如何查看linux的日志

dcdong

檢查日志是個好的習慣，在linux里也有日志文件，是在/var/log/message 和/var/log/secure兩個文件，下面檢查中，發(fā)現(xiàn)有人企圖用root 進行ssh登陸，但是密碼不正確
[root@localhost log]# pwd
/var/log
[root@localhost log]# more messages
Nov  4 17:08:03 localhost syslogd 1.4.1: restart.
Nov  4 17:25:53 localhost sshd(pam_unix)[9897]: session opened for user root by root(uid=0)
Nov  4 17:28:09 localhost sshd: sshd -TERM succeeded
Nov  4 17:28:09 localhost sshd:  succeeded
Nov  5 15:20:24 localhost sshd(pam_unix)[10474]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.20.100.110  u
ser=root
Nov  5 15:20:32 localhost sshd(pam_unix)[10476]: session opened for user root by root(uid=0)
[root@localhost log]# more secure
Nov  4 17:25:52 localhost sshd[9895]: Address 10.20.100.110 maps to localhost, but this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!
Nov  4 17:25:52 localhost sshd[9895]: Accepted password for root from ::ffff:10.20.100.110 port 2031 ssh2
Nov  4 17:28:09 localhost sshd[5226]: Received signal 15; terminating.
Nov  4 17:28:09 localhost sshd[9943]: Server listening on :: port 2501.
Nov  4 17:28:09 localhost sshd[9943]: error: Bind to port 2501 on 0.0.0.0 failed: Address already in use.
Nov  5 15:20:24 localhost sshd[10474]: Address 10.20.100.110 maps to localhost, but this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!
Nov  5 15:20:26 localhost sshd[10474]: Failed password for root from ::ffff:10.20.100.110 port 2779 ssh2
Nov  5 15:20:32 localhost sshd[10474]: Accepted password for root from ::ffff:10.20.100.110 port 2779 ssh2
[root@localhost log]#


本文來自ChinaUnix博客，如果查看原文請點：http://blog.chinaunix.net/u3/105400/showart_2087083.html