Petti - Kayan aikin Binciken Log Source na Buɗe don Linux SysAdmins
Petit kyauta ce kuma buɗe tushen tsarin Cygwin, wanda aka ƙera don bincika fayilolin log cikin hanzari a cikin mahallin kasuwanci.
An yi niyya don bin falsafar Unix na ƙananan sauri da sauƙin amfani, kuma ana iya amfani da shi don dubawa/goyan bayan nau'ikan fayilolin log daban-daban gami da syslog da fayilolin log Apache.
- Tallafi don nazarin log.
- Yana ganowa da goyan bayan tsarin fayil daban-daban (misali Syslog, Apache Access, Error Apache, Snort Log, Linux Secure Log, da raw log files).
- Tallafi don log Hashing .
- Yana goyan bayan zana layin umarni.
- Tallafawa don gano kalmomi da ƙidaya tare da gama-gari na tsaida kalmomin cikin bayanan log.
- Tallafawa don rage log ɗin don sauƙin karatu.
- Yana ba da tsoho daban-daban da masu tacewa na musamman.
- Yana goyan bayan hotunan yatsu, masu amfani wajen ganowa da ban da sa hannun sake yi.
- Yana ba da zaɓuɓɓukan fitarwa da yawa don manyan tashoshin allo da zaɓin haruffa da ƙari mai yawa.
A cikin wannan koyawa, za mu nuna muku yadda ake shigarwa da amfani da kayan aikin binciken log na Petit a cikin Linux don fitar da bayanai masu amfani daga rajistan ayyukan ta hanyoyi daban-daban.
Yadda ake Shigar da Amfani da Kayan Aikin Bincike na Log Petit a cikin Linux
Ana iya shigar da Petit daga tsoffin ma'ajiyar Debian/Ubuntu da abubuwan da suka samo asali, ta amfani da kayan aikin sarrafa fakitin da ya dace kamar yadda aka nuna a ƙasa.
$ sudo apt install petit
A kan tsarin RHEL/CentOS/Fedora, zazzagewa kuma shigar da kunshin .rpm kamar wannan.
# wget http://crunchtools.com/wp-content/files/petit/petit-current.rpm # rpm -i petit-current.rpm
Da zarar an shigar, lokaci yayi da za a ga ainihin amfanin Petit tare da misalai..
Wannan aiki ne mai sauƙi - yana taƙaita adadin layin da aka gano a cikin fayil ɗin log. Fitowar ta ta ƙunshi adadin layukan da aka samo a cikin log ɗin da kuma yadda ƙungiyar ta yi kama kamar yadda aka nuna a ƙasa.
# petit --hash /var/log/yum.log OR # petit --hash --fingerprint /var/log/messages
2: Mar 18 14:35:54 Installed: libiec61883-1.2.0-4.el6.x86_64 2: Mar 18 15:25:18 Installed: xorg-x11-drv-i740-1.3.4-11.el6.x86_64 1: Dec 16 12:36:23 Installed: 5:mutt-1.5.20-7.20091214hg736b6a.el6.x86_64 1: Dec 16 12:36:22 Installed: mailcap-2.1.31-2.el6.noarch 1: Dec 16 12:40:49 Installed: mailx-12.4-8.el6_6.x86_64 1: Dec 16 12:40:20 Installed: man-1.6f-32.el6.x86_64 1: Dec 16 12:43:33 Installed: sysstat-9.0.4-31.el6.x86_64 1: Dec 16 12:36:22 Installed: tokyocabinet-1.4.33-6.el6.x86_64 1: Dec 16 12:36:22 Installed: urlview-0.9-7.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:40:19 Installed: xz-lzma-compat-4.999.9-0.5.beta.20091007git.el6.x86_64 1: Dec 16 12:43:31 Updated: 2:tar-1.23-15.el6_8.x86_64 1: Dec 16 12:43:31 Updated: procps-3.2.8-36.el6.x86_64 1: Feb 18 12:40:27 Erased: mysql 1: Feb 18 12:40:28 Erased: mysql-libs 1: Feb 18 12:40:22 Installed: MariaDB-client-10.1.21-1.el6.x86_64 1: Feb 18 12:40:12 Installed: MariaDB-common-10.1.21-1.el6.x86_64 1: Feb 18 12:40:10 Installed: MariaDB-compat-10.1.21-1.el6.x86_64 1: Feb 18 12:54:50 Installed: apr-1.3.9-5.el6_2.x86_64 ......
Yin amfani da zaɓin --daemon yana taimakawa wajen fitar da ainihin rahoton layukan da aka samar ta takamaiman tsarin daemon kamar yadda aka nuna a misalin da ke ƙasa.
# petit --hash --daemon /var/log/syslog
847: vmunix: 48: CRON[#]: 30: dhclient[#]: 26: nm-dispatcher: 14: rtkit-daemon[#]: 6: smartd[#]: 5: ntfs-#g[#]: 4: udisksd[#]: 3: mdm[#]: 2: ag[#]: 2: syslogd 1: cinnamon-killer-daemon: 1: cinnamon-session[#]: 1: pulseaudio[#]:
Don nemo duk adadin layukan da wani runduna ya samar, yi amfani da tutar --host kamar yadda aka nuna a ƙasa. Wannan na iya zama da amfani yayin nazarin fayilolin log don fiye da runduna ɗaya.
# petit --host /var/log/syslog 999: tecmint
Ana amfani da wannan aikin don bincika da nuna mahimman kalmomi a cikin fayil ɗin log.
# petit --wordcount /var/log/syslog
845: [ 97: [mem 75: ACPI: 64: pci 62: debian-sa# 62: to 51: USB 50: of 49: device 47: && 47: (root) 47: CMD 47: usb 41: systemd# 36: ACPI 32: > 32: driver 32: reserved 31: (comm# 31: -v
Wannan yana aiki a tsarin maɓalli/ƙimar mashaya, don kwatankwacin rarrabawar gefe da gefe kamar yadda aka nuna a misalan da ke ƙasa.
Don zana daƙiƙa 60 na farko a cikin syslog, yi amfani da tutar --sgrapg kamar wannan.
# petit --sgraph /var/log/syslog
# # # # # ############################################################ 59 29 58 Start Time: 2017-06-08 09:45:59 Minimum Value: 0 End Time: 2017-06-08 09:46:58 Maximum Value: 1 Duration: 60 seconds Scale: 0.166666666667
Wannan misalin yana nuna yadda ake waƙa da zana takamaiman kalma (misali \dhcp a cikin umarnin da ke ƙasa) a cikin fayil ɗin log.
# cat /var/log/messages | grep error | petit --mgraph
# # # # # # # # # # # # # # # ############################################################ 10 40 09 Start Time: 2017-06-08 10:10:00 Minimum Value: 0 End Time: 2017-06-08 11:09:00 Maximum Value: 2 Duration: 60 minutes Scale: 0.333333333333
Bugu da ƙari, don nuna samfurori don kowane shigarwa a cikin fayil ɗin log, yi amfani da zaɓin -allsamfurori kamar wannan.
# petit --hash --allsample /var/log/syslog
Muhimman Fayilolin Petit:
- /var/lib/petit/fingerprint_library - ana amfani da shi don gina fayilolin zanen yatsa na al'ada.
- /var/lib/petit/farfin yatsu (jimillar fayilolin yatsa) - ana amfani da su don tace sake yi da sauran abubuwan da mai gudanar da tsarin bai ɗauka suna da mahimmanci ba.
- /var/lib/petit/filters/
Don ƙarin bayani da zaɓuɓɓukan amfani, karanta shafin ɗan ƙaramin mutum kamar wannan.
# man petit OR # petit -h
Shafin Farko: http://crunchtools.com/software/petit/
Hakanan karanta ta waɗannan jagororin masu amfani game da sa ido da sarrafa log in Linux:
- 4 Kyawawan Buɗaɗɗen Tushen Shigar Bayanan Kulawa da Kayan Aikin Gudanarwa don Linux
- Yadda ake Sarrafa rajistan ayyukan tsarin (Shirya, Juyawa da Shigowa cikin Database) a cikin Linux
- Yadda ake Saita da Sarrafa jujjuya rajista ta amfani da Logrotate a cikin Linux
- Mai lura da Sabar sabar a cikin ainihin lokaci tare da kayan aikin Log.io akan Linux
Kuna iya aiko mana da kowace tambaya ta hanyar bayanin da ke ƙasa ko wataƙila ku raba tare da mu bayani game da kayan aikin bincike masu amfani don Linux a can, waɗanda kuka ji ko kun ci karo da su.