Logs système
Objectif
Cette page présente les logs disponibles sur un système Linux Ubuntu afin de permettre de localiser et d'analyser rapidement toute anomalie rencontrée.
Les logs standard
Généralités
Les logs systèmes sont souvent stockés dans /var/log/
roge@N73SM ~ $ ll /var/log total 3668 -rw-r--r-- 1 root root 43807 août 25 19:02 alternatives.log drwxr-xr-x 2 root root 4096 août 25 17:54 apt -rw-r--r-- 1 root root 794 juin 24 12:25 aptitude -rw-r----- 1 syslog adm 87796 août 28 23:06 auth.log -rw-r--r-- 1 root root 6031 août 25 21:26 boot.log -rw-r--r-- 1 root root 64920 juin 24 11:59 bootstrap.log -rw-rw---- 1 root utmp 1920 août 26 19:11 btmp drwxr-xr-x 2 root root 4096 août 25 18:24 ConsoleKit drwxr-xr-x 2 root root 4096 août 28 02:24 cups -rw-r----- 1 root adm 74946 août 25 21:26 dmesg -rw-r----- 1 root adm 79678 août 25 18:24 dmesg.0 -rw-r----- 1 root adm 59 juin 24 11:58 dmesg.1.gz -rw-r--r-- 1 root root 1774266 août 26 18:25 dpkg.log -rw-r--r-- 1 root root 32032 août 25 20:33 faillog -rw-r--r-- 1 root root 3442 août 25 18:59 fontconfig.log drwxr-xr-x 2 root root 4096 juin 24 11:58 fsck -rw-r--r-- 1 root root 1358 août 26 18:10 gpu-manager.log drwxr-xr-x 3 root root 4096 juin 24 12:10 hp drwxr-xr-x 2 root root 4096 août 25 17:54 installer -rw-r----- 1 syslog adm 402336 août 28 22:18 kern.log -rw-rw-r-- 1 root utmp 292292 août 28 23:06 lastlog drwxr-xr-x 2 root root 4096 août 26 18:10 mdm -rw-r--r-- 1 root root 5658 août 25 21:26 mintsystem.log -rw-r--r-- 1 root root 55 août 25 21:26 nvidia-prime-upstart.log -rw-r--r-- 1 root root 83194 août 28 22:18 pm-powersave.log -rw-r--r-- 1 root root 146330 août 28 22:18 pm-suspend.log -rw-r--r-- 1 root root 20 août 26 18:10 prime-supported.log -rw-r--r-- 1 root root 0 juin 24 12:16 pycentral.log drwxr-xr-x 3 root root 4096 août 25 18:26 samba drwx------ 2 speech-dispatcher root 4096 févr. 19 2014 speech-dispatcher -rw-r----- 1 syslog adm 80060 août 28 23:06 syslog -rw-r----- 1 syslog adm 107932 août 28 02:24 syslog.1 -rw-r----- 1 syslog adm 9428 août 27 09:15 syslog.2.gz -rw-r----- 1 syslog adm 55870 août 26 09:04 syslog.3.gz -rw-r--r-- 1 root root 366081 août 25 21:26 udev drwxr-xr-x 2 root root 4096 août 25 21:25 unattended-upgrades drwxr-xr-x 2 root root 4096 août 27 09:15 upstart -rw-r--r-- 1 root root 1303 août 26 18:24 vbox-install.log -rw-rw-r-- 1 root utmp 26880 août 28 23:06 wtmp -rw-r--r-- 1 root root 68084 août 28 22:57 Xorg.0.log -rw-r--r-- 1 root root 43097 août 25 21:25 Xorg.0.log.old -rw-r--r-- 1 root root 28284 août 26 18:11 Xorg.20.log roge@N73SM ~ $
Voir aussi doc.opensuse.org - sec.tuning.logfiles.logs
auth.log
Ce fichier enregistre les authentifications.
roge@N73SM ~ $ cat /var/log/auth.log Aug 25 18:24:01 N73SM systemd-logind[865]: New seat seat0. Aug 25 18:24:14 N73SM mdm[1493]: pam_unix(mdm-autologin:session): session opened for user roge by (uid=0) Aug 25 18:24:14 N73SM systemd-logind[865]: New session c1 of user roge. Aug 25 18:24:14 N73SM systemd-logind[865]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display. Aug 25 18:24:14 N73SM mdm[1493]: pam_ck_connector(mdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Aug 25 18:24:23 N73SM polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.29 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) ...... Aug 25 18:32:22 N73SM sudo: roge : TTY=pts/2 ; PWD=/home/roge ; USER=root ; COMMAND=/bin/mount -a Aug 25 18:32:22 N73SM sudo: pam_unix(sudo:session): session opened for user root by roge(uid=0) Aug 25 18:32:22 N73SM sudo: pam_unix(sudo:session): session closed for user root ..... Aug 25 18:42:08 N73SM pkexec[6186]: roge: Executing command [USER=root] [TTY=unknown] [CWD=/home/roge] [COMMAND=/usr/sbin/synaptic --hide-main-window --non-interactive --parent-window-id 31457312 -o Synaptic::closeZvt=true --progress-str Veuillez patienter, cela peut prendre un certain temps --finish-str La mise à jour est terminée --set-selections-file /tmp/tmp2Fz9XO] ...... Aug 25 21:22:08 N73SM cinnamon-screensaver-dialog: gkr-pam: unlocked login keyring Aug 25 21:22:38 N73SM sudo: pam_unix(sudo:auth): conversation failed Aug 25 21:22:38 N73SM sudo: pam_unix(sudo:auth): auth could not identify password for [roge] Aug 25 21:22:38 N73SM sudo: pam_unix(sudo:auth): conversation failed Aug 25 21:22:38 N73SM sudo: pam_unix(sudo:auth): auth could not identify password for [roge] Aug 25 21:22:43 N73SM sudo: roge : TTY=unknown ; PWD=/home/roge ; USER=root ; COMMAND=/usr/sbin/mdmsetup Aug 25 21:22:43 N73SM sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Aug 25 21:23:54 N73SM sudo: pam_unix(sudo:session): session closed for user root Aug 25 21:24:44 N73SM sudo: roge : TTY=unknown ; PWD=/home/roge ; USER=root ; COMMAND=/usr/lib/linuxmint/mintUpdate/checkAPT.py Aug 25 21:24:44 N73SM sudo: pam_unix(sudo:session): session opened for user root by (uid=0) Aug 25 21:24:57 N73SM nxexec: pam_unix(nx:session): session opened for user roge by (uid=117) Aug 25 21:24:57 N73SM nxexec: pam_ck_connector(nx:session): cannot determine display-device Aug 25 21:24:57 N73SM nxexec: pam_unix(nx:session): session closed for user roge Aug 25 21:24:58 N73SM sudo: pam_unix(sudo:session): session closed for user root .... Aug 25 21:26:16 N73SM sshd[1289]: Server listening on 0.0.0.0 port xxxxx. Aug 25 21:26:16 N73SM sshd[1289]: Server listening on :: port xxxxx. .... Aug 25 21:26:26 N73SM mdm[1685]: pam_unix(mdm-autologin:session): session opened for user roge by (uid=0) Aug 25 21:26:26 N73SM systemd-logind[930]: New session c1 of user roge. Aug 25 21:26:26 N73SM systemd-logind[930]: Linked /tmp/.X11-unix/X0 to /run/user/1000/X11-display. Aug 25 21:26:26 N73SM mdm[1685]: pam_ck_connector(mdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Aug 25 21:26:37 N73SM polkitd(authority=local): Registered Authentication Agent for unix-session:c1 (system bus name :1.36 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale fr_FR.UTF-8) Aug 25 21:26:58 N73SM nxexec: pam_unix(nx:session): session opened for user roge by (uid=117) ..... Aug 25 21:44:49 N73SM sshd[4662]: Accepted publickey for roge from 192.168.xxx.xxx port xxxxx ssh2: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx Aug 25 21:44:49 N73SM sshd[4662]: pam_unix(sshd:session): session opened for user roge by (uid=0) Aug 25 21:44:49 N73SM systemd-logind[930]: Removed session 4. Aug 25 21:44:49 N73SM systemd-logind[930]: New session 5 of user roge. Aug 25 21:44:49 N73SM sshd[4673]: Received disconnect from 192.168.xxx.xxx: 11: disconnected by user Aug 25 21:44:49 N73SM sshd[4662]: pam_unix(sshd:session): session closed for user roge ..... Aug 25 21:58:37 N73SM sshd[10835]: Accepted publickey for roge from 192.168.xxx.xxx port xxxxx ssh2: RSA xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx Aug 25 21:58:37 N73SM sshd[10835]: pam_unix(sshd:session): session opened for user roge by (uid=0) Aug 25 21:58:37 N73SM systemd-logind[930]: Removed session 5. Aug 25 21:58:37 N73SM systemd-logind[930]: New session 6 of user roge. Aug 25 21:58:37 N73SM sshd[10846]: Received disconnect from 192.168.xxx.xxx: 11: disconnected by user Aug 25 21:58:37 N73SM sshd[10835]: pam_unix(sshd:session): session closed for user roge .....
boot.log
Affiche la séquence de démarrage sysème.
roge@N73SM ~ $ cat /var/log/boot.log * Stopping adjust system clock and timezone [ OK ] * Starting Mount filesystems on boot [ OK ] * Starting Fix-up sensitive /proc filesystem entries [ OK ] * Starting Populate /dev filesystem [ OK ] * Starting Populate and link to /run filesystem [ OK ] * Stopping Fix-up sensitive /proc filesystem entries [ OK ] * Stopping Populate /dev filesystem [ OK ] * Stopping Populate and link to /run filesystem [ OK ] * Stopping Track if upstart is running in a container [ OK ] * Starting Initialize or finalize resolvconf [ OK ] * Starting set console keymap [ OK ] * Starting Signal sysvinit that virtual filesystems are mounted [ OK ] * Starting Signal sysvinit that virtual filesystems are mounted [ OK ] * Starting set sysctls from /etc/sysctl.conf [ OK ] * Starting Bridge udev events into upstart [ OK ] * Starting Signal sysvinit that remote filesystems are mounted [ OK ] * Stopping set console keymap [ OK ] * Stopping set sysctls from /etc/sysctl.conf [ OK ] * Starting device node and kernel event manager [ OK ] * Starting load modules from /etc/modules [ OK ] * Starting cold plug devices [ OK ] * Starting log initial device creation [ OK ] * Stopping load modules from /etc/modules [ OK ] * Starting load fallback graphics devices [ OK ] * Stopping load fallback graphics devices [ OK ] * Starting configure network device security [ OK ] * Starting Signal sysvinit that the rootfs is mounted [ OK ] * Starting configure network device security [ OK ] * Starting Uncomplicated firewall [ OK ] * Starting Mount network filesystems [ OK ] * Starting Clean /tmp directory [ OK ] * Stopping Mount network filesystems [ OK ] * Starting configure network device [ OK ] * Stopping Read required files in advance (for other mountpoints) [ OK ] * Starting Bridge socket events into upstart [ OK ] * Starting configure network device security [ OK ] * Starting configure network device [ OK ] * Starting configure network device [ OK ] * Stopping Read required files in advance (for other mountpoints) [ OK ] * Stopping Read required files in advance (for other mountpoints) [ OK ] * Stopping Clean /tmp directory [ OK ] * Starting Signal sysvinit that local filesystems are mounted [ OK ] * Starting restore software rfkill state [ OK ] * Starting SMB/CIFS File Server [ OK ] * Stopping restore software rfkill state [ OK ] * Starting flush early job output to logs [ OK ] * Stopping Failsafe Boot Delay [ OK ] * Starting Enabling additional executable binary formats [ OK ] * Stopping Mount filesystems on boot [ OK ] * Starting System V initialisation compatibility [ OK ] * Stopping flush early job output to logs [ OK ] * Starting Bridge file events into upstart [ OK ] * VirtualBox Additions disabled, not in a Virtual Machine * Starting system logging daemon [ OK ] * Setting sensors limits [ OK ] * Starting D-Bus system message bus [ OK ] * Starting modem connection manager [ OK ] * Starting configure network device security [ OK ] * Starting mDNS/DNS-SD daemon [ OK ] * Starting Reload cups, upon starting avahi-daemon to make sure remote queues are populated [ OK ] * Stopping Reload cups, upon starting avahi-daemon to make sure remote queues are populated [ OK ] * Starting SystemD login management service [ OK ] * Starting bluetooth daemon [ OK ] * Starting network connection manager [ OK ] * Stopping cold plug devices [ OK ] * Stopping log initial device creation [ OK ] * Starting configure network device security [ OK ] * Starting enable remaining boot-time encrypted block devices [ OK ] * Starting save udev log and update rules [ OK ] * Stopping save udev log and update rules [ OK ] * Starting configure virtual network devices [ OK ] * Starting SMB/CIFS File and Active Directory Server [ OK ] * Starting SMB/CIFS File and Active Directory Server [fail] * Setting up X socket directories... [ OK ] * Stopping System V initialisation compatibility [ OK ] * Starting System V runlevel compatibility [ OK ] * Starting Restore Sound Card State [ OK ] * Starting save kernel messages [ OK ] * Starting NVIDIA PRIME Power Saving Mode [ OK ] * Starting anac(h)ronistic cron [ OK ] * Starting ACPI daemon [ OK ] * Stopping Restore Sound Card State [ OK ] * Loading cpufreq kernel modules... [ OK ] * CPU0... * Starting cups-browsed - Bonjour remote printer browsing daemon [ OK ] * Starting regular background program processing daemon [ OK ] * Stopping Restore Sound Card State [ OK ] * Stopping save kernel messages [ OK ] * Stopping anac(h)ronistic cron [ OK ] * CPU1... * CPU2... * CPU3... * CPU4... * CPU5... * CPU6... * CPU7... * CPUFreq Utilities: Setting ondemand CPUFreq governor... [ OK ] * Starting CPU interrupts balancing daemon [ OK ] * Starting OpenSSH server [ OK ] * speech-dispatcher disabled; edit /etc/default/speech-dispatcher * VirtualBox Additions disabled, not in a Virtual Machine saned disabled; edit /etc/default/saned * Starting MDM Display Manager [ OK ] * Stopping Send an event to indicate plymouth is up [ OK ] * Restoring resolver state... [ OK ] * Starting Mount network filesystems [ OK ] * Stopping Mount network filesystems [ OK ] * Starting NetBIOS name server [ OK ] roge@N73SM ~ $
TODO 