by single-space characters
Therefore, the following example logs the message System rebooted to the syslogd daemon, using the default priority level notice and the facility user:# logger System rebooted
If the user.notice selector field is configured in the /etc/syslog.conf file, the message is logged to the file designated for the user.notice selector field. If the user.notice selector field is not configured in the /etc/syslog.conf file, you can either add the user.notice selector field to the /etc/syslog.conf file, or you can prioritize the output as follows:# logger -p user.err System rebooted
Changing the priority of the message to user.err routes the message to the /var/adm/messages file as indicated in the /etc/syslog.conf file.
A message priority can also be specified numerically. For example, logger -i -p 2 “crit” creates an entry in the message log that identifies the user.crit-facility.level pair as follows:Nov 3 09:49:34 hostname root[2838]: [ID 702911 user.crit] crit
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u1/36549/showart_469007.html |
|
免费注册
发表于 2008-01-21 20:42