[°­ÁÂ] ½Ã½ºÅÛ ÃÖÀûÈ­ - ·Î±×ÆÄÀÏ ºÐ¼® ¹× È¿À²ÀûÀ¸·Î °ü¸®ÇÏ±â

±Û¾´³¯ : 2000³â 2¿ù 22ÀÏ(È­)
±Û¾´ÀÌ : ¹®ÅÂÁØ
(http://www.taejun.pe.kr, taejun@taejun.pe.kr, taejun@hitel.net)


Âü°íÀÚ·á
man syslogd.conf
man sysklogd
man logrotate
20¸¸ÅëÀÇ ÀüÀÚ¸ÞÀÏ°ú sendmail(¸¶¼Ò 99³â 5¿ù)Áß ·Î±× ÆÄÀÏ °ü¸®ºÎºÐ
±âÅ¸ ¸®´ª½º ¹× À¯´Ð½º ½Ã½ºÅÛ °ü¸® °ü·Ã ¼­Àû


0. µé¾î°¡¸ç
½Ã½ºÅÛ¿¡´Â »ç¿ëÀÚ ·Î±×ÀÎ, ¸ÞÀÏµî ¸ðµç ½Ã½ºÅÛ È°µ¿¿¡ ´ëÇÑ ·Î±×¸¦ ±â·Ï
ÇÏ°í ÀÌ¸¦ °¡Áö°í ½Ã½ºÅÛÀÇ ¹®Á¦¿¡ ´ëÇØ¼­ ºÐ¼®ÇÒ ¼ö ÀÖ´Ù.
½Ã½ºÅÛÀÇ ·Î±×°¡ ¾î¶² ½ÄÀ¸·Î ±â·ÏµÇ°í ¾î¶² ÀÇ¹Ì¸¦ °¡Áö°í ÀÖ´ÂÁö,
ÀÌ¸¦ ¾î¶»°Ô È°¿ëÇØ¾ßÇÒÁö ½Ã½ºÅÛ °ü¸®ÀÚ¶ó¸é ¹Ýµå½Ã ¼÷ÁöÇÏ°í ÀÖ¾î¾ß
ÇÒ °ÍÀÌ´Ù.


¼Ò±Ô¸ð·Î ¼­¹ö¸¦ ¿î¿µÇÏ´Â °æ¿ì ·Î±×ÆÄÀÏ¿¡ ±×´ÙÁö ½Å°æÀ» ¾²´Â ÀÏÀÌ ¾ø´Ù.
±×·¸Áö¸¸ Á¦°øÇÏ´Â ¼­ºñ½º°¡ ¸¹¾ÆÁö°í ±Ô¸ð°¡ Ä¿Áú °æ¿ì ¿¹»óÄ¡ ¸øÇÑ °÷¿¡
¼­ ¹®Á¦°¡ »ý±â´Â ÀÏÀÌ ¸¹´Ù. ±×Áß ÇÏ³ª°¡ ¾öÃ»³ª°Ô Áõ°¡ÇÏ´Â ·Î±×ÆÄÀÏ¹®Á¦
ÀÌ´Ù. 

¿¹¸¦ µé¾îº¸ÀÚ. ÇÏ·ç¿¡ 10¸¸ÅëÀÇ ÀüÀÚ¸ÞÀÏÀ» Ã³¸®ÇÏ´Â °æ¿ì¸¦ »ý°¢ÇØº¸ÀÚ.
sendmailÀº ÀüÀÚ¸ÞÀÏÀ» Àü¼ÛÇÏ¸é¼­ ±× °á°ú ¸Þ½ÃÁö¸¥ syslogd¸¦ ÀÌ¿ë
/var/log/maillog¿¡ ÀúÀåÇÑ´Ù. (ÀÌ´Â ¼³Á¤¿¡ µû¶ó ´Ù¸¦ ¼ö ÀÖ´Ù) ¶ÇÇÑ
¿©±â¿¡ pop3¸¦ »ç¿ëÇØ ¸ÞÀÏÀ» °¡Á®°£ ±â·Ï°ú ¸ÞÀÏÀ» Àü¼ÛÇÑ ±â·Ï±îÁö
ÀúÀåµÇ¾î¾ßÇÑ´Ù. 

Á¤»óÀûÀ¸·Î ÀüÀÚ¸ÞÀÏÀÌ Àü¼ÛµÇ´Â °æ¿ì ±â·ÏµÇ´Â ¸Þ½ÃÁö´Â 560 ¹ÙÀÌÆ®Á¤µµ
ÀÌ´Ù. ±×·¸Áö¸¸ Àü¼Û½Ã ¿¡·¯°¡ ³ª´Â °æ¿ì¿¡´Â ±× ¿¡·¯ È½¼ö¿¡ µû¶ó ¿¡·¯ 
¸Þ½ÃÁö°¡ Ãß°¡µÈ´Ù. Æò±Õ ÇÏ³ªÀÇ ÀüÀÚ¸ÞÀÏÀÌ 1KB Á¤µµÀÇ ·Î±×¸¦ ±â·ÏÇÑ´Ù
°í ÇØº¸ÀÚ. ÇÏ·ç¿¡ 10¸¸°³ÀÇ ¸ÞÀÏÀ» Àü¼ÛÇÑ´Ù¸é ÇÏ·íµ¿¾È ·Î±×ÀÇ Å©±â¸¸ 
100M ÀÌ°í ÀÏÁÖÀÏÀÌ¸é 700MBÀÌ´Ù. 
¿©±â¿¡ ¸ÞÀÏ°èÁ¤ÀÌ 1000¸íÀÌ°í °¢ »ç¿ëÀÚ°¡ 5ºÐ¸¶´Ù pop3·Î ¸ÞÀÏÀ» È®ÀÎ
ÇÑ´Ù°í ÇßÀ» °æ¿ì¸¦ Ãß°¡ÇØ¾ßÇÑ´Ù. ÇÑ¹ø¿¡ ¾à 0.2KBÀÇ ·Î±×°¡ ½×ÀÌ¸é
½Ã°£´ç 12¹ø(5ºÐ¿¡ ÇÑ¹ø¾¿ È®ÀÎÇÏ´Â °æ¿ì), ÇÏ·ç 8½Ã°£ ±Ù¹«½Ã 96¹øÀÌ°í
96*0.2KB = 192kbÀÌ´Ù. 1000¸íÀÌ¹Ç·Î 192MB°¡ µÇ°í ÀÏÁÖÀÏÀÌ¸é ÀÏ¿äÀÏÀ»
Á¦¿ÜÇÏ´õ¶óµµ 1.15GÁ¤µµ°¡ µÈ´Ù. 
ÇÑ »ç¶÷´ç ¸ÞÀÏ¿ë·®À» 10M¾¿ ÇÒ´çÇÏ¸é ÀüÀÚ¸ÞÀÏÀ» ÀúÀåÇÒ ¿ë·®¸¸À¸·Î
10G°¡ ÇÊ¿äÇÏ°í ·Î±×¸¦ À§ÇØ 2G ÀÌ»óÀÌ ÇÊ¿äÇÏ´Ù. ¿©±â¼­ ±×³É 2G·Î 
³¡³ª´Â °ÍÀÌ ¾Æ´Ï¶ó rotate °ªÀÌ 4¶ó¸é 8G°¡ µÈ´Ù. °¡È÷ ²ûÂïÇÑ »óÈ²ÀÌ
¿¹»óµÇÁö ¾Ê´Â°¡? 

¿©±â¼­¸¸ ³¡³ª´Â °ÍÀÌ ¾Æ´Ï´Ù. syslogd´Â maillog¸¦ ¿­¾î³õ°í °è¼Ó ·Î±×
¸¦ ±â·ÏÇÏ´Âµ¥ ·Î±×ÆÄÀÏÀÌ 1MÀÌ»ó ³Ñ¾î°¡¸é ÇÏ³ªÀÇ ¸Þ½ÃÁö¸¦ Ã³¸®ÇÏ±â
À§ÇØ ½Ã½ºÅÛ ÀÚ¿øÀ» 10% ÀÌ»ó »ç¿ëÇÑ´Ù°í ÇÏ¸ç 10M°¡ ³ÑÀ¸¸é 40% ÀÌ»ó,
100M°¡ ³ÑÀ¸¸é 80% ÀÌ»óÀÇ ½Ã½ºÅÛ ÀÚ¿øÀ» »ç¿ëÇÑ´Ù°í ÇÑ´Ù. (¹°·Ð ÀÌ´Â
ÀÚ½ÅÀÇ ½Ã½ºÅÛ »óÈ²À» ²÷ÀÓ¾øÀÌ ¸ð´ÏÅÍ¸µÇØ¼­ ÀÚ½Å¿¡ ¸ÂÃß¾î¾ß ÇÒ °ÍÀÌ
´Ù) °á±¹ ¼­ºñ½º¸¦ Á¦°øÇÏ´Âµ¥ ÀÚ¿øÀ» »ç¿ëÇØ¾ßÇÏ´Âµ¥ ¾öÃ»³ª°Ô Ä¿Áø
·Î±×ÆÄÀÏ¶§¹®¿¡ ½Ã½ºÅÛÀÇ ÀÚ¿øÀÌ ¾ø¾îÁ®¼­ ³ªÁß¿¡´Â ÀüÀÚ¸ÞÀÏ Àü¼ÛÀÌ
¾Æ´Ï¶ó ·Î±× ±â·Ï¿¡ ¸ðµç cpu ½Ã°£À» »ç¿ëÇØ¾ßÇÑ´Ù. ÇÏµå µð½ºÅ©¸¦ 
ºó¹øÇÏ°Ô »ç¿ëÇÏ´Â ÀÛ¾÷ÀÌ ¸¹À¸¸é ½Ã½ºÅÛÀÇ ¼º´ÉÀº ±Þ°ÝÇÏ°Ô ¶³¾îÁø´Ù.

ÀÌÁ¦ À¥¼­¹ö·Î±× ±â·ÏÀ» »ìÆìº¸ÀÚ. ÀÌ¿ëÀÚ°¡ Á¢¼ÓÇÒ ¶§¸¶´Ù ±â·ÏµÇ´Â 
access_log´Â ÇÑ¹ø Á¢¼Ó´ç ¾à 85Byte°¡ Áõ°¡ÇÑ´Ù. ÇÏ·ç 10¸¸¹ø Á¢¼Ó
ÇÏ¸é 8.5MÀÌ´Ù. ÀÏÁÖÀÏÀÌ¸é 59.5MÀÌ´Ù. ÇÑ´ÞÀÌ¸é 255MÀÌ´Ù. ¼­ºñ½ºÇÏ
´Â ±Ô¸ð°¡ ´õ Å©´Ù¸é ·Î±×ÆÄÀÌÀ» ¾×¼¼½ºÇÏ°í °»½ÅÇÏ´Âµ¥´Â ´õ ¸¹Àº
½Ã½ºÅÛ ÀÚ¿øÀ» »ç¿ëÇÒ °ÍÀÌ´Ù.


¼­·ÐÀ» ÀÌ·¸°Ô ÀåÈ²ÇÏ°Ô ÀÌ¾ß±âÇÑ°ÍÀº °ü¸®ÀÚ°¡ ·Î±× ±â·Ï¿¡ ½Å°æÀ»
¾²Áö ¾Ê´Â´Ù¸é ´ë±Ô¸ð ¼­ºñ½º¸¦ Á¦°øÇÏ¸é¼­ ¾ó¸¶³ª Å« ¹®Á¦°¡ »ý±æ¼ö
ÀÖ´ÂÁö¸¦ ¾Ë·ÁÁÖ°íÀÚ ÇÏ±â À§ÇÔÀÌ´Ù. ÇÊÀÚÀÇ °³ÀÎ È¨ÆäÀÌÁö¿¡¼­¾ß 
±×·± ¹®Á¦°¡ »ý±âÁö´Â ¾Ê°ÚÁö¸¸....

·Î±× ±â·ÏÀ» ¾î¶² ½ÄÀ¸·Î ¼³Á¤ÇÒ °ÍÀÎ°¡? Á¤Ã¥¿¡ °üÇÑ °ÍÀº °ü¸®ÀÚ°¡
ÇØ¾ß ÇÒ ¸òÀÌ¶ó »ý°¢ÇÏ¸ç ¿©±â¿¡¼­´Â ·Î±× ÆÄÀÏÀÇ ¼³Á¤ ¹× ·ÎÅ×ÀÌ¼Ç
¿¡ ´ëÇØ¼­ ¼³¸íÀ» ÇÑ´Ù. ÇÊÀÚ°¡ Ã¥À» ±×´ÙÁö µÚÁ®º¸Áö ¾Ê¾Æ¼­ ±×·±Áö
´Â ¸ð¸£°Ú´Âµ¥ À¯´Ð½º ¼­¹ö °ü¸® ¼­Àû¿¡µµ ÀÌ¿¡ ´ëÇØ¼­´Â ±×¸® ÀÚ¼¼È÷
³ª¿ÍÀÖÁö ¾Ê¾Æ¼­ ÀÌ¹ø ±âÈ¸¸¦ ÀÌ¿ëÇØ Á¤¸®ÇØº¸°íÀÚ ÇÑ´Ù.



1. ½Ã½ºÅÛ ·Î±× ±â·Ï (syslog)
ÀÏ¹ÝÀûÀ¸·Î ¹èÆ÷ÆÇ ¼³Ä¡½Ã ·Î±×ÆÄÀÏÀ» ±â·ÏÇÏ´Â ÆÐÅ°Áö°¡ ÀÚµ¿À¸·Î
¼³Ä¡µÈ´Ù. 

# rpm -qa | grep log

logrotate-3.3-1   	   --->> ·Î±× ·ÎÅ×ÀÌÆ®(¼øÈ¯)
sysklogd-1.3.31-12         --->> ½Ã½ºÅÛ ·Î±× ±â·Ï


# rpm -ql sysklogd
/etc/logrotate.d/syslog
/etc/rc.d/init.d/syslog
/etc/rc.d/rc0.d/K99syslog
/etc/rc.d/rc1.d/K99syslog
/etc/rc.d/rc2.d/S30syslog
/etc/rc.d/rc3.d/S30syslog
/etc/rc.d/rc5.d/S30syslog
/etc/rc.d/rc6.d/K99syslog
/etc/syslog.conf		--->> ¼³Á¤ÆÄÀÏ
/sbin/klogd			--->> Ä¿³Î ·Î±× ´ë¸ó
/sbin/syslogd			--->> ½Ã½ºÅÛ ·Î±× ´ë¸ó
/usr/doc/sysklogd-1.3.31
/usr/doc/sysklogd-1.3.31/ANNOUNCE
/usr/doc/sysklogd-1.3.31/INSTALL
/usr/doc/sysklogd-1.3.31/NEWS
/usr/doc/sysklogd-1.3.31/README.1st
/usr/doc/sysklogd-1.3.31/README.linux
/usr/doc/sysklogd-1.3.31/Sysklogd-1.3.lsm
/usr/man/man5/syslog.conf.5
/usr/man/man8/klogd.8
/usr/man/man8/sysklogd.8
/usr/man/man8/syslogd.8


Âü°í·Î ¹®¼­µð·ºÅä¸®ÀÇ ³»¿ëÀº »ç¿ë°ú °ü·ÃÇØ¼­´Â ±×´ÙÁö µµ¿òÀÌ
µÇÁö ¾Ê°í ¿ÀÈ÷·Á ¸ÇÆäÀÌÁö°¡ µµ¿òÀÌ µÇ¾ú´Ù.


# ps aux | head -n10
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.1  1168   56 ?        S    14:07   0:05 init [3]
root         2  0.0  0.0     0    0 ?        SW   14:07   0:00 [kflushd]
root         3  0.0  0.0     0    0 ?        SW   14:07   0:00 [kupdate]
root         4  0.0  0.0     0    0 ?        SW   14:07   0:00 [kpiod]
root         5  0.0  0.0     0    0 ?        SW   14:07   0:05 [kswapd]
root         6  0.0  0.0     0    0 ?        SW<  14:07   0:00 [mdrecoveryd]
root       285  0.0  0.5  1232  180 ?        S    14:07   0:00 syslogd -m 0
root       296  0.0  0.0  1464    0 ?        SW   14:07   0:00 [klogd]

º¸Åë À§¿Í °°ÀÌ ·Î±× ´ë¸óÀº ½Ã½ºÅÛÀÇ ºÎÆÃ½Ã ÃÊÃ¢±â¿¡ ½ÇÇàÀÌ µÈ´Ù.


±×·¯¸é °¡Àå ¸ÕÀú /etc/syslog.conf ¸¦ »ìÆìº¸ÀÚ. syslodÀÇ ¼³Á¤ ÆÄÀÏÀÌ´Ù.

# cat /etc/syslog.conf


# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*							/dev/console


# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none				/var/log/messages

# The authpriv file has restricted access.
authpriv.*						/var/log/secure

# Log all the mail messages in one place.
mail.*							/var/log/maillog

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg							*

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit						/var/log/spooler

# Save boot messages also to boot.log
local7.*						/var/log/boot.log



¼³Á¤ÆÄÀÏÀº ¸Å¿ì °£´ÜÇÏ´Ù. ºó Çà°ú # À¸·Î ½ÃÀÛµÇ´Â ÇàÀº ¹«½ÃµÈ´Ù.
(Âü°í·Î ¸®´ª½º´Â BSD Çü½ÄÀ¸·Î ·Î±×¸¦ ±¸¼ºÇÑ´Ù)
¼³Á¤ÇàÀÇ ±¸Á¶´Â ´ÙÀ½°ú °°´Ù. 

facility.level	destination

facility´Â ¸Þ½ÃÁö¸¦ º¸³»´Â ¼­ºê½Ã½ºÅÛÀÇ ÀÌ¸§ÀÌ¸ç 
level(priority)Àº ¸Þ½ÃÁöÀÇ Áß¿ä¼º(¾ö°Ýµµ)À» ³ªÅ¸³½´Ù. 

facility´Â ´ÙÀ½°ú °°´Ù.
auth, authpriv, cron, daemon, kern, lpr, mail, news, syslog,
user, uucp, local0 - local7

priority´Â ´ÙÀ½°ú °°´Ù. (¾ö°Ýµµ°¡ °¨¼ÒÇÏ´Â ¼ø¼­)
debug,  info,  notice, warning, warn (same as warning),
err, error (same as err),  crit,  alert,  emerg,
panic (same as emerg)

°¢ÀÚ¿¡ ´ëÇÑ ¼³¸íÀº ¾Æ·¡¸¦ Âü°íÇÏÀÚ.

# man 3 syslog


   facility
       The facility argument is used to specify what type of pro
       gram is logging the message.  This lets the  configuration
       file  specify that messages from different facilities will
       be handled differently.

       LOG_AUTH
	      security/authorization  messages	(DEPRECATED   Use
	      LOG_AUTHPRIV instead)

       LOG_AUTHPRIV
	      security/authorization messages (private)

       LOG_CRON
	      clock daemon (cron and at)

       LOG_DAEMON
	      other system daemons

       LOG_KERN
	      kernel messages

       LOG_LOCAL0 through LOG_LOCAL7
	      reserved for local use

       LOG_LPR
	      line printer subsystem

       LOG_MAIL
	      mail subsystem

       LOG_NEWS
	      USENET news subsystem

       LOG_SYSLOG
	      messages generated internally by syslogd

       LOG_USER(default)
	      generic user-level messages

       LOG_UUCP
	      UUCP subsystem


   level
       This determines the importance of the message.  The levels
       are, in order of decreasing importance:

       LOG_EMERG
	      system is unusable

       LOG_ALERT
	      action must be taken immediately

       LOG_CRIT
	      critical conditions

       LOG_ERR
	      error conditions

       LOG_WARNING
	      warning conditions

       LOG_NOTICE
	      normal, but significant, condition

       LOG_INFO
	      informational message

       LOG_DEBUG
	      debug-level message


auth ´ë½Å auth_priv¸¦ »ç¿ëÇÒ °ÍÀ» ÃßÃµÇÏ°í ÀÖÀ¸¸ç ³ª¸ÓÁö´Â
ÀÐ¾îº¸¸é ½±°Ô ÀÌÇØ°¡ °¥ °ÍÀÌ´Ù. Å©·Ð, ´ë¸ó, Ä¿³Î ¸Þ½ÃÁö,
·ÎÄÃ¿¡¼­ »ç¿ë, ÇÁ¸°ÅÍ, ¸ÞÀÏ, ´º½º, syslog, »ç¿ëÀÚ Á¤ÀÇ,
UUCP. (auth´Â ·Î±×ÀÎ ÀÎÁõ ½Ã½ºÅÛ)

emerg : ½Ã½ºÅÛ ÆÐ´Ð
alert : ¿¡·¯ °æ°í. Áï°¢ ¾Ë·Á¾ßÇÒ ³»¿ë
crit : ÇÏµå ÀåÄ¡ ¿¡·¯¿Í °°Àº ÀÓ°è ¿¡·¯(critical error)
err : ¿¡·¯
warn : °æ°í
notice : ºñÀÓ°è ¸Þ½ÃÁö
info : Á¤º¸ ¸Þ½ÃÁö
debug :¹®Á¦ ÃßÀûÀ» µ½´Â Æ¯¼ö Á¤º¸
¸¸¾à none ÀÌ¶ó°í ÇÏ¸é ±×¿¡ ´ëÇÑ ¸ðµç ·Î±× ¸Þ½ÃÁö¸¦ Á¦¿ÜÇÏ¶ó´Â ¶æÀÔ´Ï´Ù.


¸ðµç facility ³ª priority ¸¦ ÁöÁ¤ÇÏ·Á¸é * ¸¦ ¾²¸é µÇ¸ç
¿©·¯°³¸¦ ÁöÁ¤ÇÏ·Á¸é , ¸¦ »ç¿ëÇÏ¸é µË´Ï´Ù.

±×·±µ¥ ¿©±â¼­ ¹Ýµå½Ã ¾Ë¾ÆµÎ¾ßÇÒ°ÍÀÌ priority¸¦ ÁöÁ¤ÇÏ¸é ±×¿Í
°¥Àº priorityºÎÅÍ ±× À§ÀÇ priority¿¡ °ü·ÃµÈ ·Î±×¸¦ ±â·ÏÇÑ´Ù´Â
°ÍÀÔ´Ï´Ù. ¸¸¾à info ¸¦ ÁöÁ¤ÇÏ¸é emerg ºÎÅÍ info »çÀÌÀÇ ¸ðµç
·Î±×¸¦ ±â·ÏÇÏ´Â °ÍÀÌÁö¿ä.

¸¸¾à ´ÜÀÏÇÑ priority¸¦ ÁöÁ¤ÇÏ·Á¸é = ¸¦ »ç¿ëÇÏ¸é µË´Ï´Ù.
!´Â priority ¹üÀ§¸¦ Á¦ÇÑÇÕ´Ï´Ù. 
ÀÌ¿¡ ´ëÇØ¼­´Â ¾Æ·¡¿¡¼­ ¼³¸íÇÏ´Â ¿¹¸¦ Âü°íÇÏ¼¼¿ä.

** ¸®´ª½º¿¡¼­ syslogd´Â ¿ø·¡ BSD ¼Ò½º¿¡ ¸î°¡Áö ±â´ÉÀÌ Ãß°¡
µÇ¾ú´Ù. =, ! µîÀÌ ÀÌ¿¡ ¼ÓÇÑ´Ù.


·Î±×ÆÄÀÏÀ» ±â·ÏÀ¸·Î ³²±â´Â ¹æ½Ä¿¡´Â ¿©·¯°¡Áö°¡ ÀÖ´Ù.
°¡Àå ¸ÕÀú ÆÄÀÏÇüÅÂ(/var/log/messages). named pipe. 
ÅÍ¹Ì³Î°ú ÄÜ¼Ö(/dev/console). ¿ø°Ý ¸Ó½Å(@). »ç¿ëÀÚ.
·Î±×ÀÎÇÑ ÀüÃ¼ »ç¿ëÀÚ(*)

ÀÚ °¡Àå ¸ÕÀú /etc/syslog.conf ¸¦ »ìÆìº¸ÀÚ.

# cat /etc/syslog.conf



# Log all kernel messages to the console.
# Logging much else clutters up the screen.
kern.*							/dev/console

# ¸ðµç Ä¿³Î ¸Þ½ÃÁö¸¦ ÄÜ¼Ö·Î.


# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none				/var/log/messages

# ¸ðµç info¸¦ messages¿¡ ±â·Ï. ¿©±â¼­ mail, authpriv °ü·Ã ±â·ÏÀº Á¦¿Ü


# The authpriv file has restricted access.
authpriv.*						/var/log/secure

# ¸ðµç ·Î±×ÀÎ ÀÎÁõ °ü·Ã ±â·Ï. su, login µîÀ» ¸ðµÎ ¿©±â ±â·Ï


# Log all the mail messages in one place.
mail.*							/var/log/maillog

# ¸ðµç ¸ÞÀÏ ¸Þ½ÃÁö


# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg							*

# ºñ»ó ¸Þ½ÃÁö(emerg)´Â ÇöÀç ·Î±×ÀÎÇÑ ¸ðµç »ç¿ëÀÚ¿¡°Ô ¾Ë¸²


# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit						/var/log/spooler

# uucp, news ÀÇ crit Á¤º¸ ±â·Ï


# Save boot messages also to boot.log
local7.*						/var/log/boot.log

# ºÎÆ® ¸Þ½ÃÁö ±â·Ï



º¸Åë À§ÀÇ ³»¿ëÀÌ ÀÏ¹ÝÀûÀÎ ¹èÆ÷ÆÇ ±¸¼ºÀÌ´Ù.
¾Æ¸¶ kernel ¸Þ½ÃÁö¿¡´Â ÁÖ¼®ÀÌ µÇ¾îÀÖÀ» °ÍÀÌ´Ù.


¿¹¸¦ µé¾î *.err  /dev/tty8 ¸¦ Ãß°¡ÇØº¸ÀÚ.
³î°íÀÖ´Â tty8 ÄÜ¼Ö¿¡¼­ ½Ã½ºÅÛ¿¡¼­ ¹ß»ýÇÏ´Â ¸ðµç 
¿¡·¯¸¦ º¼ ¼ö ÀÖ´Ù. 

*.*  @taejun

ÀÌ°Ç ¸ðµç ¸Þ½ÃÁö¸¦ taejun ÀÌ¶ó´Â ¿ø°Ý È£½ºÆ®¿¡¼­ Ã³¸®ÇÏµµ·Ï
ÇÒ ¼ö ÀÖ´Ù. ¾î¶² °æ¿ì ÀÌ°Ô À¯¿ëÇÒ±î? ÀÌ°Ç Å¬·¯½ºÅÍ¸µÀ¸·Î ±¸¼ºµÈ
½Ã½ºÅÛ¿¡¼­ ¾ÆÁÖ À¯¿ëÇÒ °ÍÀÌ´Ù. ¸ðµç syslog ¸Þ½ÃÁö¸¦ ÇÑ´ëÀÇ
½Ã½ºÅÛÀ¸·Î ¸ðÀ» ¼ö ÀÖÀ¸´Ï±ñ.


±×·¯¸é À§ÀÇ ±âº» ¼³Á¤¸»°í ¸î°¡Áö ¿¹¸¦ ´õ º¸ÀÚ.


      # Store critical stuff in critical
      #
      *.=crit;kern.none		   /var/adm/critical


      # Ä¿³ÎÀ» Á¦¿ÜÇÏ°í ¸ðµç crit ¿¡ ÇØ´çÇÏ´Â ¸Þ½ÃÁö ±â·Ï
      # (¿©±â¼­ = ¸¦ ÁöÁ¤ÇÑ Â÷ÀÌÁ¡¿¡ ´ëÇØ¼­ ÀÌÇØÇØ¾ßÇÔ)



      # Kernel messages are first, stored in the kernel
      # file, critical messages and higher ones also go
      # to another host and to the console
      #
      kern.*			   /var/adm/kernel
      kern.crit			   @finlandia
      kern.crit			   /dev/console
      kern.info;kern.!err	   /var/adm/kernel-info

      
      # Ä¿³Î °ü·Ã ¸ðµç ±â·ÏÀº kernel ÆÄÀÏ¿¡,
      # Ä¿³Î¿¡¼­ crit ÀÌ»óÀÇ ¸Þ½ÃÁö´Â´Â ÄÜ¼Ö°ú ¿ø°Ý È£½ºÆ®·Î.
      # µÎ¹øÂ° ºÎºÐ(¿ø°Ý È£½ºÆ®)ÀÌ À¯¿ëÇÑ °ÍÀº ¸¸¾à ½Ã½ºÅÛÀÌ
      # ºØ±«ÇØ¼­ µð½ºÅ©¿¡¼­ º¹±¸ÇÒ ¼ö ¾ø´Â ¿¡·¯°¡ ³µ´õ¶óµµ
      # ¿ø°Ý È£½ºÆ®¿¡¼­ ÀÌ ¹®Á¦¸¦ ÇØ°áÇÒ ¼ö ÀÖ´Â ¿øÀÎÀ» 
      # Ã£À» ¼ö ÀÖ´Ù.
      # ÀÌÁ¦ ³×¹øÂ° ÁÙ. ÀÌ°Ç info ºÎÅÍ err ÀÌÀü ±×·¯´Ï±ñ
      # info , notice, warn ¿¡ ´ëÇÑ ¸Þ½ÃÁö¸¦ ±â·ÏÇÑ´Ù.
      # ·Î±× ¹üÀ§À» Á¦ÇÑÇÏ´Â °ÍÀÌÁö¿ä.



      # The tcp wrapper loggs with mail.info, we display
      # all the connections on tty12
      #
      mail.=info		   /dev/tty12

      # mail.info¿¡ °ü·ÃµÈ ¸Þ½ÃÁö¸¦ 12¹øÂ° ÄÜ¼Ö¿¡ ±â·Ï.


      # Store all mail concerning stuff in a file
      #
      mail.*;mail.!=info	   /var/adm/mail


      # mail.info ¸¸ Á¦¿ÜÇÏ°í ¸ðµç mail ¸Þ½ÃÁö.


      # Log all mail.info and news.info messages to info
      #
      mail,news.=info		   /var/adm/info

      # mail °ú newsÀÇ info ¸¸ ±â·Ï


      # Log info and notice messages to messages file
      #
      *.=info;*.=notice;\
	   mail.none  /var/log/messages
      
      # info ¿Í notice ¿¡ ÇØ´çÇÏ´Â ¸ðµç ¸Þ½ÃÁö ±â·Ï.
      # ¿©±â¼­ mailÀÇ ¸ðµç ¸Þ½ÃÁö¸¸ Á¦¿Ü.



      # Log info messages to messages file
      #
      *.=info;\
	   mail,news.none	/var/log/messages
       
      # ¸ðµç info ¿¡ °ü·ÃµÈ ¸Þ½ÃÁö.
      # ´Ü, ¸ÞÀÏ, ´º½ºÀÇ ¸ðµç ¸Þ½ÃÁö´Â Á¦¿Ü



      # Emergency messages will be displayed using wall
      #
      *.=emerg			   *

      # ¸ðµç emergency ¸Þ¼¼Áö¸¦ ÇöÀç ·Î±×ÀÎÇÑ ¸ðµç »ç¿ëÀÚ¿¡°Ô.
      # ÀÌ´Â wall °ú °°´Ù.



      # Messages of the priority alert will be directed
      # to the operator
      #
      *.alert			   root,taejun

      # ¸ðµç alert ÀÌ»ó ¸Þ½ÃÁö¸¦ root ¿Í taejun »ç¿ëÀÚ¿¡°Ô


      *.*			   @taejun

      # ¸ðµç ¸Þ½ÃÁö¸¦ taejun ÀÌ¶ó´Â ¿ø°Ý È£½ºÆ®·Î
      # À§¿¡¼­ ¼³¸íÇß´ø °ÍÃ³·³ Å¬·¯½ºÅÍ¸µ ½Ã½ºÅÛ¿¡¼­
      # ¸ð¸¥ ·Î±× ¸Þ½ÃÁö¸¦ ÇÑ°÷¿¡ ±â·ÏÇÏ´Â °æ¿ì À¯¿ë




logger À¯Æ¿¸®Æ¼´Â ½© ½ºÅ©¸³Æ®¿¡¼­ syslog ±â´ÉÀ» ÀÌ¿ë
¸Þ½ÃÁö¸¦ º¸³¾ ¼ö ÀÖ´Ù.

# logger -p authpriv.alert -t oh_no_login  \
   "ÅÂÁØÀÌ°¡ ÀÌ»óÇÑ °÷¿¡¼­ ·Î±×ÀÎÇß¾î¿ä... ¿À¿Ê ÀÌ·±~~"


# tail -f secure 


Feb 22 18:31:42 taejun oh_no_login: ÅÂÁØÀÌ°¡ ÀÌ»óÇÑ °÷¿¡¼­ 
                                  ·Î±×ÀÎÇß¾î¿ä... ¿À¿Ê ÀÌ·±~~				       


Á» À¯Ä¡ÇÑ ¿¹ÀÌÁö¿ä???? 

Âü°í·Î /var/log/wtmp ¸¦ ÀÌ¿ë, last ¸í·ÉÀ¸·Î 
»ç¿ëÀÚÀÇ ·Î±×ÀÎ°ú °ü·ÃµÈ ±â·ÏÀ» º¼ ¼ö ÀÖ´Ù.

À§ ¼³Á¤ÆÄÀÏ¿¡¼­ /var/log/¿¡ ÀÖ´Â ·Î±×ÆÄÀÏ¿¡ ´ëÇØ¼­
¾î´ÀÁ¤µµ ¼³¸íÀ» ´Ù ÇÏ¿´´Ù. ¿©±â¼­ ¾ð±ÞÇÏÁö ¾ÊÀº °ÍÀÌ
xferlog ÀÎµ¥ ÀÌ´Â ftp ¼­¹ö¿¡ ´ëÇÑ ·Î±×ÆÄÀÏÀÌ´Ù.


À§ ³»¿ëÀ» Âü°í·Î ÀÚ½ÅÀÇ ¼­¹ö¿¡ ¸Â´Â ·Î±× ±â·ÏÀ» ¼³Á¤ÇØº¸ÀÚ.





2. logrotate ÀÌ¿ëÇÑ ·Î±× ÆÄÀÏ °ü¸®
¼­¹®¿¡¼­ ¸»À» ÇÑ´ë·Î ·Î±×ÆÄÀÏÀ» Á¦´ë·Î °ü¸®ÇÏÁö ¾ÊÀ¸¸é
´ëÇü ¼­¹öÀÇ °æ¿ì ·Î±×ÆÄÀÏ¶§¹®¿¡ ÇÏµåµð½ºÅ© °ø°£ÀÌ ³²¾Æ³ªÁö
¾Ê°í ¶Ç ·Î±×ÆÄÀÏ Ã³¸®·Î ¹ö¹÷°Å¸®°Ô µÈ´Ù.

´ëºÎºÐ ·¹µåÇÞ ±â¹ÝÀÇ ¹èÆ÷ÆÇ¿¡¼­´Â ±âº»À¸·Î ¼³Ä¡µÇ¾î ÀÖ´Ù.


# rpm -qa | grep logrotate
logrotate-3.3-1


# rpm -ql logrotate
/etc/cron.daily/logrotate
/etc/logrotate.conf
/etc/logrotate.d             
/usr/man/man8/logrotate.8
/usr/sbin/logrotate         

logrotate´Â °è¼Ó Ä¿Áö´Â ·Î±×ÆÄÀÏÀ» È¿À²ÀûÀ¸·Î 
°ü¸®ÇÏ±â À§ÇÑ ÇÁ·Î±×·¥ÀÌ´Ù.
ÀÚµ¿À¸·Î ·ÎÅ×ÀÌ¼ÇÀ» ½ÃÄÑÁÖ°í, ¾ÐÃà, Á¦°Å, ¸ÞÀÏ·Î º¸³»ÁÖ±â µîÀÇ
ÀÛ¾÷À» ÇÑ´Ù.

ÃÊ±â ¸®´ª½º ¼³Ä¡½Ã ÀÚµ¿À¸·Î cron¿¡ Ãß°¡°¡ µÈ´Ù.

/etc/cron.daily/logrotate

³»¿ëÀº ´ÙÀ½°ú °°´Ù.

# cat /etc/cron.daily/logrotate 

#!/bin/sh

/usr/sbin/logrotate /etc/logrotate.conf


À§¿¡¼­ º¸¸é logrotate °¡ ÇÁ·Î±×·¥ÀÌ°í logrotate.conf°¡
¼³Á¤ÆÄÀÏÀÌ¶ó´Â °ÍÀ» ¾Ë ¼ö ÀÖÀ» °ÍÀÌ´Ù.
À§¿¡¼­ .conf ÆÄÀÏ´ë½Å Æ¯Á¤ µð·ºÅä¸®¸¦ ÁöÁ¤ÇÏ¸é 
±× ÇØ´ç µð·ºÅä¸®ÀÇ ¸ðµç ÆÄÀÏÀ» »ç¿ëÇØ ÀÛ¾÷À» ÇÑ´Ù.
logrotate ¿¡ ¿©·¯°¡Áö ¿É¼ÇÀÌ ÀÖÁö¸¸ ±×´ÙÁö »ç¿ëÇÒ ÀÏÀº
¾øÀ» °Í °°´Ù. È¤½Ã³ª ±Ã±ÝÇÏ¸é man À¸·Î È®ÀÎ.

¸ÕÀú rotate ¿¡ ´ëÇØ¼­ ¼³¸íÇÏ°Ú´Ù.
rotate 3 ¶ó¸é cron ·Î±×¶ó°í ÇßÀ» °æ¿ì.
/var/log µð·ºÅä¸®¿¡ cronÀÌ Á¦ÀÏ Ã³À½ »ý¼ºµÇ°í
¼øÈ¯°£°Ý¸¶¸¶ ¿¹Àü cron Àº cron.1 ÀÌ, cron.1Àº cron.2,
cron.2 ´Â cron.3 À¸·Î µÈ´Ù. ±âÁ¸ÀÇ cron.3Àº »èÁ¦°¡ µÉ °ÍÀÌ´Ù.
±×·¯´Ï±ñ »õ·Î »ý¼ºÇÑ ¸ÞÀÏ·Î±×¿Ü¿¡ ÀÌÀüÀÇ ·Î±×¸¦ 3°³±îÁö ±â·Ï
ÇÏ´Â °ÍÀÌ´Ù.



ÀÚ ±×·¯¸é ÀÌÁ¦ ¼³Á¤ÆÄÀÏÀ» ÇÑ¹ø »ìÆìº¸ÀÚ.

# cat /etc/logrotate.conf


# see "man logrotate" for details
# rotate log files weekly
weekly

# ±âº»ÀûÀ¸·Î ÀÏÁÖÀÏ¸¶´Ù ·Î±×ÆÄÀÏÀ» ¼øÈ¯½ÃÅ´


# keep 4 weeks worth of backlogs
rotate 4

# ÀÌÀü ·Î±×ÆÄÀÏÀ» 4ÁÖµ¿¾È °£Á÷.
# À§¿¡¼­ ¼øÈ¯°£°ÝÀ» 1ÁÖÀÏ·Î ÇßÀ¸¹Ç·Î.  



# send errors to root
errors root

# ¿¡·¯°¡ »ý±æ°æ¿ì root ¿¡°Ô ¸ÞÀÏ·Î.


# create new (empty) log files after rotating old ones
create

# ¿¹Àü ·Î±×ÆÄÀÏÀ» ¼øÈ¯½ÃÅ²ÈÄ »õ·Î¿î ·Î±×ÆÄÀÏ »ý¼º


# uncomment this if you want your log files compressed
#compress

# gzip À» ÀÌ¿ë ¾ÐÃàÇÑ´Ù.


# RPM packages drop log rotation information into this directory
include /etc/logrotate.d

# /etc/logrotate.d ÆÄÀÏ ¶Ç´Â µð·ºÅä¸® ¾È¿¡ ÀÖ´Â ÆÄÀÏÀ» ÀÐ¾îµéÀÎ´Ù.
# Âü°í·Î ÇÊÀÚÀÇ ¼­¹ö¿¡´Â ´ÙÀ½°ú °°Àº ±âº»¼³Á¤ ÆÄÀÏÀÌ ÀÖ´Ù.
# ls /etc/logrotate.d
# apache  cron  ftpd  named  samba  squid  syslog
# ¿©±â¼­ °¡Àå Áß¿äÇÑ syslog´Â messages, secure, maillog, spooler, 
# bootlog ·Î ±¸¼º 



# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
    monthly
    create 0664 root utmp
    rotate 1
}

# ¸Å¿ù¸¶´Ù ¼øÈ¯½ÃÅ´
# create ´Â ¼øÈ¯ÈÄ Áï½Ã (postrotate ½ºÅ©¸³Æ®¸¦ ½ÇÇà½ÃÅ°±âÀü¿¡)
# ·Î±× ÆÄÀÏÀ» »ý¼ºÇÑ´Ù. µÚ¿¡¼­ ¼³¸íÇÒ °ÍÀÌÁö¸¸ postrotate´Â
# ·Î±×ÆÄÀÏÀ» ¼øÈ¯ÇÑÈÄ ÁøÇàÇÒ ÀÛ¾÷À» ¸í½ÃÇÑ´Ù. 
# 0664 ´Â »ý¼ºÇÏ´Â ÆÄÀÏÀÇ Çã°¡±Ç,  root ´Â ¼ÒÀ¯ÀÚ, utmp ´Â ±×·ì
# rotate 1 Àº À§¿¡¼­ ¼³¸íÇß´Ù. ±×·±µ¥ °³º°ÀûÀ¸·Î ¼³Á¤ÇÏ¸é
# ÃÊ±â¿¡ ¼³Á¤ÇÑ weekly ´Â ¹«½ÃµÇ °³º° ¼³Á¤À» µû¸¥´Ù
# ±×·¯¹Ç·Î ¿©±â¿¡¼­´Â ÀÌÀüÀÇ ·Î±×ÆÄÀÏÀÌ 1°³¸¸ ³²À»°ÍÀÌ´Ù.
# (¿øº» Á¦¿Ü)
# Âü°í·Î ±âº»ÀûÀ¸·Î syslog¿¡¼­´Â 600À¸·Î Çã°¡±ÇÀ» ¼³Á¤ÇÑ´Ù.
# ´Ù¸¥ ´©±¸µµ ·Î±×ÆÄÀÏ¿¡ Á¢±ÙÇÏ¸é ¾ÈµÇ±â ¶§¹®ÀÌ´Ù.


/var/log/lastlog {
    monthly
    rotate 1
}

# system-specific logs may be configured here



ÀÌÁ¦ ¸î°¡Áö ÁÖ¿äÇÑ ¿É¼Ç¿¡ ´ëÇØ¼­ »ìÆìº¸ÀÚ.

¤· ¼øÈ¯ÇÒ ±â°£ ¼³Á¤ : daily, weekly, monthly µî
¿©±â¿¡ size ¸¦ ÀÌ¿ëÇØ Å©±â±îÁö ¼³Á¤ÇÒ ¼ö ÀÖ´Ù.
Á¢¼ÓÀÌ ¸¹¾Æ¼­ ·Î±×ÆÄÀÏÀÌ ¾öÃ»³ª°Ô ´Ã¾î³ª´Â °æ¿ì¿¡´Â
size(±âº» kilobytes)¸¦ ÀÌ¿ë Á¦¾îÇØ¾ß ÇÒ °ÍÀÌ´Ù.
size 100k(= size 100)


¤· ¾ÐÃà¼³Á¤ : compress 
gzipÀ¸·Î ÀÌÀü ·Î±×ÆÄÀÏÀ» ¾ÐÃàÇÑ´Ù.
°ø°£À» Àý¾àÇÒ ¼ö ÀÖ´Ù.
ÀÌ ¿É¼ÇÀ» ¾ø¾Ö·Á¸é ÁÖ¼®À» ´ÞµçÁö ¾Æ´Ï¸é
nocompress(±âº»°ª) »ç¿ë

¤· ¸ÞÀÏ¼³Á¤ : error, mail
error taejun    -> ¿¡·¯¸¦ taejun ÀÌ¶ó´Â »ç¿ëÀÚ¿¡°Ô º¸³¿
mail taejun -> ·Î±×ÆÄÀÏÀ» ¼øÈ¯½ÃÅ°°í ³ªÁß¿¡ »èÁ¦ÇØ¾ßÇÒ¶§
               »èÁ¦ÇÏÁö ¾Ê°í ¸ÞÀÏ·Î º¸³»´Â °ÍÀÌ´Ù. 

¤· ·Î±×ÆÄÀÏ »ý¼º
create mode owner group (±âº»°ª)
À§¿¡¼­ »ç¿ë¿¹´Â ¼³¸íÇß´Ù. create ¸¦ ÁöÁ¤ÇÏ¸é ¼øÈ¯ÈÄ ·Î±×
ÆÄÀÏÀ» »ý¼ºÇÑ´Ù. ¹Ý´ë´Â nocreate 

¤· ¼øÈ¯°£°Ý : rotate count
ÀÌÀü ·Î±×ÆÄÀÏÀÌ »èÁ¦µÇ°Å³ª ¸ÞÀÏ·Î º¸³»±âÀü¿¡ ¼øÈ¯À» ÇÒ
È½¼ö ÁöÁ¤. ¿©±â¼­ 0À¸·Î ÁöÁ¤ÇÏ¸é ¿¹Àü ·Î±×ÆÄÀÏÀº
¹«Á¶°Ç »èÁ¦µÈ´Ù.


¤· ÁöÁ¤ÇÑ ·Î±×ÆÄÀÏÀÌ ¾øÀ» °æ¿ì : missingok, nomissingok
·Î±×ÆÄÀÏÀÌ ¾øÀ¸¸é ±âº»Àº ¿¡·¯¸¦ ³½´Ù(nomissingok, ±âº»°ª).
missingok ¸¦ ÁöÁ¤ÇÏ¸é ¾ø´õ¶óµµ ¿¡·¯¸¦ ³»Áö´Â ¾Ê´Â´Ù.


¤· ·Î±×ÆÄÀÏÀÇ ³»¿ëÀÌ ¾øÀ» °æ¿ì(ºñ¾îÀÖÀ»°æ¿ì)
±âº»Àº ifempty·Î ³»¿ëÀÌ ºñ¾ú¾îµµ ¼øÈ¯À» ÇÑ´Ù.
¼øÈ¯À» ÇÏÁö ¾Êµµ·Ï ÇÏ·Á¸é notifempty ¸¦ ÁöÁ¤ÇÏ¸é µÈ´Ù.


¤· ¼øÈ¯ÈÄ ÀÛ¾÷ : postrotate/endscript
¼øÈ¯ÇÏ±âÀü ÀÛ¾÷À» ÇÏ·Á¸é prerotate/endscript
¸¦ »ç¿ëÇÑ´Ù. ÀÏ¹ÝÀûÀ¸·Î´Â ¼øÈ¯ÈÄ ÀÛ¾÷À» ÇÒ °ÍÀÌ´Ù.
¿¹¸¦ µé¾î ¸ÞÀÏ°ü·Ã ·Î±×¸¦ »õ·Î »ý¼ºÇßÀ¸¸é syslogd¸¦
´Ù½Ã °¡µ¿½ÃÄÑ¾ß ÇÒ °ÍÀÌ´Ù. ÀÌ·±°ÍµéÀ» ÁöÁ¤ÇÑ´Ù.

¤· ÆÄÀÏ ¶Ç´Â µð·ºÅä¸® Æ÷ÇÔ : include
´Ù¸¥ ÆÄÀÏÀÌ³ª µð·ºÅä¸®¾ÈÀÇ ÆÄÀÏÀ» Æ÷ÇÔÇÒ °æ¿ì




ÀÚ ÀÌ¿¡ À§ÀÇ ³»¿ëÀ» Åä´ë·Î ¸ÞÀÏÀÇ ·Î±×¸¦ Á¶Á¤ÇØº¸ÀÚ.
¿©±â¼­´Â /etc/logrotate.d/syslog ¿¡¼­ ¸ÞÀÏ¼­¹öÀÇ
·Î±×¸¸ µû·Î Ã³¸®¸¦ ÇØº¸°Ú´Ù.  

# vi /etc/logrotate.d/maillog
weekly
size 500k
rotate 4
compress
errors admin
mail admin
nomissingok
create 0644 root root
/var/log/maillog   {
	postrotate
		/usr/bin/killall -HUP syslogd
	endscript
}


/var/log/messages  {
	postrotate
		/usr/bin/killall -HUP syslogd
	endscript
}
	

À§ÀÇ ¿¹Á¦´Â ±×³É Âü°í·Î ¸¸µç °ÍÀÌ¹Ç·Î µû¶óÇÒ ÇÊ¿ä´Â ¾ø´Ù.
¸ÅÁÖ¸¶´Ù ÇÑ¹ø½Ä ¼øÈ¯½ÃÅ°°í Å©±â°¡ 500k°¡ ³ÑÁö ¾Êµµ·Ï ÇÏ¸ç
¼øÈ¯ÇÑ ÆÄÀÏÀº ¾ÐÃàÀ» ÇÑ´Ù. ¿¡·¯¸¦ admin ÀÌ¶ó´Â »ç¿ëÀÚ¿¡°Ô
º¸³»°í ¼øÈ¯ÈÄ »èÁ¦ÇÒ ÆÄÀÏÀ» ¸ÞÀÏ·Î admin ¿¡°Ô º¸³½´Ù.
¸¸¾à ·Î±×ÆÄÀÏÀÌ ¾øÀ¸¸é ¿¡·¯¸¦ ³»¸ç ¼øÈ¯ÈÄ ÆÄÀÏÀ» »ý¼º½ÃÅ°°í
ÀÌ ÆÄÀÏÀÇ ¸ðµå´Â 0644 ·Î ¼ÒÀ¯ÀÚ¿Í ±×·ìÀº root ·Î ÇÑ´Ù.


¼­ºñ½ºÀÇ ±Ô¸ð¿¡ µû¶ó ·Î±×ÆÄÀÏÀ» ¼øÈ¯ÇÒ ÁÖ±â¸¦ ´õ Âª°Ô Àâ¾Æ¾ß
ÇÑ´Ù. Å©±â¸¦ ÁöÁ¤ÇÏ´Â°ÍÀÌ ¿©·¯¸ð·Î È¿À²ÀûÀÏ °ÍÀÌ´Ù. 




3. ¸¶Ä¡¸ç
¿©±â±îÁö ÀÐ¾ú´Ù¸é ´ë·« ½Ã½ºÅÛÀÇ ·Î±×°¡ ¾î¶»°Ô ÀÛ¼ºµÇ°í
¾î¶»°Ô °ü¸®¸¦ ÇØ¾ßÇÒÁö °¨À» Àâ¾ÒÀ» °ÍÀÌ´Ù.
½Ã½ºÅÛÀÌ ³ª»Ú´Ù´Â °ÍÀ» Å¿ÇÏÁö Àü¿¡ °ü¸®ÀÚ°¡ ¾ó¸¶³ª 
½Ã½ºÅÛÀÇ »óÅÂ¸¦ ÁÖ±âÀûÀ¸·Î Á¡°ËÇÏ°í ÃÖÀûÈ­ÇÏ´ÂÁö°¡
Áß¿äÇÏ´Ù.




### Âü°í : ¼­¹ö ·Î±×¸¦ ´Ù¸¥ È£½ºÆ®¿¡ ±â·ÏÇÏ±â

Å¬·¯½ºÅÍ¸µ ½Ã½ºÅÛÀ» ±¸¼ºÇÏ´Â °æ¿ì ¿©·¯ ¼­¹ö·Î ·Î±×°¡ ³ª´©¾îÁý´Ï´Ù. 
ÀÌ·² °æ¿ì Áß¾ÓÀÇ °ü¸®ÀÚ¿ë ¼­¹ö·Î ·Î±×¸¦ ÁýÁß½ÃÅ³ ¼ö ÀÖ½À´Ï´Ù. 


1. ¸ÕÀú È®ÀÎÇØ¾ß ÇÒ °Í 
/etc/services 
syslog 514/udp 

·Î±×¸¦ ¸¸µå´Â ÂÊ°ú ¹Þ´Â ÂÊ µÎ±ºµ¥¿¡¼­ ´Ù ÇÊ¿äÇÕ´Ï´Ù. 
º¸Åë ±âº» ¼³Á¤µÇ¾îÀÖÀ» °ÍÀÔ´Ï´Ù. 
¸Þ½ÃÁö¸¦ ÁÖ°í¹Þ´Âµ¥ UDP Æ÷Æ®°¡ ÇÊ¿äÇÏ±â ¶§¹®ÀÔ´Ï´Ù. 


2. ·Î±×¸¦ ÀÛ¼ºÇÏ´Â ¼­¹ö¿¡¼­ ÇÊ¿äÇÑ ¼³Á¤. 

/etc/syslog.conf 

mail.info @admin 

ÀÌ°Ç mail.info ¿¡ ÇØ´çÇÏ´Â ·Î±×¸¦ admin ÀÌ¶ó´Â È£½ºÆ®·Î º¸³»´Â °ÍÀÔ´Ï´Ù. 

ÀÌ¿ÕÀÌ¸é adminÀº DNS¿¡ ¹®Á¦°¡ »ý±æ ¼öµµ ÀÖÀ¸¹Ç·Î /etc/hosts¿¡ µî·ÏÇØ
µÎ´Â °ÍÀÌ ÁÁÀ» °ÍÀÔ´Ï´Ù. 

ÇÊ¿äÇÏ´Ù¸é *.* À» ÀÌ¿ë ÀüºÎ¸¦ ´Ù º¸³¾ ¼öµµ ÀÖ°ÚÁö¿ä. 
ÀÌ°Ô ÁÁÀº°Ô ¹¹³Ä¸é ½Ã½ºÅÛÀÌ ¸ÀÀÌ °¡´õ¶óµµ ¿ø°Ý È£½ºÆ®¿¡µµ ·Î±× ÆÄÀÏÀÌ 
³²À¸¹Ç·Î ³ªÁß¿¡ ºÐ¼®À» ÇÒ ¼ö ÀÖ´Ù´Â °ÍÀÔ´Ï´Ù. 


3. ·Î±×¸¦ ¹Þ´Â ¼­¹ö¿¡¼­ ÇÊ¿äÇÑ ¼³Á¤ 
syslogd ´ë¸óÀ» ½ÃÀÛÇÒ¶§ Ãß°¡ ¿É¼ÇÀÌ ÇÊ¿äÇÕ´Ï´Ù. 
·¹µåÇÞÀÇ °æ¿ì ½ÃÀÛÆÄÀÏÀº ´ÙÀ½°ú °°Àº ÇüÅÂÀÏ °ÍÀÔ´Ï´Ù. 

/etc/rc.d/init.d/syslog 

¿©±â¼­ ´ë¸óÀ» ½ÃÀÛÇÏ´Â ¿É¼ÇÀ¸·Î 

daemon syslogd -m 0 -r -h 

ÀÌ·¸°Ô »ç¿ëÀ» ÇÕ´Ï´Ù. 

-m 0 : ±âº»¼³Á¤µÇ¾îÀÖ´Â°ÍÀ¸·Î º¯°æÇÏÁö ¾Ê¾Æµµ µË´Ï´Ù. ÀÌ°Ç ÁöÁ¤ÇÑ ºÐµ¿¾È¿¡ 
	MARK ¶ó°í ·Î±×ÆÄÀÏ¿¡ ±â·ÏÀ» ÇÕ´Ï´Ù. 0ÀÌ¸é ±â·ÏÀ» ÇÏÁö ¾Ê´Â °ÍÀÌÁö¿ä. 
-r : ÀÎÅÍ³Ý µµ¸ÞÀÎ ¼ÒÄÏÀ» ÀÌ¿ëÇØ ³×Æ®¿÷¿¡¼­ ¸Þ½ÃÁö¸¦ ¹Þ´Â ¿É¼Ç 
-h : ±âº»ÀûÀ¸·Î syslogd´Â ¿ø°Ý È£½ºÆ®¿¡¼­ ¹ÞÀº ¸Þ½ÃÁö¸¦ ·Î±× ±â·ÏÀ¸·Î Àü¼ÛÇÏÁö
       ¾Ê½À´Ï´Ù. ÀÌ ¿É¼ÇÀ» »ç¿ëÇÏ¿© ¿ø°Ý È£½ºÆ®¿¡¼­ ¹ÞÀº ·Î±×ÆÄÀÏÀ» Àü¼ÛÇÕ´Ï´Ù. 
      (Àü¼ÛÀÌ¶õ ¹ÞÀº ÂÊÀÇ ·Î±× ÆÄÀÏ¿¡ ±â·ÏÇÑ´Ù°í »ý°¢ÇÏ¸é µË´Ï´Ù) 

man syslogd ¸¦ ÇØº¸¸é µµ¿òÀ» ¾òÀ» ¼ö ÀÖ½À´Ï´Ù. 

syslogdÀÇ º¸¾ÈÀ» À§ÇÑ º¸¾È ÆÐÅ°Áöµµ ÀÖ½À´Ï´Ù. 

http://www.core-sdi.com/english/freesoft.htm 
secure system logging tool ÀÔ´Ï´Ù. 
±×·±µ¥ Áö¿øÇÏ´Â °ÍÀ» º¸¸é ½½·¢¿þ¾îÀÌ±º¿ä. 
ÄÄÆÄÀÏÇÏ¿© ¼³Ä¡ÇÏ´Â °ÍÀÌ´Ï±ñ ¹«³­È÷ ¼³Ä¡µÉ °ÍÀÌ¶ó ¿¹»óµÇ³×¿ä.