Peti - Ngwa nyocha ndekọ ndekọ mepere emepe maka Linux SysAdmins
Petit bụ sistemu Cygwin mepere emepe nke emebere iji nyochaa faịlụ ndekọ ngwa ngwa na gburugburu ụlọ ọrụ.
Ezubere ya ịgbaso nkà ihe ọmụma Unix nke obere ngwa ngwa ma dị mfe iji, enwere ike iji ya nyochaa/akwado ụdị faịlụ ndekọ dị iche iche gụnyere syslog na faịlụ ndekọ Apache.
- Nkwado maka nyocha ndekọ.
- na-achọpụta na akwado ụdị faịlụ ndekọ dị iche iche (dịka Syslog, Apache Access, Apache Error, Snort Log, Linux Secure Log, na raw log faịlụ).
- Nkwado maka log Hashing .
- Na-akwado eserese ahịrị iwu.
- Nkwado maka nchọpụta okwu wee gụọ ya na okwu nkwụsị nkịtị n'ime data log.
- Nkwado maka mbelata ndekọ maka ọgụgụ dị mfe.
- Na-enye nzacha ndabara dị iche iche yana nke emebere nke ọma.
- Na-akwado akara mkpisi aka, bara uru n'ịchọpụta na ewepu mbinye aka nrụpụtagharị.
- Na-enye ọtụtụ nhọrọ mmepụta maka obosara ihuenyo ọnụ na nhọrọ agwa na ọtụtụ ndị ọzọ.
N'ime nkuzi a, anyị ga-egosi gị otu esi etinye ma jiri ngwa nyocha Petit log na Linux wepụta ozi bara uru na ndekọ sistemụ n'ụzọ dị iche iche.
Otu esi etinye ma jiri ngwa nyocha Petit Log na Linux
Enwere ike itinye Petit site na ebe nchekwa Debian/Ubuntu na usoro ya, na-eji ngwa njikwa ngwugwu dabara adaba dị ka egosiri n'okpuru.
$ sudo apt install petit
Na sistemụ RHEL/CentOS/Fedora, budata ma wụnye ngwugwu .rpm dị ka nke a.
# wget http://crunchtools.com/wp-content/files/petit/petit-current.rpm # rpm -i petit-current.rpm
Ozugbo etinyere ya, oge erugo ịhụ ojiji nke Petit nwere ihe atụ.
Nke a bụ ọrụ petit kwụ ọtọ - ọ na-achịkọta ọnụọgụ ahịrị achọpụtara na faịlụ ndekọ. Ihe mmepụta ya gụnyere ọnụọgụ ahịrị ahịrị ndị yiri ya achọtara na log na ihe otu ahụ siri dị ka egosiri n'okpuru.
# petit --hash /var/log/yum.log OR # petit --hash --fingerprint /var/log/messages
2: Mar 18 14:35:54 Installed: libiec61883-1.2.0-4.el6.x86_64 2: Mar 18 15:25:18 Installed: xorg-x11-drv-i740-1.3.4-11.el6.x86_64 1: Dec 16 12:36:23 Installed: 5:mutt-1.5.20-7.20091214hg736b6a.el6.x86_64 1: Dec 16 12:36:22 Installed: mailcap-2.1.31-2.el6.noarch 1: Dec 16 12:40:49 Installed: mailx-12.4-8.el6_6.x86_64 1: Dec 16 12:40:20 Installed: man-1.6f-32.el6.x86_64 1: Dec 16 12:43:33 Installed: sysstat-9.0.4-31.el6.x86_64 1: Dec 16 12:36:22 Installed: tokyocabinet-1.4.33-6.el6.x86_64 1: Dec 16 12:36:22 Installed: urlview-0.9-7.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-lzma-compat-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:43:31 Updated: 2:tar-1.23-15.el6_8.x86_64 1: Dec 16 12:43:31 Updated: procps-3.2.8-36.el6.x86_64 1: Feb 18 12:40:27 Erased: mysql 1: Feb 18 12:40:28 Erased: mysql-libs 1: Feb 18 12:40:22 Installed: MariaDB-client-10.1.21-1.el6.x86_64 1: Feb 18 12:40:12 Installed: MariaDB-common-10.1.21-1.el6.x86_64 1: Feb 18 12:40:10 Installed: MariaDB-compat-10.1.21-1.el6.x86_64 1: Feb 18 12:54:50 Installed: apr-1.3.9-5.el6_2.x86_64 ......
Iji --daemon nhọrọ na-enyere aka iwepụta akụkọ bụ isi nke ahịrị nke sistemu daemon mepụtara dị ka egosiri na ọmụmaatụ n'okpuru.
# petit --hash --daemon /var/log/syslog
847: vmunix: 48: CRON[#]: 30: dhclient[#]: 26: nm-dispatcher: 14: rtkit-daemon[#]: 6: smartd[#]: 5: ntfs-#g[#]: 4: udisksd[#]: 3: mdm[#]: 2: ag[#]: 2: syslogd 1: cinnamon-killer-daemon: 1: cinnamon-session[#]: 1: pulseaudio[#]:
Iji chọta ọnụọgụgụ ahịrị niile nke otu onye ọbịa mepụtara, jiri ọkọlọtọ --host dị ka egosiri n'okpuru. Nke a nwere ike ịba uru mgbe ị na-enyocha faịlụ ndekọ maka ihe karịrị otu onye ọbịa.
# petit --host /var/log/syslog 999: tecmint
A na-eji ọrụ a chọọ ma gosipụta okwu ndị dị oke mkpa na faịlụ ndekọ.
# petit --wordcount /var/log/syslog
845: [ 97: [mem 75: ACPI: 64: pci 62: debian-sa# 62: to 51: USB 50: of 49: device 47: && 47: (root) 47: CMD 47: usb 41: systemd# 36: ACPI 32: > 32: driver 32: reserved 31: (comm# 31: -v
Nke a na-arụ ọrụ n'ụdị eserese igodo/uru uru, maka ntụnyere nkesa n'akụkụ n'akụkụ dị ka egosiri na atụ ndị dị n'okpuru.
Iji eserese 60 nke mbụ na syslog, jiri ọkọlọtọ --sgrapg dị ka nke a.
# petit --sgraph /var/log/syslog
# # # # # ############################################################ 59 29 58 Start Time: 2017-06-08 09:45:59 Minimum Value: 0 End Time: 2017-06-08 09:46:58 Maximum Value: 1 Duration: 60 seconds Scale: 0.166666666667
Ihe atụ a na-egosi otu esi eso na eserese otu mkpụrụokwu (dịka \dhcp n'iwu dị n'okpuru) na faịlụ ndekọ.
# cat /var/log/messages | grep error | petit --mgraph
# # # # # # # # # # # # # # # ############################################################ 10 40 09 Start Time: 2017-06-08 10:10:00 Minimum Value: 0 End Time: 2017-06-08 11:09:00 Maximum Value: 2 Duration: 60 minutes Scale: 0.333333333333
Na mgbakwunye, iji gosi sample maka ntinye ọ bụla na faịlụ ndekọ, jiri nhọrọ –allsamples dị ka nke a.
# petit --hash --allsample /var/log/syslog
Faịlụ Petit dị mkpa:
- /var/lib/petit/fingerprint_library – eji arụ faịlụ mkpisiaka ahaziri ahazi.
- /var/lib/petit/mkpịsị aka mkpịsị aka (nchịkọta faịlụ mkpịsị aka) - nke a na-eji enyochagharị reboots na mmemme ndị ọzọ onye njikwa sistemụ ahụghị na ọ dị mkpa.
- /var/lib/petit/filters/
Maka ozi ndị ọzọ na nhọrọ ojiji, gụọ petit man page dị ka nke a.
# man petit OR # petit -h
Ebe obibi Petit: http://crunchtools.com/software/petit/
Gụọkwa site na ntuziaka ndị a bara uru gbasara nlekota na njikwa log na Linux:
- 4 Ngwa nleba anya na njikwa ndebanye aha mepere emepe nke ọma maka Linux
- Otu esi ejikwa ndekọ sistemụ (Hazie, tụgharịa na Bubata n'ime nchekwa data) na Linux
- Otu esi ahazi na jikwaa ntugharị ndekọ site na iji Logrotate na Linux
- Nyochaa ihe nkesa na-abanye n'oge na-eji ngwá ọrụ Log.io na Linux
Ị nwere ike iziga anyị ajụjụ ọ bụla site na ụdị nzaghachi dị n'okpuru ma ọ bụ ikekwe soro anyị kerịta ozi gbasara ngwaọrụ nyocha log bara uru maka Linux, nke ị nụworo ma ọ bụ hụta ya.