rsync通过服务同步

rsync服务同步,系统日志,screen

1.编辑配置文件:

[root@weixing01 ~]# cat /etc/rsyncd.conf
port=873
log file=/var/log/rsync.log
pid file=/var/run/rsyncd.pid
address=192.168.188.130
[test]
path=/root/rsync
use chroot=true
max connections=4
read only=no
list=true
uid=root
gid=root
auth users=test
secrets file=/etc/rsyncd.passwd
hosts allow=192.168.188.132

2.上面配置含义:

rsync服务同步,系统日志,screen

rsync服务同步,系统日志,screen
3.telnet查看端口是否通:

[root@weixing01 ~]# telnet 192.168.188.130 873
Trying 192.168.188.130...
Connected to 192.168.188.130.
Escape character is '^]'.
@RSYNCD: 30.0
^]  
telnet> quit
Connection closed.

4.使用服务传输文件:

[root@weixing01 ~]# rsync -avP /tmp/weixing01.txt 192.168.188.130::test/weixing02.txt
sending incremental file list
weixing01.txt
           0 100%    0.00kB/s    0:00:00 (xfer#1, to-check=0/1)

sent 73 bytes  received 27 bytes  18.18 bytes/sec
total size is 0  speedup is 0.00
[root@weixing01 ~]# rsync -avP 192.168.188.130::test/weixing02.txt /tmp/123.txt
receiving incremental file list
weixing02.txt
           0 100%    0.00kB/s    0:00:00 (xfer#1, to-check=0/1)

sent 45 bytes  received 104 bytes  298.00 bytes/sec
total size is 0  speedup is 0.00
[root@weixing01 ~]# ls /tmp
123.txt
1.cap
systemd-private-2ae3d953b8524f5b90c20118d3d6a250-chronyd.service-dejMvO
systemd-private-2ae3d953b8524f5b90c20118d3d6a250-vgauthd.service-CAioZR
systemd-private-2ae3d953b8524f5b90c20118d3d6a250-vmtoolsd.service-ZvA7wV
weixing01.txt

5.指定端口:

[root@weixing01 ~]# rsync -avP --port 8730 /tmp/weixing01.txt 192.168.188.130::test/weixing02.txt
sending incremental file list

sent 34 bytes  received 8 bytes  84.00 bytes/sec
total size is 0  speedup is 0.00

6.设置密码后传输:

[root@weixing01 ~]# rsync -avP --port 8730 /tmp/weixing01.txt test@192.168.188.130::test/weixing02.txt
Password: 
sending incremental file list

sent 34 bytes  received 8 bytes  12.00 bytes/sec
total size is 0  speedup is 0.00

7.免密传输:
首先客户端需要设置一个密码文件

[root@weixing01 ~]# vim /etc/rsync.passwd
[root@weixing01 ~]# chmod 600 !$
chmod 600 /etc/rsync.passwd
密码与服务端一致,但是只写密码
[root@weixing01 ~]# rsync -avP --port 8730 --password-file=/etc/rsync.passwd /tmp/weixing01.txt test@192.168.188.130::test/weixing02.txt
sending incremental file list

sent 34 bytes  received 8 bytes  84.00 bytes/sec
total size is 0  speedup is 0.00

linux系统日志

rsync服务同步,系统日志,screen

1.系统日志路径:

[root@weixing01 ~]# ls /var/log/messages
/var/log/messages
[root@weixing01 ~]# less !$
less /var/log/messages
[root@weixing01 ~]# du -sh !$
du -sh /var/log/messages
1.5M    /var/log/messages

2.切割日志:路径

[root@weixing01 ~]# cat /etc/logrotate.conf 
# see "man logrotate" for details
# rotate log files weekly
weekly

# keep 4 weeks worth of backlogs
rotate 4

# create new (empty) log files after rotating old ones
create

# use date as a suffix of the rotated file
dateext

# uncomment this if you want your log files compressed
#compress

# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    minsize 1M
    rotate 1
}

/var/log/btmp {
    missingok
    monthly
    create 0600 root utmp
    rotate 1
}

# system-specific logs may be also be configured here.
[root@weixing01 ~]# ls /var/log/messages*
/var/log/messages           /var/log/messages-20171228
/var/log/messages-20171213  /var/log/messages-20180123
/var/log/messages-20171218

3.logrotate.d

[root@weixing01 ~]# cat /etc/logrotate.d/syslog 
/var/log/cron
/var/log/maillog
/var/log/messages
/var/log/secure
/var/log/spooler
{
    missingok
    sharedscripts
    postrotate
    /bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
    endscript
}

4.dmesg:硬件的日志,保存在内存中:

[    4.650726] alg: No test for __gcm-aes-aesni (__driver-gcm-aes-aesni)
[    4.653963] alg: No test for crc32 (crc32-pclmul)
[    5.230630] XFS (sda1): Ending clean mount
[    5.360699] type=1305 audit(1517448006.219:3): audit_pid=496 old=0 auid=4294967295 ses=4294967295 res=1
[    9.281932] NET: Registered protocol family 40
[   21.120492] ip6_tables: (C) 2000-2006 Netfilter Core Team
[   21.306956] Ebtables v2.0 registered
[   21.375248] nf_conntrack version 0.5.0 (7810 buckets, 31240 max)
[   21.530528] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[   21.649640] Netfilter messages via NETLINK v0.30.
[   21.688130] ip_set: protocol 6
[   21.896976] IPv6: ADDRCONF(NETDEV_UP): ens33: link is not ready
[   21.934852] e1000: ens33 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[   21.971180] IPv6: ADDRCONF(NETDEV_UP): ens37: link is not ready
[   21.975799] e1000: ens37 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: None
[root@weixing01 ~]# dmesg

5.系统启动日志,与dmesg无关:

[root@weixing01 ~]# ls /var/log/dmesg
/var/log/dmesg
[root@weixing01 ~]# less /var/log/dmesg

6.登录成功日志:last

[root@weixing01 ~]# last
root     pts/0        192.168.188.1    Thu Feb  1 09:20   still logged in   
reboot   system boot  3.10.0-693.el7.x Thu Feb  1 09:20 - 09:38  (00:18)    
root     pts/0        192.168.188.1    Wed Jan 31 21:51 - down   (01:20)    
reboot   system boot  3.10.0-693.el7.x Wed Jan 31 21:51 - 23:12  (01:21)    
root     pts/0        192.168.188.1    Mon Jan 29 22:21 - crash (1+23:29)   
reboot   system boot  3.10.0-693.el7.x Mon Jan 29 22:20 - 23:12 (2+00:51)   
root     pts/0        192.168.188.1    Fri Jan 26 22:00 - crash (3+00:20)   
reboot   system boot  3.10.0-693.el7.x Fri Jan 26 21:58 - 23:12 (5+01:14)   
root     pts/1        192.168.188.1    Thu Jan 25 23:01 - crash  (22:56)    
root     tty1                          Thu Jan 25 23:00 - 23:35  (00:34)    
root     pts/0        192.168.188.1    Thu Jan 25 22:01 - 23:14  (01:13)    
reboot   system boot  3.10.0-693.el7.x Thu Jan 25 21:59 - 23:12 (6+01:12)   
root     pts/0        192.168.188.1    Thu Jan 25 21:26 - crash  (00:33)    
reboot   system boot  3.10.0-693.el7.x Thu Jan 25 18:56 - 23:12 (6+04:16)   
root     tty1                          Wed Jan 24 22:32 - 00:49  (02:16)    
root     pts/0        192.168.188.1    Wed Jan 24 22:28 - crash  (20:27)    
reboot   system boot  3.10.0-693.el7.x Wed Jan 24 22:26 - 23:12 (7+00:45)   
root     pts/1        192.168.188.1    Tue Jan 23 22:31 - 22:36  (00:04)    
root     pts/0        192.168.188.1    Tue Jan 23 21:01 - down   (01:40)    
reboot   system boot  3.10.0-693.el7.x Tue Jan 23 21:00 - 22:42  (01:42)    
root     pts/0        192.168.188.1    Mon Jan 22 21:08 - down   (01:12)    
reboot   system boot  3.10.0-693.el7.x Mon Jan 22 21:01 - 22:20  (01:19)    
root     pts/0        192.168.188.1    Mon Jan 15 21:49 - down   (01:05)    
reboot   system boot  3.10.0-693.el7.x Mon Jan 15 21:46 - 22:55  (01:08)    
root     pts/0        192.168.188.1    Fri Jan 12 21:20 - crash (3+00:26)   
reboot   system boot  3.10.0-693.el7.x Fri Jan 12 21:19 - 22:55 (3+01:35)   
root     pts/0        192.168.188.1    Wed Jan 10 21:24 - crash (1+23:54)   
reboot   system boot  3.10.0-693.el7.x Wed Jan 10 21:24 - 22:55 (5+01:30)   
root     pts/0        192.168.188.1    Wed Jan 10 21:17 - crash  (00:06)    
reboot   system boot  3.10.0-693.el7.x Wed Jan 10 21:17 - 22:55 (5+01:37)   
root     pts/0        192.168.188.1    Wed Jan 10 21:12 - down   (00:03)    
reboot   system boot  3.10.0-693.el7.x Wed Jan 10 21:12 - 21:16  (00:04)    
root     pts/0        192.168.188.1    Mon Jan  8 21:23 - down   (00:45)    
reboot   system boot  3.10.0-693.el7.x Mon Jan  8 21:23 - 22:08  (00:45)    
root     pts/0        192.168.188.1    Sat Jan  6 23:22 - crash (1+22:00)   
reboot   system boot  3.10.0-693.el7.x Sat Jan  6 23:22 - 22:08 (1+22:46)   
root     pts/0        192.168.188.1    Fri Jan  5 21:57 - crash (1+01:24)   
reboot   system boot  3.10.0-693.el7.x Fri Jan  5 21:54 - 22:08 (3+00:14)   
reboot   system boot  3.10.0-693.el7.x Thu Jan  4 21:17 - 22:08 (4+00:51)   
root     pts/0        192.168.188.1    Fri Dec 29 17:21 - down   (01:47)    
reboot   system boot  3.10.0-693.el7.x Fri Dec 29 17:21 - 19:09  (01:47)    
root     pts/1        192.168.188.1    Thu Dec 28 22:33 - crash  (18:47)    
root     pts/0        192.168.188.1    Thu Dec 28 19:00 - crash  (22:20)    
reboot   system boot  3.10.0-693.el7.x Thu Dec 28 19:00 - 19:09 (1+00:09)   
root     pts/0        192.168.188.1    Thu Dec 28 18:38 - crash  (00:22)    
reboot   system boot  3.10.0-693.el7.x Thu Dec 28 18:37 - 19:09 (1+00:31)   
root     pts/2        192.168.188.1    Thu Dec 28 01:02 - 01:02  (00:00)    
weixing0 pts/2        192.168.188.1    Thu Dec 28 00:58 - 01:00  (00:01)    
root     pts/1        192.168.188.1    Thu Dec 28 00:43 - down   (00:19)    
root     pts/0        192.168.188.1    Wed Dec 27 23:33 - down   (01:29)    
reboot   system boot  3.10.0-693.el7.x Wed Dec 27 23:32 - 01:02  (01:30)    
root     pts/0        192.168.188.1    Tue Dec 26 22:24 - 22:29  (00:04)    
root     pts/0        192.168.188.1    Tue Dec 26 21:16 - 22:24  (01:07)    
reboot   system boot  3.10.0-693.el7.x Tue Dec 26 21:16 - 22:29  (01:12)    
root     pts/0        192.168.188.1    Mon Dec 25 15:46 - crash (1+05:29)   
root     tty1                          Mon Dec 25 15:40 - 22:26  (06:45)    
reboot   system boot  3.10.0-693.el7.x Mon Dec 25 15:40 - 22:29 (1+06:48)   
root     tty1                          Mon Dec 25 15:39 - crash  (00:00)    
root     pts/0        192.168.188.1    Mon Dec 25 15:34 - 15:39  (00:05)    
reboot   system boot  3.10.0-693.el7.x Mon Dec 25 15:31 - 22:29 (1+06:57)

调用文件

[root@weixing01 ~]# ls /var/log/wtmp 
/var/log/wtmp

7.lastb:查看登录失败的用户

[root@weixing01 ~]# lastb

btmp begins Wed Jan 24 22:26:45 2018
[root@weixing01 ~]# ls /var/log/btmp
/var/log/btmp

8.安全日志:

[root@weixing01 ~]# ls /var/log/secure
/var/log/secure
[root@weixing01 ~]# less !$
less /var/log/secure

Jan 23 22:19:06 weix01 groupadd[4187]: group added to /etc/group: name=tcpdump, GID=72
Jan 23 22:19:06 weix01 groupadd[4187]: group added to /etc/gshadow: name=tcpdump
Jan 23 22:19:06 weix01 groupadd[4187]: new group: name=tcpdump, GID=72
Jan 23 22:19:07 weix01 useradd[4191]: new user: name=tcpdump, UID=72, GID=72, home=/, shell=/sbin/nologin
Jan 23 22:31:20 weix01 sshd[4235]: Accepted publickey for root from 192.168.188.1 port 52513 ssh2: RSA SHA256:dTfFpbejYbAy4JT9kIVb2IDlJWuCLOGqPCTP+3ktM0E
Jan 23 22:31:21 weix01 sshd[4235]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 23 22:35:18 weix01 groupadd[4327]: group added to /etc/group: name=tss, GID=59
Jan 23 22:35:18 weix01 groupadd[4327]: group added to /etc/gshadow: name=tss
Jan 23 22:35:18 weix01 groupadd[4327]: new group: name=tss, GID=59
Jan 23 22:35:18 weix01 useradd[4332]: new user: name=tss, UID=59, GID=59, home=/dev/null, shell=/sbin/nologin
Jan 23 22:35:19 weix01 groupadd[4355]: group added to /etc/group: name=wireshark, GID=995
Jan 23 22:35:19 weix01 groupadd[4355]: group added to /etc/gshadow: na

screen工具

rsync服务同步,系统日志,screen