[root@server5 ~]# tail -f /var/log/messages
Dec 15 11:53:07 server1 avahi-daemon[732]: Withdrawing address record for fd15:4ba5:5a2b:1008:4da0:9d6a:40a1:1e34 on ens33.
Dec 15 11:53:07 server1 avahi-daemon[732]: Registering new address record for fe80::d88e:564d:cf7b:13ef on ens33.*.
Dec 15 11:53:07 server1 NetworkManager[800]: <info> [1639540387.4543] device (ens33): ipv6: duplicate address check failed for the fd15:4ba5:5a2b:1008:4da0:9d6a:40a1:1e34/64 lft 86400sec pref 14400sec lifetime 276-276[14400,86400] dev 2 flags noprefixroute,tentative src kernel address
Dec 15 11:53:07 server1 avahi-daemon[732]: Registering new address record for fd15:4ba5:5a2b:1008:b574:ef81:d29e:3c75 on ens33.*.
Dec 15 11:53:07 server1 avahi-daemon[732]: Withdrawing address record for fe80::d88e:564d:cf7b:13ef on ens33.
Dec 15 11:53:31 server1 systemd-logind: New session 3 of user root.
Dec 15 11:53:31 server1 systemd: Started Session 3 of user root.
Dec 15 11:54:15 server1 journal: shell-extensions did not set error for gs_plugin_refresh
Dec 15 11:55:16 server1 chronyd[763]: Selected source 202.118.1.130
Dec 15 11:56:21 server1 chronyd[763]: Source 162.159.200.123 replaced with 119.28.206.193
安全日志/var/log/secure
记录了安全信息,系统登录,网络连接等信息
查看远程登录失败日志
[root@server5 ~]# cat /var/log/secure |grep Failed
Dec 15 12:14:51 server1 sshd[4917]: Failed password for root from 192.168.139.10 port 43456 ssh2
Dec 15 12:14:59 server1 sshd[4917]: Failed password for root from 192.168.139.10 port 43456 ssh2
查看远程登录成功日志
[root@server5 ~]# cat /var/log/secure |grep Accepted
Dec 15 13:38:18 server5 sshd[47938]: Accepted password for root from 192.168.139.10 port 43458 ssh2
[root@server5 ~]# last
zhangsan pts/2 192.168.139.10 Wed Dec 15 13:52 still logged in
root pts/2 192.168.139.20 Wed Dec 15 13:44 - 13:44 (00:00)
root pts/2 192.168.139.10 Wed Dec 15 13:41 - 13:41 (00:00)
root pts/2 192.168.139.10 Wed Dec 15 13:40 - 13:40 (00:00)
root pts/2 192.168.139.10 Wed Dec 15 13:38 - 13:38 (00:00)
踢除用户
[root@server5 ~]# w
13:54:03 up 2:05, 4 users, load average: 0.00, 0.01, 0.05
USER TTY FROM LOGIN@ IDLE JCPU PCPU WHAT
root :0 :0 一16 ?xdm? 1:43 0.52s /usr/libexec/gnome-session-binary --session gnome-cla
root pts/0 :0 一16 19:47 0.17s 0.07s bash
root pts/1 192.168.139.1 11:53 3.00s 0.14s 0.00s w
zhangsan pts/2 192.168.139.10 13:52 1:09 0.01s 0.01s -bash
[root@server5 ~]# pkill -t pts/2[zhangsan@server5 ~]$ Connection to 192.168.139.50 closed by remote host.
Connection to 192.168.139.50 closed.[root@server5 ~]# cat /var/log/messages|grep zhangsan
Dec 15 13:52:54 server5 systemd: Created slice User Slice of zhangsan.
Dec 15 13:52:54 server5 systemd: Started Session 23 of user zhangsan.
Dec 15 13:52:54 server5 systemd-logind: New session 23 of user zhangsan.
Dec 15 13:58:49 server5 systemd: Removed slice User Slice of zhangsan.
查看最后5条
[root@server5 ~]# last -a -5
zhangsan pts/2 Wed Dec 15 13:52 - 13:58 (00:05) 192.168.139.10
root pts/2 Wed Dec 15 13:44 - 13:44 (00:00) 192.168.139.20
root pts/2 Wed Dec 15 13:41 - 13:41 (00:00) 192.168.139.10
root pts/2 Wed Dec 15 13:40 - 13:40 (00:00) 192.168.139.10
root pts/2 Wed Dec 15 13:38 - 13:38 (00:00) 192.168.139.10
wtmp begins Sat Jul 24 17:36:07 2021
查看指定时间
查看2021-12-15 14:00:00之前的信息
[root@server5 ~]# last -a -t 20211215140000
zhangsan pts/2 Wed Dec 15 13:52 - 13:58 (00:05) 192.168.139.10
root pts/2 Wed Dec 15 13:44 - 13:44 (00:00) 192.168.139.20
root pts/2 Wed Dec 15 13:41 - 13:41 (00:00) 192
最低0.47元/天 解锁文章
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
