12:13:53
|
#screen
|
| /l3/users/katasonov/xg-ids/linux1.unix.nt/user :1 :2 :3 :4 :5 :6 :7 :8 :9 |
|
|
$su -
Password: l3-agent is already running: pid=1387; pidfile=/root/.lilalo/l3-agent.pid |
|
#screen
|
|
#ps ax
PID TTY STAT TIME COMMAND
1 ? S 0:00 ini
2 ? S 0:00 [keventd]
3 ? SN 0:00 [ksoftirqd_CPU0]
4 ? S 0:00 [kswapd]
5 ? S 0:00 [bdflush]
6 ? S 0:00 [kupdated]
99 ? S 0:00 [kjournald]
121 ? S 0:00 [kjournald]
122 ? S 0:00 [kjournald]
...
2244 pts/6 Ss+ 0:00 script -f -q /home/user/.lilalo//2880111551088016541-1163412823.script
2248 ? Ss 0:01 l3-agent
2281 pts/6 S+ 0:00 script -f -q /home/user/.lilalo//2880111551088016541-1163412823.script
2282 pts/7 Ss 0:00 bash -i
2303 pts/7 S+ 0:00 script -f -q /root/.lilalo//10996313191955626717-1163412833.script
2340 pts/7 S+ 0:00 script -f -q /root/.lilalo//10996313191955626717-1163412833.script
2341 pts/8 Ss 0:00 bash -i
2374 pts/4 S+ 0:01 apt-get install screen
2376 pts/4 S+ 0:00 /usr/lib/apt/methods/http
2377 pts/8 R+ 0:00 ps ax
|
|
$pkill -1 l3-agent
pkill: 18581 - Operation not permitted |
|
$ls
Desktop |
|
$ls -l
total 4 drwxr-sr-x 3 user user 4096 2006-11-13 11:53 Desktop |
|
$/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:01:D4:D3:6F
inet addr:192.168.15.202 Bcast:192.168.15.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:387244 errors:0 dropped:0 overruns:0 frame:0
TX packets:217998 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:550874381 (525.3 MiB) TX bytes:14600491 (13.9 MiB)
Interrupt:18 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:337 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24773 (24.1 KiB) TX bytes:24773 (24.1 KiB)
|
|
$/sbin/ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:01:D4:D3:6F
inet addr:192.168.15.202 Bcast:192.168.15.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:387288 errors:0 dropped:0 overruns:0 frame:0
TX packets:218029 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:550900396 (525.3 MiB) TX bytes:14604401 (13.9 MiB)
Interrupt:18 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:337 errors:0 dropped:0 overruns:0 frame:0
TX packets:337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:24773 (24.1 KiB) TX bytes:24773 (24.1 KiB)
|
|
$ssh 192.168.15.2
The authenticity of host '192.168.15.2 (192.168.15.2)' can't be established. RSA key fingerprint is 83:9c:c8:c5:34:ca:c9:70:35:79:ab:6d:db:5e:72:43. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.15.2' (RSA) to the list of known hosts. Password: Linux linux2 2.4.27-2-686 #1 Mon May 16 17:03:22 JST 2005 i686 GNU/Linux The programs included with the Debian GNU/Linux system are free software; the exact distribution terms for each program are described in the individual files in /usr/share/doc/*/copyright. Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent permitted by applicable law. You have mail. Last login: Mon Nov 13 11:57:27 2006 Removing stale pidfile |
|
$su -
Password: l3-agent is already running: pid=18581; pidfile=/root/.lilalo/l3-agent.pid |
|
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:01:D4:D3:6F
inet addr:192.168.15.202 Bcast:192.168.15.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:389576 errors:0 dropped:0 overruns:0 frame:0
TX packets:220302 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:551311829 (525.7 MiB) TX bytes:14770219 (14.0 MiB)
Interrupt:18 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:357 errors:0 dropped:0 overruns:0 frame:0
TX packets:357 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26072 (25.4 KiB) TX bytes:26072 (25.4 KiB)
|
|
#/etc/init.d/networking restart
Setting up IP spoofing protection: rp_filter. Reconfiguring network interfaces...ifup: interface lo already configured Ignoring unknown interface eth1=eth1. done. |
|
#ifconfig
eth0 Link encap:Ethernet HWaddr 00:0A:01:D4:D3:6F
inet addr:192.168.15.1 Bcast:192.168.15.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:389605 errors:0 dropped:0 overruns:0 frame:0
TX packets:220337 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:551315183 (525.7 MiB) TX bytes:14777822 (14.0 MiB)
Interrupt:18 Base address:0xa000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:357 errors:0 dropped:0 overruns:0 frame:0
TX packets:357 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26072 (25.4 KiB) TX bytes:26072 (25.4 KiB)
|
|
#vi /etc/init.d/sysklogd
|
|
#/etc/init.d/sysklogd restart
Restarting system log daemon: syslogd. |
|
#tail -f /var/log/messages
Nov 13 16:51:07 localhost kernel: [drm] AGP 0.99 Aperture @ 0xe0000000 64MB Nov 13 16:51:07 localhost kernel: [drm] Initialized r128 2.2.0 20010917 on minor 0 Nov 13 16:54:05 localhost gconfd (user-18307): starting (version 2.8.1), pid 18307 user 'user' Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0 Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readwrite:/home/user/.gconf" to a writable configuration source at position 1 Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2 Nov 13 17:19:36 localhost -- MARK -- Nov 13 17:37:25 localhost exiting on signal 15 Nov 13 12:37:26 linux1 syslogd 1.4.1#17: restart (remote reception). Nov 13 12:38:04 yuriksat.yuriksat.linux.nt logger: Hello Nov 13 12:40:23 linux2.linux.nt 00000000 00 1e bf ab d4 23 82 de 25 c1 1a 2d d4 df 7e ad |..¿«Ô#.Þ%Á.-Ôß~| 00000010 ec 7c 8c d1 fc b9 d4 2d ea 32 98 b5 de 8d c4 0d |ì|.Ñü¹Ô-ê2.µÞ.Ä.| 00000020 8a c9 a7 a7 dc e0 b9 6e cd 14 15 80 19 5c 49 57 |.ɧ§Üà¹nÍ....\IW| 00000030 ae d5 8f 8f 23 a5 c8 36 11 56 8d e7 2f ed 49 75 |®Õ..#¥È6.V.ç/íIu| 00000040 88 73 2e a3 a2 ed 91 60 11 08 b5 c1 ea b0 Nov 13 12:41:35 linux2.linux.nt _____________ < Linux Rulez > ------------- \ / \ //\ \ |\___/| / \// \\ /0 0 \__ / // | \ \ / / \/_/ // | \ \ @_^_@'/ \/_ // | \ \ //_^_/ \/_ // | \ \ ( //) | \/// | \ \ ( / /) _|_ / ) // |
|
$ssh root@192.168.15.1
The authenticity of host '192.168.15.1 (192.168.15.1)' can't be established. RSA key fingerprint is 6d:b0:79:89:b6:a7:37:ad:ed:71:5a:6a:a7:62:1b:5e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.15.1' (RSA) to the list of known hosts. Password: Last login: Mon Nov 13 12:04:54 2006 from 192.168.15.254 l3-agent is already running: pid=18581; pidfile=/root/.lilalo/l3-agent.pid |
|
#exit
Connection to 192.168.15.1 closed. |
|
$ssh root@192.168.15.2
Password: Last login: Mon Nov 13 12:13:08 2006 from 192.168.15.254 l3-agent is already running: pid=1387; pidfile=/root/.lilalo/l3-agent.pid |
|
#tail -f /var/log/messages
Nov 13 16:54:05 localhost gconfd (user-18307): starting (version 2.8.1), pid 18307 user 'user'
Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readwrite:/home/user/.gconf" to a writable configuration source at position 1
Nov 13 16:54:05 localhost gconfd (user-18307): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Nov 13 17:19:36 localhost -- MARK --
Nov 13 17:37:25 localhost exiting on signal 15
Nov 13 12:37:26 linux1 syslogd 1.4.1#17: restart (remote reception).
Nov 13 12:38:04 yuriksat.yuriksat.linux.nt logger: Hello
Nov 13 12:40:23 linux2.linux.nt 00000000 00 1e bf ab d4 23 82 de 25 c1 1a 2d d4 df 7e ad |..¿«Ô#.Þ%Á.-Ôß~| 00000010 ec 7c 8c d1 fc b9 d4 2d ea 32 98 b5 de 8d c4 0d |ì|.Ñü¹Ô-ê2.µÞ.Ä.| 00000020 8a c9 a7 a7 dc e0 b9 6e cd 14 15 80 19 5c 49 57 |.ɧ§Üà¹nÍ....\IW| 00000030 ae d5 8f 8f 23 a5 c8 36 11 56 8d e7 2f ed 49 75 |®Õ..#¥È6.V.ç/íIu| 00000040 88 73 2e a3 a2 ed 91 60 11 08 b5 c1 ea b0
Nov 13 12:41:35 linux2.linux.nt _____________ < Linux Rulez > ------------- \ / \ //\ \ |\___/| / \// \\ /0 0 \__ / // | \ \ / / \/_/ // | \ \ @_^_@'/ \/_ // | \ \ //_^_/ \/_ // | \ \ ( //) | \/// | \ \ ( / /) _|_ / ) //
...
Nov 13 12:42:20 linux2.linux.nt logger: ( //) | \/// | \ \
Nov 13 12:42:20 linux2.linux.nt logger: ( / /) _|_ / ) // | \ _\
Nov 13 12:42:20 linux2.linux.nt logger: ( // /) '/,_ _ _/ ( ; -. | _ _\.-~ .-~~~^-.
Nov 13 12:42:20 linux2.linux.nt logger: (( / / )) ,-{ _ `-.|.-~-. .~ `.
Nov 13 12:42:20 linux2.linux.nt logger: (( // / )) '/\ / ~-. _ .-~ .-~^-. \
Nov 13 12:42:20 linux2.linux.nt logger: (( /// )) `. { } / \ \
Nov 13 12:42:20 linux2.linux.nt logger: (( / )) .----~-.\ \-' .~ \ `. \^-.
Nov 13 12:42:20 linux2.linux.nt logger: ///.----..> \ _ -~ `. ^-` ^-_
Nov 13 12:42:20 linux2.linux.nt logger: ///-._ _ _ _ _ _ _}^ - - - - ~ ~-- ,.-~
Nov 13 12:42:20 linux2.linux.nt logger: /.-~
|
|
#apt
apt-cache apt-extracttemplates apt-setup apt-cdrom apt-ftparchive apt-sortpkgs apt-config apt-get aptitude |
|
#apt
apt-cache apt-extracttemplates apt-setup apt-cdrom apt-ftparchive apt-sortpkgs apt-config apt-get aptitude |
|
#apt-get install sislog-ng
[root@linux2:root]# dpkg -L cowsay | grep dra /usr/share/cowsay/cows/dragon-and-cow.cow [root@linux2:root]# echo Linux Rulez | cowsay -f /usr/share/cowsay/cows/dragon. [root@linux2:root]# echo Linux Rulez | cowsay -f /usr/share/cowsay/cows/dragon.cow ow | nc -u 192.168.15.1 514nux Rulez |cowsay -f /usr/share/cowsay/cows/dragon.cow [root@linux2:root]# echo Linux Rulez cowsay -f /usr/share/cowsay/cows/dragon.cow [root@linux2:root]# [root@linux2:root]# echo Linux Rulez | cowsay -f /usr/share/cowsay/cows/dragon.cow | logger [root@linux2:root]# apt-get install syslog-ng Reading package lists... 0% Reading Package Lists... Done Building Dependency Tree... Done E: Couldn't find package sislog-ng |
|
#apt-get install syslog-ng
Reading Package Lists... Done Building Dependency Tree... Done The following packages will be REMOVED: klogd sysklogd The following NEW packages will be installed: syslog-ng 0 upgraded, 1 newly installed, 2 to remove and 8 not upgraded. Need to get 215kB of archives. After unpacking 233kB of additional disk space will be used. Do you want to continue? [Y/n] ... Stopping kernel log daemon: klogd. Removing sysklogd ... Stopping system log daemon: syslogd. Selecting previously deselected package syslog-ng. (Reading database ... 86623 files and directories currently installed.) Unpacking syslog-ng (from .../syslog-ng_1.6.5-2.2_i386.deb) ... Setting up syslog-ng (1.6.5-2.2) ... CONSOLE_LOG_LEVEL is of unaccepted value. KERNEL_RINGBUF_SIZE is of unaccepted value. Starting system logging: syslog-ng. |
|
#str
strace strfile strings strip |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
$ssh root@192.168.15.2
Password: Last login: Mon Nov 13 12:40:34 2006 from linux1.linux.nt l3-agent is already running: pid=1387; pidfile=/root/.lilalo/l3-agent.pid |
|
$ssh root@192.168.15.2
Password: Last login: Mon Nov 13 12:46:38 2006 from linux202.linux.nt l3-agent is already running: pid=1387; pidfile=/root/.lilalo/l3-agent.pid |
|
#/etc/init.d/syslog-ng start
~ ~ ~ ~ ~ ~ ~ ~ CONSOLE_LOG_LEVEL is of unaccepted value. KERNEL_RINGBUF_SIZE is of unaccepted value. Starting system logging: syslog-ng start failed. |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#dpkg -L syslog-ng
/. /sbin /sbin/syslog-ng /usr /usr/share /usr/share/man /usr/share/man/man5 /usr/share/man/man5/syslog-ng.conf.5.gz /usr/share/man/man8 /usr/share/man/man8/syslog-ng.8.gz ... /etc/logcheck/ignore.d.paranoid /etc/logcheck/ignore.d.paranoid/syslog-ng /etc/logcheck/ignore.d.server /etc/logcheck/ignore.d.server/syslog-ng /etc/logcheck/ignore.d.workstation /etc/logcheck/ignore.d.workstation/syslog-ng /etc/init.d /etc/init.d/syslog-ng /etc/logrotate.d /etc/logrotate.d/syslog-ng |
|
#dpkg -L syslog-ng | grep /etc
/etc /etc/default /etc/default/syslog-ng /etc/syslog-ng /etc/syslog-ng/syslog-ng.conf /etc/logcheck /etc/logcheck/ignore.d.paranoid /etc/logcheck/ignore.d.paranoid/syslog-ng /etc/logcheck/ignore.d.server /etc/logcheck/ignore.d.server/syslog-ng /etc/logcheck/ignore.d.workstation /etc/logcheck/ignore.d.workstation/syslog-ng /etc/init.d /etc/init.d/syslog-ng /etc/logrotate.d /etc/logrotate.d/syslog-ng |
|
#less /etc/default/syslog-ng
|
|
#vi /etc/default/syslog-ng
|
|
#/etc/init.d/syslog-ng start
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Starting system logging: syslog-ng start failed. |
|
#less /usr/share/doc/syslog-ng/
|
|
#less /usr/share/doc/syslog-ng/README
|
|
#less /usr/share/doc/syslog-ng/README.Debian
|
|
#/etc/init.d/syslog-ng restart
pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. Starting system logging: syslog-ngsyntax error at 267 Parse error reading configuration file, exiting. (line 267) start failed. |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#/etc/init.d/syslog-ng restart
Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng not running. Starting system logging: syslog-ng. |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#/etc/init.d/syslog-ng restart
Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. Starting system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng restart
Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. Starting system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng restart
Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. Starting system logging: syslog-ng. |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#/etc/init.d/syslog-ng stop
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng start
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Starting system logging: syslog-ng. |
|
#less /etc/init.d/syslog-ng
|
|
#man dmesg
|
|
#vi /etc/default/syslog-ng
|
|
#/etc/init.d/syslog-ng start
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Starting system logging: syslog-ng start failed. |
|
#/etc/init.d/syslog-ng stop
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng start
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Starting system logging: syslog-ng. |
|
#vi /etc/default/syslog-ng
|
|
#vi /etc/default/syslog-ng
|
|
#vi /etc/init.d/syslog-ng
|
|
#/etc/init.d/syslog-ng stop
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Stopping system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng start
Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) JEDEC: Found no ICH2 rom device at location zero Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(1) Search for id:(ff ff) interleave(1) type(2) Search for id:(ff ff) interleave(1) type(2) ... shpchp: acpi_shpchprm:get_device PCI ROOT HID fail=0x1001 pci_hotplug: PCI Hot Plug PCI Core version: 0.5 pciehp: acpi_pciehprm:get_device PCI ROOT HID fail=0x1001 i810_rng: RNG not detected hw_random: RNG not detected cdrom: open failed. apm: BIOS version 1.2 Flags 0x07 (Driver version 1.16) [drm] AGP 0.99 Aperture @ 0xe0000000 64MB [drm] Initialized r128 2.2.0 20010917 on minor 0 Starting system logging: syslog-ng. |
|
#vi /etc/init.d/syslog-ng
|
|
#/etc/init.d/syslog-ng start
Starting system logging: syslog-ng start failed. |
|
#/etc/init.d/syslog-ng stop
Stopping system logging: syslog-ng. |
|
#/etc/init.d/syslog-ng start
Starting system logging: syslog-ng. |
|
#for f in auth authpriv cron daemon kern lpr mail mark news syslog user uucp local{0,1,2,3,4,5,6,7}
~ ~ ~ ~ > do > for p in debug info warn notice warning err crit alert emerg > do > logger -p $f.$p "Test f=$f p=$p" > done > done\ > |
|
#tail -n 20 /var/log/messages
Nov 13 14:42:25 linux1 logger: Test f=local5 p=warn Nov 13 14:42:25 linux1 logger: Test f=local5 p=notice Nov 13 14:42:25 linux1 logger: Test f=local5 p=warning Nov 13 14:42:25 linux1 logger: Test f=local6 p=info Nov 13 14:42:25 linux1 logger: Test f=local6 p=warn Nov 13 14:42:25 linux1 logger: Test f=local6 p=notice Nov 13 14:42:25 linux1 logger: Test f=local6 p=warning Nov 13 14:42:25 linux1 logger: Test f=local7 p=info Nov 13 14:42:25 linux1 logger: Test f=local7 p=warn Nov 13 14:42:25 linux1 logger: Test f=local7 p=notice Nov 13 14:42:25 linux1 logger: Test f=local7 p=warning |
|
#tail -n 20 /var/log/
~ ~ ~ ~ ~ ~ XFree86.0.log base-config.timings dirmngr.log kern.log lpr.log messages uucp.log XFree86.0.log.old btmp dmesg ksymoops mail.err news wtmp aptitude daemon.log exim4 lastlog mail.info scrollkeeper.log auth.log debian-installer fontconfig.log lp-acct mail.log syslog base-config.log debug gdm lp-errs mail.warn user.log |
|
#tail -n 20 /var/log/auth.log
Nov 13 19:17:01 linux1 CRON[19969]: (pam_unix) session opened for user root by (uid=0) Nov 13 19:17:01 linux1 CRON[19969]: (pam_unix) session closed for user root Nov 13 14:42:25 linux1 logger: Test f=auth p=debug Nov 13 14:42:25 linux1 logger: Test f=auth p=info Nov 13 14:42:25 linux1 logger: Test f=auth p=warn Nov 13 14:42:25 linux1 logger: Test f=auth p=notice Nov 13 14:42:25 linux1 logger: Test f=auth p=warning Nov 13 14:42:25 linux1 logger: Test f=auth p=err Nov 13 14:42:25 linux1 logger: Test f=auth p=crit Nov 13 14:42:25 linux1 logger: Test f=auth p=alert Nov 13 14:42:25 linux1 logger: Test f=auth p=emerg Nov 13 14:42:25 linux1 logger: Test f=authpriv p=debug Nov 13 14:42:25 linux1 logger: Test f=authpriv p=info Nov 13 14:42:25 linux1 logger: Test f=authpriv p=warn Nov 13 14:42:25 linux1 logger: Test f=authpriv p=notice Nov 13 14:42:25 linux1 logger: Test f=authpriv p=warning Nov 13 14:42:25 linux1 logger: Test f=authpriv p=err Nov 13 14:42:25 linux1 logger: Test f=authpriv p=crit Nov 13 14:42:25 linux1 logger: Test f=authpriv p=alert Nov 13 14:42:25 linux1 logger: Test f=authpriv p=emerg |
|
#tail -n 20 /var/log/mail.l
~ ~ ~ ~ ~ ~ ~ ~ tail: cannot open `/var/log/mail.l' for reading: No such file or directory |
|
#tail -n 20 /var/log/mail.log
Nov 13 14:42:25 linux1 logger: Test f=mail p=debug Nov 13 14:42:25 linux1 logger: Test f=mail p=info Nov 13 14:42:25 linux1 logger: Test f=mail p=warn Nov 13 14:42:25 linux1 logger: Test f=mail p=notice Nov 13 14:42:25 linux1 logger: Test f=mail p=warning Nov 13 14:42:25 linux1 logger: Test f=mail p=err Nov 13 14:42:25 linux1 logger: Test f=mail p=crit Nov 13 14:42:25 linux1 logger: Test f=mail p=alert Nov 13 14:42:25 linux1 logger: Test f=mail p=emerg |
|
#tail -n 20 /var/log/
XFree86.0.log base-config.timings dirmngr.log kern.log lpr.log messages uucp.log XFree86.0.log.old btmp dmesg ksymoops mail.err news wtmp aptitude daemon.log exim4 lastlog mail.info scrollkeeper.log auth.log debian-installer fontconfig.log lp-acct mail.log syslog base-config.log debug gdm lp-errs mail.warn user.log |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#mkfifo /var/log/mysql.pipe
|
|
#/etc/init.d/syslog-ng restart
Stopping system logging: syslog-ng. Starting system logging: syslog-ngunresolved reference: src Error initializing configuration, exiting. start failed. |
|
#vi /etc/syslog-ng/syslog-ng.conf
|
|
#/etc/init.d/syslog-ng stop
Stopping system logging: syslog-ng not running. |
|
#/etc/init.d/syslog-ng start
Starting system logging: syslog-ng. |
|
#ap
apm_available apropos apt-config apt-get aptitude appletproxy apt-cache apt-extracttemplates apt-setup appres apt-cdrom apt-ftparchive apt-sortpkgs |
|
#apt-get install mysqlserver
~ ~ ~ ~ ~ ~ ~ ~ Reading Package Lists... Done Building Dependency Tree... Done E: Couldn't find package mysqlserver |
|
#apt-get install mysql-server
Setting up libplrpc-perl (0.2017-1) ... Setting up libdbi-perl (1.46-6) ... Setting up libdbd-mysql-perl (2.9006-1) ... Setting up mysql-client (4.0.24-10sarge2) ... Setting up mysql-server (4.0.24-10sarge2) ... Stopping MySQL database server: mysqld. Starting MySQL database server: mysqld. Checking for crashed MySQL tables in the background. |
|
#mysql -u root
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 5 to server version: 4.0.24_Debian-10sarge2-log
Type 'help;' or '\h' for help. Type '\c' to clear the buffer.
mysql> CREATE DATABASE syslog;
Query OK, 1 row affected (0.00 sec)
mysql>
mysql> USE syslog;
Database changed
mysql> CREATE TABLE logs (
-> host varchar(32) default NULL,
...
mysql> REVOKE ALL PRIVILEGES ON syslog.* FROM syslog@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> REVOKE GRANT OPTION ON syslog.* FROM syslog@localhost;
ERROR 1141: There is no such grant defined for user 'syslog' on host 'localhost'
mysql> GRANT USAGE ON *.* TO syslog@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> GRANT SELECT ON syslog.* TO syslog@localhost;
Query OK, 0 rows affected (0.00 sec)
mysql> exit
Bye
|
|
#mkdir /var/log/backup
|
|
#chmod 600 /var/log/backup
|
|
#vi /usr/local/sbin/backup_syslog.sh
|
|
#apt-get install locales
x x x x x <Ok> <Cancel> x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj (Reading database ... 87029 files and directories currently installed.) Preparing to replace locales 2.3.2.ds1-22 (using .../locales_2.3.2.ds1-22sarge4_all.deb) ... Unpacking replacement locales ... Preparing to replace libc6 2.3.2.ds1-22 (using .../libc6_2.3.2.ds1-22sarge4_i386.deb) ... Unpacking replacement libc6 ... Setting up libc6 (2.3.2.ds1-22sarge4) ... Current default timezone: 'US/Eastern'. Local time is now: Mon Nov 13 15:18:58 EST 2006. |
|
#dpkg-reconfigure locales
x ru_UA.UTF-8 x x x x x x <Ok> <Cancel> x x x mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqj Generating locales... en_US.ISO-8859-1... done ru_RU.ISO-8859-5... done ru_RU.KOI8-R... done ru_RU.UTF-8... done ru_UA.KOI8-U... done ru_UA.UTF-8... done Generation complete. |
|
$date
Mon Nov 13 15:19:46 EST 2006 |
|
$date
Пнд Ноя 13 15:20:45 EST 2006 |
|
$su -
Password: l3-agent is already running: pid=18581; pidfile=/root/.lilalo/l3-agent.pid |
|
#locale
~ ~ ~ ~ ~ ~ ~ ~ locale localedef locale-gen |
|
#locale
LANG=POSIX LC_CTYPE="POSIX" LC_NUMERIC="POSIX" LC_TIME="POSIX" LC_COLLATE="POSIX" LC_MONETARY="POSIX" LC_MESSAGES="POSIX" LC_PAPER="POSIX" LC_NAME="POSIX" LC_ADDRESS="POSIX" LC_TELEPHONE="POSIX" LC_MEASUREMENT="POSIX" LC_IDENTIFICATION="POSIX" LC_ALL= |
|
#LANG="ru_RU.UTF-8"
~ ~ ~ ~ ~ ~ ~ ~ |
|
#date
Mon Nov 13 15:21:58 EST 2006 |
|
#locale
LANG=POSIX LC_CTYPE="POSIX" LC_NUMERIC="POSIX" LC_TIME="POSIX" LC_COLLATE="POSIX" LC_MONETARY="POSIX" LC_MESSAGES="POSIX" LC_PAPER="POSIX" LC_NAME="POSIX" LC_ADDRESS="POSIX" LC_TELEPHONE="POSIX" LC_MEASUREMENT="POSIX" LC_IDENTIFICATION="POSIX" LC_ALL= |
|
#echo $LANG
~ ~ ~ ~ ~ ~ ~ ~ ru_RU.UTF-8 |
|
#env LANG="ru_RU.UTF-8"
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/bin/X11 MAIL=/var/mail/root L3_SESSION_ID=2415514305286851695-1163439365 PWD=/root PS1=\[v2#\!#$?#$UID#$$#$(/bin/date +%s)$(l3_save_last_line)#$PWD#\033[1024D\033[K\]\[\033[0;31m\][\u@\h:\W]\$ \[\033[0m\] L3_HOME=/root/.lilalo/ HOME=/root SHLVL=1 LOGNAME=root _=/usr/bin/env LANG=ru_RU.UTF-8 |
| Время первой команды журнала | 12:13:43 2006-11-13 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 22:22:16 2006-11-13 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 100 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 12.00 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 0.00 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 1.84 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 0.91 | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008