Mụta ihe kpatara obere ji dị ngwa karịa iwu maka igodo faịlụ dị irè

More bụ ahịrị iwu *nix nke ejiri gosipụta ọdịnaya nke faịlụ dị na njikwa. Isi ojiji nke iwu ndị ọzọ bụ ịgba ọsọ iwu megide faịlụ dị ka egosiri n'okpuru:

Mụta iwu Linux 'ọzọ'

# more /var/log/auth.log

Apr 12 11:50:01 tecmint CRON[6932]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 11:50:01 tecmint CRON[6932]: pam_unix(cron:session): session closed for user root
Apr 12 11:55:01 tecmint CRON[7159]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 11:55:01 tecmint CRON[7160]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 11:55:01 tecmint CRON[7160]: pam_unix(cron:session): session closed for user root
Apr 12 11:55:02 tecmint CRON[7159]: pam_unix(cron:session): session closed for user root
Apr 12 12:00:01 tecmint CRON[7290]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:00:01 tecmint CRON[7290]: pam_unix(cron:session): session closed for user root
Apr 12 12:05:01 tecmint CRON[7435]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:05:01 tecmint CRON[7436]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:05:01 tecmint CRON[7436]: pam_unix(cron:session): session closed for user root
Apr 12 12:05:02 tecmint CRON[7435]: pam_unix(cron:session): session closed for user root
Apr 12 12:09:01 tecmint CRON[7542]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:09:01 tecmint CRON[7542]: pam_unix(cron:session): session closed for user root
Apr 12 12:10:01 tecmint CRON[7577]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:10:01 tecmint CRON[7577]: pam_unix(cron:session): session closed for user root
Apr 12 12:15:01 tecmint CRON[7699]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:15:01 tecmint CRON[7700]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 12:15:01 tecmint CRON[7700]: pam_unix(cron:session): session closed for user root
Apr 12 12:15:01 tecmint CRON[7699]: pam_unix(cron:session): session closed for user root
....

Ụzọ ọzọ ị ga-esi jiri ọtụtụ iwu na njikọ (pipe) na iwu ndị ọzọ, dị ka iwu cat, dị ka egosiri na atụ n'okpuru:

# cat /var/log/auth.log | more

Iji banye n'ahịrị faịlụ site na ahịrị pịa igodo Tinye ma ọ bụ pịa igodo Spacebar ka ịnyagharịa otu ibe n'otu oge, ibe ahụ bụ nha ihuenyo njedebe gị ugbu a. Iji pụọ n'iwu ahụ, pịa igodo q.

Nhọrọ bara uru nke iwu ndị ọzọ bụ -nọmba mgba ọkụ nke na-enye gị ohere ịtọ ọnụọgụ ahịrị ibe kwesịrị ịnwe. Dịka ọmụmaatụ, gosipụta faịlụ auth.log dị ka ibe 10 ahịrị:

# more -10 /var/log/auth.log

Ọzọkwa, ịnwere ike igosipụta ibe na-amalite site na nọmba ahịrị akọwapụtara site na iji +nọmba nhọrọ dị ka egosiri n'okpuru:

# more +14 /var/log/auth.log

Apr 12 12:09:01 tecmint CRON[7542]: pam_unix(cron:session): session closed for user root
Apr 12 12:10:01 tecmint CRON[7577]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:10:01 tecmint CRON[7577]: pam_unix(cron:session): session closed for user root
Apr 12 12:15:01 tecmint CRON[7699]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:15:01 tecmint CRON[7700]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:15:01 tecmint CRON[7700]: pam_unix(cron:session): session closed for user root
Apr 12 12:15:01 tecmint CRON[7699]: pam_unix(cron:session): session closed for user root
Apr 12 12:16:01 tecmint mate-screensaver-dialog: gkr-pam: unlocked login keyring
Apr 12 12:17:01 tecmint CRON[7793]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:17:01 tecmint CRON[7793]: pam_unix(cron:session): session closed for user root
Apr 12 12:20:01 tecmint CRON[7905]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:20:01 tecmint CRON[7905]: pam_unix(cron:session): session closed for user root
Apr 12 12:25:01 tecmint CRON[8107]: pam_unix(cron:session): session opened for user root by (
uid=0)
Apr 12 12:25:01 tecmint CRON[8108]: pam_unix(cron:session): session opened for user root by (

Mụta iwu Linux 'obere'

Yiri ihe ndị ọzọ, obere iwu na-enye gị ohere ịlele ọdịnaya nke faịlụ wee gaa na faịlụ. Isi ihe dị iche n'etiti karịa na obere bụ na obere iwu na-adị ngwa ngwa n'ihi na ọ naghị ebu faịlụ ahụ n'otu oge ma na-enye ohere igodo ọ bụ ezie na faịlụ na-eji igodo elu/ala.

Enwere ike iji ya dị ka iwu kwụpụrụ onwe ya nyere megide faịlụ ma ọ bụ jiri ya na ọkpọkọ nwere ọtụtụ iwu Linux iji mee ka mmepụta ihuenyo dị warara na-enye gị ohere ịpịgharịa site na nsonaazụ.

# less /var/log/auth.log
# ls /etc | less

Ị nwere ike ịnyagharịa n'ahịrị faịlụ site na ịpị igodo Tinye. Enwere ike iji igodo spacebar jikwaa ntugharị ibe. A na-anọchi anya nha ibe ahụ site na nha ihuenyo ọnụ ugbu a. Iji pụọ pịnye igodo q iwu, n'otu ụzọ ahụ maka iwu ndị ọzọ.

Akụkụ bara uru nke obere iwu bụ iji nhọrọ /okwu-to-seach. Dịka ọmụmaatụ, ị nwere ike ịchọ ma dakọtara ozi sshd niile sitere na faịlụ log site na ijikọ ọnụ na-akọwapụta eriri /sshd.

Iji gosi faịlụ na-ele anya na nọmba ahịrị, jiri syntax ndị a:

# less +5 /var/log/auth.log

Ọ bụrụ na ịchọrọ ịdekọ ọnụọgụ nke ahịrị ọ bụla nwere obere iwu jiri nhọrọ -N.

# less -N /var/log/daemon.log

      1 Apr 12 11:50:01 tecmint CRON[6932]: pam_unix(cron:session): session opened for user root by (uid=0)
      2 Apr 12 11:50:01 tecmint CRON[6932]: pam_unix(cron:session): session closed for user root
      3 Apr 12 11:55:01 tecmint CRON[7159]: pam_unix(cron:session): session opened for user root by (uid=0)
      4 Apr 12 11:55:01 tecmint CRON[7160]: pam_unix(cron:session): session opened for user root by (uid=0)
      5 Apr 12 11:55:01 tecmint CRON[7160]: pam_unix(cron:session): session closed for user root
      6 Apr 12 11:55:02 tecmint CRON[7159]: pam_unix(cron:session): session closed for user root
      7 Apr 12 12:00:01 tecmint CRON[7290]: pam_unix(cron:session): session opened for user root by (uid=0)
      8 Apr 12 12:00:01 tecmint CRON[7290]: pam_unix(cron:session): session closed for user root
      9 Apr 12 12:05:01 tecmint CRON[7435]: pam_unix(cron:session): session opened for user root by (uid=0)
     10 Apr 12 12:05:01 tecmint CRON[7436]: pam_unix(cron:session): session opened for user root by (uid=0)
     11 Apr 12 12:05:01 tecmint CRON[7436]: pam_unix(cron:session): session closed for user root

Site na ndabara naanị otu ụzọ ị ga-esi pụọ obere iwu bụ ịpị igodo q. Iji gbanwee omume a wee pụọ na faịlụ na-akpaghị aka mgbe ị na-eru na njedebe nke faịlụ jiri -e ma ọ bụ -E nhọrọ:

# less -e /var/log/auth.log
# less -E /var/log/auth.log

Ka imepe faịlụ na mmalite nke ụkpụrụ, jiri syntax ndị a:

# less +/sshd /var/log/auth.log

Apr 12 16:19:39 tecmint sshd[16666]: Accepted password for tecmint from 192.168.0.15 port 41634 ssh2
Apr 12 16:19:39 tecmint sshd[16666]: pam_unix(sshd:session): session opened for user tecmint by (uid=0)
Apr 12 16:19:39 tecmint systemd-logind[954]: New session 1 of user tecmint.
Apr 12 16:19:48 tecmint sshd[16728]: Received disconnect from 192.168.0.15: 11: disconnected by user
Apr 12 16:19:48 tecmint sshd[16666]: pam_unix(sshd:session): session closed for user tecmint
Apr 12 16:20:01 tecmint CRON[16799]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 16:20:02 tecmint CRON[16799]: pam_unix(cron:session): session closed for user root
Apr 12 16:25:01 tecmint CRON[17026]: pam_unix(cron:session): session opened for user root by (uid=0)
Apr 12 16:25:01 tecmint CRON[17025]: pam_unix(cron:session): session opened for user root by (uid=0)

Iwu dị n'elu na-agwa obere ka imepe faịlụ auth.log na egwuregwu mbụ nke eriri sshd.

Iji tinye ọdịnaya nke faịlụ meghere na obere iwu na-akpaghị aka, jiri nchikota igodo Shift+f ma ọ bụ jiri syntax ndị a mee obere ihe.

# less +F /var/log/syslog

Nke a na-eme obere ka ọ na-agba ọsọ na ọnọdụ mmekọrịta (ndụ) ma gosipụta ọdịnaya ọhụrụ na-efegharị mgbe ị na-eche ka edere data ọhụrụ na faịlụ. Omume a yiri iwu ọdụ -f.

N'ịgbakọta na ụkpụrụ ị nwere ike ile faịlụ ndekọ na mmekọrịta yana Shift+f igodo strok ka ọ na-adakọ na mkpụrụokwu. Iji pụọ na ọnọdụ ndụ naanị pịa igodo Ctrl+c.

# less +/CRON /var/log/syslog

Ma ị na-ekpebi iji karịa ma ọ bụ obere, nke bụ nhọrọ onwe gị, cheta na obere ihe nwere ọtụtụ atụmatụ.