课程第30次
RHEL7的日志系统:1. 内核空间: rsyslog: dmesg
[ 0.000000] Initializing cgroup subsys cpuset
[ 0.000000] Initializing cgroup subsys cpu
[ 0.000000] Initializing cgroup subsys cpuacct
[ 0.000000] Linux version 3.10.0-957.el7.x86_64 (mockbuild@x86-040.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Thu Oct 4 20:48:51 UTC 2018
[ 0.000000] Command line: BOOT_IMAGE=/vmlinuz-3.10.0-957.el7.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto rd.lvm.lv=rhel/root rhgb quiet LANG=en_US.UTF-8
[ 0.000000] Disabled fast string operations
[ 0.000000] e820: BIOS-provided physical RAM map:
[ 0.000000] BIOS-e820: usable
[ 0.000000] BIOS-e820: reserved
[ 0.000000] BIOS-e820: reserved
[ 0.000000] BIOS-e820: usable
[ 0.000000] BIOS-e820: ACPI data
[ 0.000000] BIOS-e820: ACPI NVS
[ 0.000000] BIOS-e820: usable
[ 0.000000] BIOS-e820: reserved
[ 0.000000] BIOS-e820: reserved
[ 0.000000] BIOS-e820: reserved
[ 0.000000] BIOS-e820: reserved
[ 0.000000] NX (Execute Disable) protection: active
.........
[ 2814.813636] Bluetooth: HCI socket layer initialized
[ 2814.813639] Bluetooth: L2CAP socket layer initialized
[ 2814.813645] Bluetooth: SCO socket layer initialized
[ 2814.963577] usbcore: registered new interface driver btusb
[ 2815.058926] floppy0: no floppy controllers found
[ 2815.058972] work still pending
[ 2815.193442] Adding 1048572k swap on /dev/sda3.Priority:-2 extents:1 across:1048572k FS
[ 2815.326492] XFS (sda1): Mounting V5 Filesystem
[ 2817.119330] input: PC Speaker as /devices/platform/pcspkr/input/input5
[ 2818.672354] cryptd: max_cpu_qlen set to 1000
[ 2818.920578] AVX2 version of gcm_enc/dec engaged.
[ 2818.920581] AES CTR mode by8 optimization enabled
[ 2819.081173] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[ 2819.090512] alg: No test for __generic-gcm-aes-aesni (__driver-generic-gcm-aes-aesni)
[ 2820.877304] ppdev: user-space parallel port driver
[ 2821.466812] XFS (sda1): Ending clean mount
[ 2823.770634] type=1305 audit(1561030575.544:4): audit_pid=7209 old=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:auditd_t:s0 res=1
[ 2823.808296] RPC: Registered named UNIX socket transport module.
[ 2823.808299] RPC: Registered udp transport module.
[ 2823.808301] RPC: Registered tcp transport module.
[ 2823.808302] RPC: Registered tcp NFSv4.1 backchannel transport module.
2. 用户空间(Welcome to Redhat Enterprise Linux):
rsyslog: boot.log
Welcome to ^[[0;31mRed Hat Enterprise Linux Server 7.6 (Maipo)^[[0m!
[^[ Stopped Switch Root.
[^[ Stopped Journal Service.
Starting Journal Service...
[^[ Created slice User and Session Slice.
[^[ Created slice system-selinux\x2dpolicy\x2dmigrate\x2dlocal\x2dchanges.slice.
[^[ Listening on LVM2 poll daemon socket.
Mounting POSIX Message Queue File System...
[^[ dev-virtio\x2dports-com.redhat.spice.0.device is not active.
[^[ Dependency failed for Activation socket for spice guest agent daemon.
Starting Read and set NIS domainname from /etc/sysconfig/network...
[^[ Listening on Device-mapper event daemon FIFOs.
[^[ Created slice system-getty.slice.
[^[ Listening on LVM2 metadata daemon socket.
Mounting Debug File System...
[^[ Listening on /dev/initctl Compatibility Named Pipe.
[^[ Reached target RPC Port Mapper.
[^[ Listening on udev Control Socket.
[^[ Listening on Delayed Shutdown Socket.
[^[ Stopped File System Check on Root Device.
Starting Remount Root and Kernel File Systems...
.........
[^[ A start job is running for Network Manager Wait Online (31s / no limit)^M^[ A start job is running for Network Manager Wait Online (31s / no limit)^M^[ A start job is running for Network Manager Wait Online (32s / no limit)^M^[ A start job is running for Network Manager Wait Online (32s / no limit)^M^[ Started Network Manager Wait Online.
Starting LSB: Bring up/down networking...
[ ^[ A start job is running for LSB: Bring up/down networking (38s / 5min 33s)^M^[ Started LSB: Bring up/down networking.
[^[ Reached target Network.
Starting Logout off all iSCSI sessions on shutdown...
Starting Dynamic System Tuning Daemon...
Starting Enable periodic update of entitlement certificates....
Starting Postfix Mail Transport Agent...
Starting OpenSSH server daemon...
[^[ Started CUPS Printing Service.
[^[ Reached target Network is Online.
Starting System Logging Service...
Starting Notify NFS peers of a restart...
[^[ Started Logout off all iSCSI sessions on shutdown.
[^[ Reached target Remote File Systems (Pre).
[^[ Reached target Remote File Systems.
Starting Crash recovery kernel arming...
Starting Permit User Sessions...
Starting LSB: Starts the Spacewalk Daemon...
Starting Virtualization daemon...
Starting Availability of block devices...
[^[ Started System Logging Service.
[^[ Started OpenSSH server daemon.
[^[ Started Enable periodic update of entitlement certificates..
[^[ Started Notify NFS peers of a restart.
[^[ Started Availability of block devices.
[^[ Started LSB: Starts the Spacewalk Daemon.
[^[ Started Permit User Sessions.
Starting GNOME Display Manager...
[^[ Started Job spooling tools.
[^[ Started Command Scheduler.
[^[ Started GNOME Display Manager.
[^[ Started Virtualization daemon.
3. 用户空间(login提示符之后):
rsyslog: messages:
Jun 15 05:16:17 station4 journal: Runtime journal is using 8.0M (max allowed 90.9M, trying to leave 136.4M free of 901.7M available → current limit 90.9M).
Jun 15 05:16:17 station4 kernel: Initializing cgroup subsys cpuset
Jun 15 05:16:17 station4 kernel: Initializing cgroup subsys cpu
Jun 15 05:16:17 station4 kernel: Initializing cgroup subsys cpuacct
Jun 15 05:16:17 station4 kernel: Linux version 3.10.0-957.el7.x86_64 (mockbuild@x86-040.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) ) #1 SMP Thu Oct 4 20:48:51 UTC 2018
Jun 15 05:16:17 station4 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-957.el7.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto rd.lvm.lv=rhel/root rhgb quiet LANG=en_US.UTF-8
Jun 15 05:16:17 station4 kernel: Disabled fast string operations
Jun 15 05:16:17 station4 kernel: e820: BIOS-provided physical RAM map:
Jun 15 05:16:17 station4 kernel: BIOS-e820: usable
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: BIOS-e820: usable
Jun 15 05:16:17 station4 kernel: BIOS-e820: ACPI data
Jun 15 05:16:17 station4 kernel: BIOS-e820: ACPI NVS
Jun 15 05:16:17 station4 kernel: BIOS-e820: usable
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: BIOS-e820: reserved
Jun 15 05:16:17 station4 kernel: NX (Execute Disable) protection: active
Jun 15 05:16:17 station4 kernel: SMBIOS 2.7 present.
Jun 15 05:16:17 station4 kernel: DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
Jun 15 05:16:17 station4 kernel: Hypervisor detected: VMware
Jun 15 05:16:17 station4 kernel: vmware: TSC freq read from hypervisor : 3095.997 MHz
Jun 15 05:16:17 station4 kernel: vmware: Host bus clock speed read from hypervisor : 66000000 Hz
Jun 15 05:16:17 station4 kernel: vmware: using sched offset of 8622222557 ns
Jun 15 05:16:17 station4 kernel: e820: last_pfn = 0x80000 max_arch_pfn = 0x400000000
Jun 15 05:16:17 station4 kernel: PAT configuration : WBWCUC- UCWBWPUC- UC
Jun 15 05:16:17 station4 kernel: total RAM covered: 3072M
.........
JECT' failed: iptables: No chain/target/match by that name.
Jun 20 20:28:22 station4 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 20 20:28:22 station4 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 53 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 20 20:28:22 station4 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT --out-interface virbr0 --protocol udp --destination-port 68 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 20 20:28:22 station4 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol udp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 20 20:28:22 station4 firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0 --protocol tcp --destination-port 67 --jump ACCEPT' failed: iptables: Bad rule (does a matching rule exist in that chain?).
Jun 20 20:28:56 station4 dbus: Activating service name='com.redhat.SubscriptionManager' (using servicehelper)
Jun 20 20:28:57 station4 dbus: Successfully activated service 'com.redhat.SubscriptionManager'
Jun 20 20:30:01 station4 systemd: Started Session 4 of user root.
Jun 20 20:32:38 station4 journal: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed
Jun 20 20:32:38 station4 journal: JS WARNING: : reference to undefined property "_delegate"
Jun 20 20:32:41 station4 dnsmasq: reading /etc/resolv.conf
Jun 20 20:32:41 station4 dnsmasq: using nameserver 192.168.0.1#53
Jun 20 20:32:45 station4 systemd-logind: New session 5 of user root.
Jun 20 20:32:45 station4 systemd: Started Session 5 of user root.
Jun 20 20:32:46 station4 dbus: Activating service name='org.freedesktop.problems' (using servicehelper)
Jun 20 20:32:46 station4 dbus: Successfully activated service 'org.freedesktop.problems'
Jun 20 20:37:16 station4 chronyd: Selected source 54.39.23.64
Jun 20 20:37:16 station4 chronyd: System clock wrong by 2.716212 seconds, adjustment started
Jun 20 20:37:16 station4 systemd: Time has been changed
Jun 20 20:37:16 station4 chronyd: System clock was stepped by 2.716212 seconds
Jun 20 20:40:01 station4 systemd: Started Session 6 of user root.
4. jourctl:
-- Logs begin at Thu 2019-06-20 18:49:13 CST, end at Thu 2019-06-20 20:48:34 CST. --
Jun 20 18:49:13 localhost.localdomain systemd-journal: Runtime journal is using 8.0M (max allowed 90.9M, trying to leave 136.4M free of 901.7M available
Jun 20 18:49:13 localhost.localdomain kernel: Initializing cgroup subsys cpuset
Jun 20 18:49:13 localhost.localdomain kernel: Initializing cgroup subsys cpu
Jun 20 18:49:13 localhost.localdomain kernel: Initializing cgroup subsys cpuacct
Jun 20 18:49:13 localhost.localdomain kernel: Linux version 3.10.0-957.el7.x86_64 (mockbuild@x86-040.build.eng.bos.redhat.com) (gcc version 4.8.5 20150623 (R
Jun 20 18:49:13 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-957.el7.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto rd.lvm.l
Jun 20 18:49:13 localhost.localdomain kernel: Disabled fast string operations
Jun 20 18:49:13 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: usable
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: usable
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: ACPI data
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: ACPI NVS
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: usable
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: BIOS-e820: reserved
Jun 20 18:49:13 localhost.localdomain kernel: NX (Execute Disable) protection: active
Jun 20 18:49:13 localhost.localdomain kernel: SMBIOS 2.7 present.
Jun 20 18:49:13 localhost.localdomain kernel: DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2015
Jun 20 18:49:13 localhost.localdomain kernel: Hypervisor detected: VMware
......
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table nat --delete POSTROUTING --source 192.168.1
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table nat --delete POSTROUTING --source 192.168.1
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table nat --delete POSTROUTING --source 192.168.1
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table nat --delete POSTROUTING --source 192.168.1
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --destination 192.1
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --source 192.168.12
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virb
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --out-interface vir
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete FORWARD --in-interface virb
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete OUTPUT --out-interface virb
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0
Jun 20 20:28:22 station4.example.com firewalld: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w2 -w --table filter --delete INPUT --in-interface virbr0
Jun 20 20:28:56 station4.example.com dbus: Activating service name='com.redhat.SubscriptionManager' (using servicehelper)
Jun 20 20:28:57 station4.example.com dbus: Successfully activated service 'com.redhat.SubscriptionManager'
Jun 20 20:30:01 station4.example.com systemd: Started Session 4 of user root.
Jun 20 20:30:01 station4.example.com CROND: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jun 20 20:32:38 station4.example.com nautilus-deskto: g_simple_action_set_enabled: assertion 'G_IS_SIMPLE_ACTION (simple)' failed
Jun 20 20:32:38 station4.example.com gnome-shell: JS WARNING: : reference to undefined property "_dele
Jun 20 20:32:41 station4.example.com dnsmasq: reading /etc/resolv.conf
Jun 20 20:32:41 station4.example.com dnsmasq: using nameserver 192.168.0.1#53
Jun 20 20:32:45 station4.example.com sshd: Accepted password for root from 192.168.0.165 port 60219 ssh2
Jun 20 20:32:45 station4.example.com systemd-logind: New session 5 of user root.
Jun 20 20:32:45 station4.example.com systemd: Started Session 5 of user root.
Jun 20 20:32:45 station4.example.com sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
Jun 20 20:32:46 station4.example.com dbus: Activating service name='org.freedesktop.problems' (using servicehelper)
Jun 20 20:32:46 station4.example.com dbus: Successfully activated service 'org.freedesktop.problems'
Jun 20 20:37:14 station4.example.com chronyd: Selected source 54.39.23.64
Jun 20 20:37:14 station4.example.com chronyd: System clock wrong by 2.716212 seconds, adjustment started
Jun 20 20:37:16 station4.example.com systemd: Time has been changed
Jun 20 20:37:16 station4.example.com chronyd: System clock was stepped by 2.716212 seconds
Jun 20 20:40:01 station4.example.com systemd: Started Session 6 of user root.
Jun 20 20:40:02 station4.example.com CROND: (root) CMD (/usr/lib64/sa/sa1 1 1)
Jun 20 20:48:34 station4.example.com sshd: pam_unix(sshd:session): session closed for user root
Jun 20 20:48:34 station4.example.com systemd-logind: Removed session 1.
Jun 20 20:50:01 station4.example.com systemd: Started Session 7 of user root.
Jun 20 20:50:01 station4.example.com CROND: (root) CMD (/usr/lib64/sa/sa1 1 1)
页:
[1]