Difference between revisions of "CLI - Log"

m
 
(40 intermediate revisions by 2 users not shown)
Line 1: Line 1:
서비스와 시스템의 로그는 일반 CLI에서 <code>show log</code>, <code>show rtlog</code> 명령어로 확인합니다.
+
=== Log ===
 +
You can see various logs that are located in each device using the <code>show log</code> command.
 +
<pre>
 +
LYSH@MyHostName# show log {name} [-h] [-n NUMBER] [-w] [keyword]
 +
optional arguments:
 +
  -h, --help                      show this help message and exit
 +
  -n [NUMBER], --number [NUMBER]  enter 0 to show all logs, and enter a value greater than 0 to show as much as the value entered
 +
  -w, --watch                    show the log or setup status in real time
 +
</pre>
 +
The below table shows you all kinds of logs. Some logs are generated in real-time during the runtime of a specific service, which is called "[[CLI_-_Services(daemons)#Runtime_Log | Runtime log]]".
 +
 
 +
If the [[CLI_-_Services(daemons)#Runtime_Log | Runtime log]] of a specific service is disabled, logs are not generated.
 +
Therefore, you should verify the status of the Runtime log by the <code>show service</code> command. If disabled, you need to [[CLI_-_Services(daemons)#Runtime_Log | enable]] it.
 +
 
 +
{| class="wikitable"
 +
! style='width:150px' | log name !! log description
 +
|-
 +
| apache2 || It is the apache2 access log.
 +
|-
 +
| dhcpv4 ||  It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | dhcpv4]] service.
 +
|-
 +
| dhcpv6 || It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | dhcpv6]] service.
 +
|-
 +
| failover || It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | failover]] service.
 +
|-
 +
| logexp || It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | logexp]] service.
 +
|-
 +
| lsyslog || It is the Syslog generated from the imRAD services.
 +
|-
 +
| mysqlerror || It is the MySQL error log.
 +
|-
 +
| mysqlslow || It is the MySQL slow log.
 +
|-
 +
| radius || It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | radiusd]] service.
 +
|-
 +
| smgr|| It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | smgr]] service.
 +
|-
 +
| startup|| It is the logs that were generated in real-time during the runtime of the [[ImRAD services(daemons) | startup]] service.
 +
|-
 +
| syslog|| It is the Syslog.
 +
|-
 +
| ufw || It is logs of all blocked packets not matching the defined [[CLI - ufw | ufw]] policy.
 +
|-
 +
| update|| It is the System update log.
 +
|-
 +
|}
 +
 
 +
==== Displaying logs ====
 +
<pre>
 +
LYSH@MyHostName# show log apache2 // Display all apache2 logs
 +
LYSH@MyHostName# show log radius // Display all radius logs
 +
</pre>
 +
 
 +
==== Displaying last n logs ====
 +
<pre>
 +
LYSH@MyHostName# show log apache2 -n 10 // Display only the last 10 apache2 logs
 +
LYSH@MyHostName# show log radius -n 10 // Display only the last 10 radius logs
 +
</pre>
 +
 
 +
==== Displaying last n logs with keyword ====
 +
<pre>
 +
LYSH@MyHostName# show log apache2 -n 10 request // Display only the last 10 apache2 logs filtered by "request"
 +
LYSH@MyHostName# show log radius -n 10 accept // Display only the last 10 radius logs filtered by "request"
 +
</pre>
 +
 
 +
==== Displaying logs in real-time ====
 +
<pre>
 +
LYSH@MyHostName# show log apache2 -w // Display the apache2 logs in real-time
 +
LYSH@MyHostName# show log radius -w // Display the radius logs in real-time
 +
</pre>
 +
 
 +
==== Displaying logs in real-time with keyword ====
 +
<pre>
 +
LYSH@MyHostName# show log apache2 -w request // Display the apache2 logs filtered by "request" in real-time
 +
LYSH@MyHostName# show log radius -w accept // Display the radius logs filtered by "accept" in real-time
 +
</pre>
 +
 
 +
==== keyword with logical operator ====
 +
The <code>&</code> is the logical "AND" operator and the <code>|</code> is the logical "OR" operator.
 +
<pre>
 +
LYSH@MyHostName# show log "request&reply" // Display the apache2 logs having both "request" and "reply"
 +
LYSH@MyHostName# show log "request|reply" // Display the apache2 logs having either "request" or "reply"
 +
</pre>
 +
 
 +
{{note|Note that you'd better put a keyword in quotation marks.}}
  
 +
==== log files ====
 +
To list all log files, enter the <code>show log files</code> command in the user mode. If you want to delete some log files to increase disk space, use the <code>[[CLI_-_System#storage|system storage cleanup]]</code> command.
 
<pre>
 
<pre>
LYSH@MyHostName# show log -h
+
LYSH@MyHostName# show log files
usage: show log [-h] {apache2,lsyslog,mysqlerror,mysqlslow,radius,syslog,update} ...
+
355M    2021-05-13 17:20        LOG
 +
....
 +
3.0M    2021-05-13 17:20        LOG/apache2/access.log
 +
1.7M    2021-05-12 23:59        LOG/apache2/access.log.1
 +
68K    2021-05-11 18:36        LOG/apache2/access.log.2.gz
 +
....
 +
1.1M    2021-05-11 16:23        LOG/imrad/ly_dhcpv4.log
 +
7.3M    2021-05-13 17:20        LOG/imrad/ly_dhcpv6.log
 +
2.3M    2021-05-13 17:20        LOG/imrad/ly_logexp.log
 +
4.2M    2021-05-13 17:18        LOG/imrad/ly_smgr.log
 +
1.4M    2021-05-13 17:20        LOG/imrad/ly_startup.log
 +
</pre>
  
positional arguments:
+
===== Reading logs from a file =====
    apache2                            Show apache2 log
+
After list up all log files, you can read logs from a specific file using <code>show log -o {filename}</code> command.
    lsyslog                            Show product syslog log
+
<pre>
    mysqlerror                          Show mysql error log
+
LYSH@MyHostName# show log -o LOG/imrad/access.log.2.gz
    mysqlslow                          Show mysql slow query log
+
192.168.0.11 - - [11/May/2021:18:36:50 +0900] "GET /header/postsys HTT..
    radius                              Show radius log
+
192.168.0.23 - - [11/May/2021:16:11:50 +0900] "POST /rad/account HTTP/1.1" 200  ...
    syslog                              Show syslog log
+
192.168.0.23 - - [11/May/2021:18:35:50 +0900] "GET /header/postsys HTTP/1.1...
    update                              Show update log
+
192.168.0.11 - - [11/May/2021:18:35:50 +0900] "GET /header/post HTTP/1....
  
optional arguments:
+
LYSH@MyHostName# show log -o LOG/imrad/access.log.2.gz -f post
  -h, --help                            show this help message and exit
+
192.168.0.23 - - [11/May/2021:16:11:50 +0900] "POST /rad/account HTTP/1.1" 200  ...
 +
</pre>
 +
 
 +
==== Configuration ====
 +
 
 +
===== loghost =====
 +
It is the configuration for Syslog to log remotely. We term such remote log server "loghost".If there is the same "loghost", it overwrites to the new one.
 +
 
 +
<pre>
 +
LYSH@MyHostName# configure
 +
LYSH@MyHostName(config)# loghost add -h
 +
usage: loghost add [-h] <A.B.C.D|WORD> [<[1-65535]>] [<[WORD]>]
 
</pre>
 
</pre>
 +
 +
To send all logs to the remote server whose address is 192.168.0.100 and port is the default Syslog port(514).
 
<pre>
 
<pre>
LYSH@MyHostName# show rtlog -h
+
LYSH@MyHostName(config)# loghost add 192.168.0.100
usage: show rtlog [-h] {dhcpv4,dhcpv6,failover,logexp,smgr,startup} ...
+
</pre>
  
positional arguments:
+
To send all logs to the remote server whose address is 192.168.0.100 and port is 1000.
    dhcpv4                              Show rtlog dhcpv4
+
<pre>
    dhcpv6                              Show rtlog dhcpv6
+
LYSH@MyHostName(config)# loghost add 192.168.0.100 1000
    failover                            Show rtlog failover
+
</pre>
    logexp                              Show rtlog logexp
 
    smgr                                Show rtlog smgr
 
    startup                            Show rtlog startup
 
  
optional arguments:
+
To send logs whose level is greater than or equal to "notice" to the remote server whose address is 192.168.0.100 and port is 1000.
  -h, --help                            show this help message and exit
+
<pre>
 +
LYSH@MyHostName(config)# loghost add 192.168.0.100 1000 notice
 
</pre>
 
</pre>
  
=== Basic Commands ===
+
To verify loghost, enter the <code>show loghost</code> in the user mode.
* <code>LYSH@MyHostName# show log {name1}</code> 해당 로그가 출력 됩니다. 또한 화면 스크롤이 많은 경우 more 처리 됩니다.
 
<code>{name1}</code>는 apache2, lsyslog, mysqlerror, mysqlslow, radius, syslog, update를 사용할 수 있습니다.
 
* <code>LYSH@MyHostName# show rtlog {name2}</code> 해당 로그가 출력 됩니다. 또한 화면 스크롤이 많은 경우 more 처리 됩니다.
 
<code>{name2}</code>는 dhcpv4, dhcpv6, failover, logexp, smgr, startup을 사용할 수 있습니다.
 
=== After Commands ===
 
추가 옵션을 통해 실시간으로 확인할 수 있는 <code>--watch</code>옵션, 로그 출력 갯수<code>--number</code>, 특정 단어<code>[keyword]</code>를 지정할 수 있습니다. 특정 키워드로 검색할 경우 <code>|</code>, <code>&</code>를 통해서 여러가지 키워드를 and, or로 검색할 수 있습니다.
 
 
<pre>
 
<pre>
usage: show log / rtlog {service name} [-h] [-n NUMBER] [-w] [keyword]
+
LYSH@MyHostName# show loghost
 +
*.notice @192.168.0.100:1000
 +
</pre>
  
positional arguments:
+
===== rotate =====
  [keyword]                      keyword to display
+
It configures the logroate<ref>https://linux.die.net/man/8/logrotate</ref> that allows automatic rotation, compression, and removal of log files.<br>
 +
You can configure it by entering <code>log roate {size} {roate}</code> command in the configuration mode. In this command, it needs two arguments that are
 +
* size: With this, the log file is rotated when the specified size is reached. Size may be specified in bytes, kilobytes (sizeK), megabytes (sizeM), or gigabytes (sizeG)
 +
* rotate: This specifies the number of times to rotate a file before it is deleted. For example, A count of 5 means five copies are retained.<ref>http://linuxnextgen.blogspot.com/2011/04/logrotate-in-linux.html</ref>
  
optional arguments:
+
To verify current configuration, enter the <code>show system rotate</code> command in the user mode.
  -h, --help                      show this help message and exit
+
<pre>
  -n [NUMBER], --number [NUMBER]  all(0) or ther count (0 < n) of most recent syslog
+
LYSH@MyHostName# configure
  -w, --watch                    realtime watch
+
LYSH@MyHostName(config)# log roate 1G 3
 +
LYSH@MyHostName(config)# exit
 +
LYSH@MyHostName# show system rotate
 +
log rotate                    : size:1G rotate:3
 
</pre>
 
</pre>
* <code>LYSH@MyHostName# show log apache2 -w</code> apache2의 log가 tail -f 모드로 log를 출력합니다.
 
* <code>LYSH@MyHostName# show log lsyslog [something]</code> lsyslog의 log에서 [something]을 포함한 라인을 출력합니다.
 
* <code>LYSH@MyHostName# show log mysqlerror "some|thing"</code> mysqlerror의 log에서 some 또는 thing을 포함한 라인을 log를 출력합니다.
 
* <code>LYSH@MyHostName# show rtlog dhcpv4 "some&thing"</code> mysqlslow의 log에서 some과 thing을 포함한 라인을 출력합니다.
 
* <code>LYSH@MyHostName# show rtlog failover "some&thing|someting" -n 2</code> radius의 log에서 some과 thing을 포함하거나 something을 포함한 라인을 2개만 출력합니다.
 
  
2개 이상의 키워드를 검색할 경우 반드시 쌍따움표<code>"keyword"</code>를 포함하여 입력해야합니다.
+
===== sort =====
 +
You can specify the order of logs display. This configuration affects when if you execute the <code>show log</code> command without -w option. you can verify current setting by executing <code>show system logsort</code>. If the sort is "desc," it shows logs in descending order. If the sort is "asc", it shows logs in ascending order.
 +
LYSH@MyHostName# show system logsort
 +
logsort                      : desc // logs are shown in descending order.
 +
 
 +
You can change the order in the configuration mode.
 +
LYSH@MyHostName# configure
 +
LYSH@MyHostName(config)# log sort asc
 +
LYSH@MyHostName(config)# exit
 +
LYSH@MyHostName# show system logsort
 +
logsort                      : asc // logs are shown in descending order.

Latest revision as of 10:49, 28 January 2022

Log

You can see various logs that are located in each device using the show log command.

LYSH@MyHostName# show log {name} [-h] [-n NUMBER] [-w] [keyword]
optional arguments:
  -h, --help                      show this help message and exit
  -n [NUMBER], --number [NUMBER]  enter 0 to show all logs, and enter a value greater than 0 to show as much as the value entered
  -w, --watch                     show the log or setup status in real time

The below table shows you all kinds of logs. Some logs are generated in real-time during the runtime of a specific service, which is called " Runtime log".

If the Runtime log of a specific service is disabled, logs are not generated. Therefore, you should verify the status of the Runtime log by the show service command. If disabled, you need to enable it.

log name log description
apache2 It is the apache2 access log.
dhcpv4 It is the logs that were generated in real-time during the runtime of the dhcpv4 service.
dhcpv6 It is the logs that were generated in real-time during the runtime of the dhcpv6 service.
failover It is the logs that were generated in real-time during the runtime of the failover service.
logexp It is the logs that were generated in real-time during the runtime of the logexp service.
lsyslog It is the Syslog generated from the imRAD services.
mysqlerror It is the MySQL error log.
mysqlslow It is the MySQL slow log.
radius It is the logs that were generated in real-time during the runtime of the radiusd service.
smgr It is the logs that were generated in real-time during the runtime of the smgr service.
startup It is the logs that were generated in real-time during the runtime of the startup service.
syslog It is the Syslog.
ufw It is logs of all blocked packets not matching the defined ufw policy.
update It is the System update log.

Displaying logs

LYSH@MyHostName# show log apache2		// Display all apache2 logs
LYSH@MyHostName# show log radius		// Display all radius logs

Displaying last n logs

LYSH@MyHostName# show log apache2 -n 10		// Display only the last 10 apache2 logs
LYSH@MyHostName# show log radius -n 10		// Display only the last 10 radius logs

Displaying last n logs with keyword

LYSH@MyHostName# show log apache2 -n 10	request	// Display only the last 10 apache2 logs filtered by "request" 
LYSH@MyHostName# show log radius -n 10	accept	// Display only the last 10 radius logs filtered by "request" 

Displaying logs in real-time

LYSH@MyHostName# show log apache2 -w		// Display the apache2 logs in real-time
LYSH@MyHostName# show log radius -w		// Display the radius logs in real-time

Displaying logs in real-time with keyword

LYSH@MyHostName# show log apache2 -w request	// Display the apache2 logs filtered by "request" in real-time
LYSH@MyHostName# show log radius -w accept	// Display the radius logs filtered by "accept" in real-time

keyword with logical operator

The & is the logical "AND" operator and the | is the logical "OR" operator.

LYSH@MyHostName# show log "request&reply"		// Display the apache2 logs having both "request" and "reply"
LYSH@MyHostName# show log "request|reply"		// Display the apache2 logs having either "request" or "reply"

Note that you'd better put a keyword in quotation marks.

log files

To list all log files, enter the show log files command in the user mode. If you want to delete some log files to increase disk space, use the system storage cleanup command.

LYSH@MyHostName# show log files
355M    2021-05-13 17:20        LOG
....
3.0M    2021-05-13 17:20        LOG/apache2/access.log
1.7M    2021-05-12 23:59        LOG/apache2/access.log.1
68K     2021-05-11 18:36        LOG/apache2/access.log.2.gz
....
1.1M    2021-05-11 16:23        LOG/imrad/ly_dhcpv4.log
7.3M    2021-05-13 17:20        LOG/imrad/ly_dhcpv6.log
2.3M    2021-05-13 17:20        LOG/imrad/ly_logexp.log
4.2M    2021-05-13 17:18        LOG/imrad/ly_smgr.log
1.4M    2021-05-13 17:20        LOG/imrad/ly_startup.log
Reading logs from a file

After list up all log files, you can read logs from a specific file using show log -o {filename} command.

LYSH@MyHostName# show log -o LOG/imrad/access.log.2.gz
192.168.0.11 - - [11/May/2021:18:36:50 +0900] "GET /header/postsys HTT..
192.168.0.23 - - [11/May/2021:16:11:50 +0900] "POST /rad/account HTTP/1.1" 200  ...
192.168.0.23 - - [11/May/2021:18:35:50 +0900] "GET /header/postsys HTTP/1.1...
192.168.0.11 - - [11/May/2021:18:35:50 +0900] "GET /header/post HTTP/1....

LYSH@MyHostName# show log -o LOG/imrad/access.log.2.gz -f post
192.168.0.23 - - [11/May/2021:16:11:50 +0900] "POST /rad/account HTTP/1.1" 200  ...

Configuration

loghost

It is the configuration for Syslog to log remotely. We term such remote log server "loghost".If there is the same "loghost", it overwrites to the new one.

LYSH@MyHostName# configure
LYSH@MyHostName(config)# loghost add -h
usage: loghost add [-h] <A.B.C.D|WORD> [<[1-65535]>] [<[WORD]>]

To send all logs to the remote server whose address is 192.168.0.100 and port is the default Syslog port(514).

LYSH@MyHostName(config)# loghost add 192.168.0.100

To send all logs to the remote server whose address is 192.168.0.100 and port is 1000.

LYSH@MyHostName(config)# loghost add 192.168.0.100 1000	

To send logs whose level is greater than or equal to "notice" to the remote server whose address is 192.168.0.100 and port is 1000.

LYSH@MyHostName(config)# loghost add 192.168.0.100 1000 notice

To verify loghost, enter the show loghost in the user mode.

LYSH@MyHostName# show loghost
*.notice @192.168.0.100:1000
rotate

It configures the logroate[1] that allows automatic rotation, compression, and removal of log files.
You can configure it by entering log roate {size} {roate} command in the configuration mode. In this command, it needs two arguments that are

  • size: With this, the log file is rotated when the specified size is reached. Size may be specified in bytes, kilobytes (sizeK), megabytes (sizeM), or gigabytes (sizeG)
  • rotate: This specifies the number of times to rotate a file before it is deleted. For example, A count of 5 means five copies are retained.[2]

To verify current configuration, enter the show system rotate command in the user mode.

LYSH@MyHostName# configure
LYSH@MyHostName(config)# log roate 1G 3
LYSH@MyHostName(config)# exit
LYSH@MyHostName# show system rotate
log rotate                    : size:1G rotate:3
sort

You can specify the order of logs display. This configuration affects when if you execute the show log command without -w option. you can verify current setting by executing show system logsort. If the sort is "desc," it shows logs in descending order. If the sort is "asc", it shows logs in ascending order.

LYSH@MyHostName# show system logsort
logsort                       : desc		// logs are shown in descending order.

You can change the order in the configuration mode.

LYSH@MyHostName# configure
LYSH@MyHostName(config)# log sort asc
LYSH@MyHostName(config)# exit
LYSH@MyHostName# show system logsort
logsort                       : asc		// logs are shown in descending order.