yԲӦӽTꪺRHγƥtΪnzO@Өtκzӭni檺Ȥ@C
OnɩOH²檺ANOOtάʸTXɮסA
ҦpGɡBa (ӷ IP)BH (AȦW)BFʧ@ (Tno)C
yܻNOGOtΦbɭԥѭӵ{ǰF˪欰ɡAoͤFتƥC
nDOAڭ̪ Linux DbIU۷h daemons Pɦbu@ۡAoǤu@{`O|ܤ@ǰTA
oܪT̲|QOnɷաC]NOAOoǨtΪnTNOnɪu@աI
nɪn
nɫܭnAntκzݭnHɪ`NLOHڭ̥iHoG
- ѨMtΤ譱~G
Linux o[FAAӰӷ|o{tΥi|X{@ǿ~A]Aw鮻Ϊ̬OYǨtε{LkQB@pC
ɧAӦpOnHѩtη|Nw鳗L{ObnɤAAunzLdߵnɴNAѨtΧ@FԣơI
åBĤQCڭ̤]D SELinux
PnɪY[jPIҥHoAdߵnɥiHJA@ǨtΰDաI
- ѨMAȪDG
AibFYǺAȪ]wAo@LkQҰʸӪAȡAɸӫHhq̭ҶܡH
TӤljjiLkiDAnBzOIѩAȪUذDq`|QgJSOnɡA
AundߵnɴN|DXFtA٤ݭnХܤTӤljjաI|ҨӻApGALkҰʶlA (sendmail)A
dߤ@U /var/log/maillog q`iHo줣ѵI
- LƥOïG
oӪF۷nIҦpGAo{ WWW A (apache n) bYӮɨyqSOjAAQnAѬɡA
iHzLnɥhXӮɬqO IP bsuPdߪƬAND]C
~AU@ѧAtγQJIAåBQQΨӧLHDAѩQD|O̡A]A IP
N|QOCoӮɭԧAnpiADOѩQJIҾɭPDA
åBU~cNӷldOHIɵnɥiO۷nOI
ҥHڭ̱`yѧUۧU̡zOuաIAiHzL (1)ݿùW~TP
(2)nɪ~TAXGiHѨMj Linux DI
Linux `nɦW
nɥiHUڭAѫܦhtέnƥA]AnJ̪TA]nɪvq`O]wȦ root ŪӤwC
ӥѩnɥiHOtγohԲӸTAҥHաA@Ӧg窥Dz|HHad\@UۤvnɡA
HHɴxtΪ̷s߰ʡI`XӵnɦǩOH@ӨAUXӡG
- /var/log/cronG
ٰOoĤQҦʤu@Ƶ{aHA crontab Ƶ{SڳQiH
iL{SoͿ~HA /etc/crontab O_gTHboӵnɤd߬ݬݡC
- /var/log/dmesgG
OtΦb}ɭԮ֤߰L{ҲͪUTCѩ CentOS w]N}ɮ֤ߪw鳗L{ܡA
]B~NưO@boɮפF
- /var/log/lastlogG
iHOtΤWҦb̪@nJtήɪTCĤQ|쪺 lastlog
ONOQγoɮתOTܪC
- /var/log/maillog /var/log/mail/*G
OlӸTADnOO sendmail (SMTP wѪ) P dovecot (POP3 wѪ) ҲͪTաC
SMTP OoHҨϥΪqTwA POP3 hOHϥΪqTwC sendmail P dovecot hOOMFqTwnC
- /var/log/messagesG
oɮ۷nAXGtεoͪ~T (Ϊ̬OnT) |OboɮפF
pGtεoͲW~ɡAoɮO@wnd\nɤ@C
- /var/log/secureG
WAunoAyݭnJbKXznAnJ (nJTο~) |QObɮפC
]AtΪ login {BϧΤnJҨϥΪ gdm {B su, sudo {B٦su ssh, telnet {A
nJT|QObo̡F
- /var/log/wtmp, /var/log/faillogG
oɮץiHOTnJtΪ̪bT (wtmp) P~nJɩҨϥΪbT (faillog) I
ڭ̦bĤQ@ͨ쪺 last NOŪ wtmp ܪA
olܤ@b̪ϥΦ欰ܦUI
- /var/log/httpd/*, /var/log/news/*, /var/log/samba/*G
PAȷ|ϥΥ̦ۤvnɮרӰO̦ۤvͪUTIWzؿhOӧOAȩҨqnɡC
`nɴNOoXӡAOP Linux distributions Aq`nɪɦW|ۦP
(F /var/log/messages ~ )CҥHAA٬Oond\A Linux DWnɳ]wơA
~ાDAnɥDnɦWI
nɩһݬA (daemon) P{
oǵnɬOͪOHWؤ觋A@جOѳn}oӦۦwqgJnɻP榡A
Ҧp WWW n apache NOo˳BzCt@ثhO Linux distribution ѪnɺzAȨӲΤ@zC
AunNTᵹoӪAȫALN|ۤvONUذTmnɥhICentOS syslogd
oӪAȨӲΤ@znɳI
Fo syslogd ~Aڭ̪֤ߤ]ݭnB~nAȨӰO֤߲ͪUTA
oӱMO֤߸TnɪAȴNO klogd աCҥHAnɩһݪAȥDnNO syslogd
P klogd o̡C
Ln`NOApGA̵nɫOܡAѩtβͪTѤѳAAnɪeqN|jLkLѡ
pGAnɮeqӤjɡAi|ɭPjɮŪgIJvΪD (]nqϺŪJOAVjɮӰOqVh)C
ҥHoAAݭnnɳƥPsC...ݭnʳBzHMݭnAڭ̥iHzL logrotate (nɽ)
oNӦ۰ʤƳBznɮeqPsDI
ҿת logrotate WANONªnɧW١AMإߤ@ӪŪnɡAp@ӡA
snɱNs}lOAMunNªnɯdU@}lAINiHFNnɡyzتաI
~ApGª (jnOsXӤaI) OsF@qɶSDANiHtΦ۰ʪNL屼A
Koܦh_QwЪŶI
`@UAwnɩһݪ\Aڭ̻ݭnAȻP{G
- syslogdGDnntλPAȪTF
- klogdGDnn֤߲ͪUTF
- logrotateGDnbinɪ\C
ѩڭ̵۲IbQnAѨtΤWnҲͪUTA]Dnw syslogd P logrotate ӤСC
ۤUӧڭ̨ӽͤ@ͫ˳WoӪNCN syslogd o{Ͱ_aIonɡA~iHi
logrotate rIzOaI
责컡 Linux nɥDnO syslogd btdAA Linux
O_Ұ syslogd OHӥBO_]w}ɱҰʩOHIˬd@UG
[root@www ~]# ps aux | grep syslog
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 4294 0.0 0.0 1716 568 ? Ss Mar31 0:00 syslogd -m 0
# @IT꦳ҰʪI
[root@www ~]# chkconfig --list syslog
syslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
# w]pUArPϧΤ (3, 5) ҰʳI
|
ݨ syslog oӪAȦW٤FaHҥHDLwgbtΤu@oInFAJMDnOnɡAADnɪeOpi{H
syslog ]wɦb̡Hp]wHpGA Linux DQn@ӰϺnɦAɡASӦp]wH
UNڭ̨ӪoNI
nɤe@榡
@ӻAtβͪTgL syslog ӰOUӪƤACT|OUXӭnơG
- ƥoͪPɶF
- oͦƥDW١F
- ҰʦƥAȦW (p samba, xinetd ) Ψ祃W (p libpam ..)F
- ӰTڸƤeC
MAoǸTyԲӫסzOiHק諸AӥBAoǸTiH@tΰΩOI
ڭ̮nɤ@w|ObT /var/log/secure ҦnFG
[root@www ~]# cat /var/log/secure
1 Mar 14 15:38:00 www atd[18701]: pam_unix(atd:session): session opened for
user root by (uid=0)
2 Mar 14 15:38:00 www atd[18701]: pam_unix(atd:session): session closed for
user root
3 Mar 16 16:01:51 www su: pam_unix(su-l:auth): authentication failure; logn
ame=vbird uid=500 euid=0 tty=pts/1 ruser=vbird rhost= user=root
4 Mar 16 16:01:55 www su: pam_unix(su-l:session): session opened for user
root by vbird(uid=500)
5 Mar 16 16:02:22 www su: pam_unix(su-l:session): session closed for user root
|--/ɶ---|-H-|-----AȻP-------|--T------>
|
ڭ̮Ĥ@ƨӻnFAӸƬOGybT14 (Mar 14) U 15:38 A
www oD atd [PID 18701] ǨӪAoӮOzL pam_unix
oӼҲթҴXCTe root (uid=0) oӱbwg} atd ʤFCzMaI
бzۦ½Ķ@U᭱ 4 TeOI
٦ܦhTȱod\OIרO /var/log/messages eCOo@ӦntκzA
n``hyznɪeIרOoͩUXرpɡG
- AıotΦGӥ`ɡF
- Y daemon ѬOLk`ҰʮɡF
- YӨϥΪ̦ѬOLknJɡF
- Y daemon L{ѬOZɡF
٦ܦhաIϥıotΤӥ`ANond߬dߵnɴNOFC
Ѥ@ӳ`ˬd觋CڦѬOLk\ҰʬYӪAȮɡAڷ|b̫@ҰʸӪAȫAߧYˬdnɡA
(1){bɶҵnTyĤ@zF (2)ڷQndߪӪAȡyĤTzA
(3)̫AJӪd\ĥ|쪺TAǥH~IC
syslog ]wɡG/etc/syslog.conf
Hn٦]wɡHIOաO syslogd o daemon ]wɰաI
ڭ̲{bD syslogd iHtdDͪUӸTnAӳoǸTOyYšzA
ӥBAoǸƳ̲nǰeɮץhOiHק諸OAҥHڭ̤~|b@}YaA
C Linux distributions mnɦWi|ҮtڡI
WA syslog wUتAȻPTObYɮת]wɴNO /etc/syslog.confA
oɮ׳WwFy(1)A (2)ŰT (3)ݭnQOb(˸mɮ)z
oTөNNAҥH]wyk|OoˡG
AȦW[.=!]T TOɦWθ˸mΥD
# UH mail oӪAȲͪ info ŬҡG
mail.info /var/log/maillog_info
# o@满Gmail AȲͪj info ŪTAO
# /var/log/maillog_info ɮפNC
|
ڭ̱NW²檺TӻG
syslog Wd@ǪAȡAAiHzLoǪAȨxstΪTCsyslog {ѪAȥDnUoǡG
(iϥ man 3 syslog dߨT)
| AO | |
| auth (authpriv) |
DnP{ҦAҦp login, ssh, su ݭnb/KXNNF |
| cron | NOҦʤu@Ƶ{ cron/at ͰTOaF |
| daemon | PU daemon TF |
| kern | NO֤ (kernel) ͰTaF |
| lpr | YOCLTڡI |
| mail | unPloTݩoӡF |
| news | PsDsզAFF |
| syslog | NO syslogd o{ͪTڡI |
| user, uucp, local0 ~ local7 |
P Unix like @ǰTC |
Wͨ쪺O syslog ۦqAȦW١An}oӥiHzLIsWzAȦW٨ӰOL̪nC
|ҨӻA sendmail P postfix dovecot OPlnAodznb]pnɰOɡA|DʩIs syslogd
mail AȦW (LOG_MAIL)AҥHWzTӳn (sendmail, postfix, dovecot) ͪTb syslog
ݰ_ӡAN|yO mail zAȤFCڭ̥iHNoӷøspUϥܨӲzѡG
2.2.1B syslog ҨqAȦWٻPnIs觋
t~ACتAȩҲͪƶqtOܤjA|ҨӻA mail nɰThnRA
C@ʫHiJA mail ܤֻݭnOyHHHTFPH̪TzF
ӦpGOΨӰu@DAnJ (Q login nDBzƱ)
ƶq@w֡A authpriv ҺҪeiNhnRFC
FPTm줣PɮAnڭ̤OinɪzA
ҥHoANUOAȤnɡAObPɮ̭ANOڭ /etc/syslog.conf
ҭn@WdFI
P@ӪAȩҲͪT]OtOAҰʮɶȳqtΦӤw@T (information)A
X{٤ܩvT쥿`B@ĵiT (warn) A٦tεwoY~ɡAҲͪjDT (error )F
T쩳hֺYũOHWAsyslog NTCӥDnšA̧ǬOo˪(ѤnƦC쭫nT)G
| ŦW | |
| 1 | info |
ȬO@ǰTӤwF |
| 2 | notice |
info ٻݭnQ`N쪺@ǸTeF |
| 3 | warning
(warn) |
ĵܪTAiDAO٤ܩvTY daemon B@TFWA
info, notice, warn oTӰTObi@ǰTӤwA٤ܩy@ǨtιB@xZF |
| 4 | err
(error) |
@ǭj~TAҦp]wɪYdz]wȳyӪAȪAkҰʪTA
q`ǥ err ~iAӥiHAѨӪAȵLkҰʪDOI |
| 5 | crit |
error ٭nY~TAo crit O{I
(critical) YgAoӿ~wgYFI |
| 6 | alert |
ĵiĵiAwgܦDšA crit ٭nYI |
| 7 | emerg
(panic) |
khšANtΤwgXGnAI
Y~TFCq`juwXDAɭPӮ֤ߵLkQB@AN|X{o˪ŪTaI |
FoǦŪT~A٦ӯSšANO debug(~)
P none (ݵn) ӡAڭ̷Qn@@ǿ~AΪ̬OYǪAȪTɡA
NγoөNNaI
SOdN@UbTŤe٦ [.=!] sŸILNNOo˪G
- . GNy᭱٭n (tӵ)
QOUӡzNAҦpG mail.info NunO mail
TAӥBӸTŰ info (t info )ɡAN|QOUӪNC
- .=GNһݭnŴNO᭱ŦӤwA
LnI
- .!GNA
YOFӵť~LųOC
@ӻAڭ̤`ϥΪOy.zoӳsŸաI^_^
AӫhOoӰTnmb̪FCq`ڭ̨ϥΪOOɮװաIO]iHX˸mI
ҦpLI]iHO줣PDWYhOIUNO@DZ`mBG
- ɮת|Gq`NOb /var/log YɮװաI
- LΨLGҦp /dev/lp0 oӦL˸m
- ϥΪ̦W١GܵϥΪoI
- ݥDGҦp @www.vbird.tsai MաAnD]䴩~I
- *GNyثebuWҦHzA wall
oӫONqI
WA syslog ]wɴNuOo˦ӤwAUڭ̨ӫҤ@ǨDAnAiHMDp]w
syslogd ڡI
|
DG
pGڭnNڪ mail ƵLgJ /var/log/maillog Ab /etc/syslog.conf ykp]pH
G
gkOo˪G
mail.info@@@/var/log/maillog
`NWAڭ̪Ũϥ info ɡAyj info (t info oӵ)WTA
|QgJ᭱ɮפIzo˥iHAѶܡH]NOAڭ̥iHNҦ mail nTb
/var/log/maillog ̭NաI
|
|
DG
ڭnNsDsո (news) ΨҦʤu@Ƶ{ (cron) TgJ@Ӻ٬
/var/log/cronnews ɮפAOoӵ{ǪĵiThB~Ob /var/log/cronnews.warn A
Ӧp]wڪ syslog.conf OH
G
²աIJMOӵ{ǡAunHӹj}FA~AѩĤGӫwɮפAڥunOĵiTA
]]wWݭnwy.=zoӲŸAҥHykFG
news.*;cron.*@@@@@/var/log/cronnews
news.=warn;cron.=warn@/var/log/cronnews.warn
Wӡy.=zNObwŪNաIѩwFšA]AuoӵŪT~|Qboɮ̭OI
~A]n`NAnews P cron ĵiT]|gJ /var/log/cronnews I
|
|
DG
ڪ messages oɮݭnOҦTAONOQnO cron, mail news TAӫg~nH
G
iHؼgkAOOG
*.*;news,cron,mail.none@@@@@@/var/log/messages
*.*;news.none;cron.none;mail.none@/var/log/messages
ϥΡy,zjɡAťunb̫@ӧYiApGOHy;zӤܡA
NݭnNAȻPųgWhoIo˷|]wFaI
|
- CentOS 5.x w] syslog.conf e
AѻykAڭ̨Ӭݤ@ syslog ǨtΪAȤwgbOFOHNO@@@ /etc/syslog.conf oɮתw]eoI
(`NIpGݭnNӦ氵ѮɡAN[W # ŸNiH)
# Ӧ CentOS 5.x
[root@www ~]# vim /etc/syslog.conf
1 #kern.* /dev/console
2 *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages
3 authpriv.* /var/log/secure
4 mail.* -/var/log/maillog
5 cron.* /var/log/cron
6 *.emerg *
7 uucp,news.crit /var/log/spooler
8 local7.* /var/log/boot.log
9 news.=crit /var/log/news/news.crit
10 news.=err /var/log/news/news.err
11 news.notice /var/log/news/news.notice
|
W`@ȦQ@]wȡAC@檺NqOo˪G
- #kern.*GunO֤߲ͪTAe console(ݾ) hCconsole q`Oѥ~˸mstΦӨӡA
|ҨӻAܦhʳD (SLBùt) iHzLs RS232 sfNTǿ~tΤA
ҦpHOqsʳD RS232 fCoӶسq`ӬOΦbtΥX{YDӵLkϥιw]ù[tήɡA
iHzLoӶبӳso֤ߪTC(1)
- *.info;mail.none;news.none;authpriv.none;cron.noneGѩ mail, news, authpriv, cron OͪThA
BwggJUƭɮפA]b /var/log/messages ̭NOoǶءC~LTgJ /var/log/messages
Co]Oԣڭ̻o messages ɮܭntGI
- authpriv.*G{Ҥ譱TgJ /var/log/secure ɮסF
- mail.*Gl譱ThgJ /var/log/maillog ɮסF
- cron.*GҦʤu@Ƶ{gJ /var/log/cron ɮסF
- *.emergGͳY~ŮɡANӵŪTH wall 觋sҦbtεnJboA
no]OƱbuϥΪ̯qtκzӳBzoiȪ~DC
- uucp,news.critGuucp O Unix-like tζiƶǻqTwAӱ`ΦbsDsժγ~C news
hOsDsաCsDsդ譱TY~ɴNgJ /var/log/spooler ɮפF
- local7.*GN}ܨùTgJ /var/log/boot.log ɮפF
- ᭱ news.=critBnews.=errBnews.notice hDnbOOsDsղͪPŪTC
bWĥ| mail OAbOɮ /var/log/maillog
e٦Ӵy - zOFΪHѩlҲͪThA]ڭ̧ƱlͪTxsbt֪O餤
(buffer) AƶqjF~@ʪNҦƳJϺФAo˱NUnɪsʯC
uLѩTOȦsbO馎A]Y`ɭPnT^nɤAi|yƪC
~AC Linux distributions syslog.conf ]wtOjApGAQn۹nTɡA
iond\@U /etc/syslog.conf oɮפ~I_hi|oͤR~TI|ҨӻA
ۤvg@Rnɪ scriptAo script O̾ Red Hat
tιw]nɩҼgA]P distributions
Qnϥγo{ɡANonۦ]pPק@U /etc/syslog.conf ~I_hNi|R~ToC
pGAۤvݭnӱonqnɮɡAӦpiH
pGALݨDAҥHݭnSɮרAOɡAIOȮAdULOb
/etc/syslog.conf Ap@ӡAANiHƪN\hTObPɮAHKAzOI
ڭ̨ӧ@ӽmDaIpGAQnyҦTzB~gJ /var/log/admin.log oɮɡA
AiH@OHۤvQ@QAåB@@UAAӬݬݩU@kաI
# 1. ]wnҭnإߪɮ׳]mI
[root@www ~]# vim /etc/syslog.conf
# Add by VBird 2009/04/08 <==AjաAۤvק諸ɭԥ[J@ǻ
*.info /var/log/admin.log <==ΪOoաI
# 2. sҰ syslog OI
[root@www ~]# /etc/init.d/syslog restart
[root@www ~]# ll /var/log/admin.log
-rw------- 1 root root 118 Apr 8 13:50 /var/log/admin.log
# @aIإߤFoӵnɥX{oI
|
²aIp@ӡAҦT|gJ /var/log/admin.log ̭FI
nɪwʳ]m
nFAѤW@Ӥp`̭ڭ̪DF syslog.conf ]wA]DFnɤenʤFA
ҥHApG۷QAO@ӫܼF`bȡAQQΥLHqFaơAMSQdUҾڡA
A|@HաINO}ɭԱNbANҦiTLٷٱA
ҥHĤ@ӰʸaNOnɪMu@
pGAnɤFAӫH
zIФHaFaơKKޡInܡͪNOApGѧAo{AnɤlӭFA
Ϊ̬Oo{AnɦGӹlɭԡA̱`o{NOͱ``|^AL
/var/log oӥؿyFIznIoOuƱIаOoAyֲMdAtΡIz
˸OISknɳQRHΪ̬OQ root ۤvpܧOHrIޱuιquNnFKKI
OߡAWAڭ̥iHzL@êݩʨӳ]wAnɡAy
uiHW[ơAOQR
zAAγ\iHFdz\O@ILApGA
root bQ}ѤFAU]w٬OLkO@A]AnOoy root
OiHbtΤWiƱ zA]AбNA root
oӱbKX]ww@ǡIdUnoӰDOI
n٭nQۤv (root) pߩҭקLOH
b Linux ҵ{ɡAڪǥͱ``||⻡GyѮvAڪnɤOTFIV|IOOQJIFڡHz
ǩǡIOqЫǪDAϥΪO Private IP ӥBǮխp٦AiQaH
dߤF~DӦPǫܳwϥΡy :wq z} vim ҡAO syslog nɥunyQsLzNLk~OI
ҥH~|ɭPODCɧAon (1)ܨϥ vim ߺDF (2)sҰ syslog LA~ѪAȤ~I
JMpAڭ̴NӳBz@UݩʪFFaIڭ̦bĤCͨL lsattr
P chattr
oӪFաIpGN@ɮץH chattr ]w i oݩʮɡAɮ׳s root
IӥB]sWơAIuwIOAp@ӵnɪ\ZO]NFH
]SkgJrIҥHoAڭ̭nϥΪO
a oݩIAnɦpG]wFoݩʪܡA
LNuQW[AӤQRII
oӶشND`ŦXڭ̵nɪݨDաI]AAiHo˪W[AnɪݩʡC
Ъ`NAUo chattr ]wAGyȾAXwg Linux tΫܦB͡zӳ]wA
sӻAijAϥΨtΪw]ȴNnFAKo̫nɵLkgJ
Nɤ@II @_@
[root@www ~]# chattr +a /var/log/messages
[root@www ~]# lsattr /var/log/messages
-----a------- /var/log/messages
|
[JFoݩʤAA /var/log/messages nɱqNȯQW[AӤQRA
root Hy chattr -a /var/log/messages zo a ѼƤA~QRβʳI
MAFAnɪTwAo chattr +a XХiHUA@noɮסA
LApGAtΤwgQo root vAӬJM root iHUF chattr -a ӨoӺXСA
ҥHoA٬OIաI~Ae]yLAșn٬OnW[oӺXСA
ܮeѩۤvѰOAɭPtΪnTLkOOC
WA{AoӺXг̤jγBFbO@Anɪƥ~A
L٥iHUAקKpgJnɪpCn`NOAy
Ap "" ʹLnɫAҦp /var/log/messages A
Apߥ vi }ҥLA}oUF :wq ѼơAIɮץӱN|A~inʧ@I
zoӰDuܱ`o͡IѩAH vi xsFnɡAh syslogd |~PɮפwQʹLA
NɭP syslogd AgJɮseܶ˸I
nӵnɥiH~gJAAunsҰ syslog (/etc/init.d/syslog restart) YiC
LA`O·СCҥHڡApGAwnɤUF chattr +a ѼơAKKI
ӧANݭn`ȤpߧʨɮפFI]LkgJIFiHsW~ ^_^
LA]]o +a ݩɮLkQRPקAҥHoAڭ̶inɮ (logrotate)
AN|LkʸӵnɪɦWOIҥH|yܤjxZCoӧxZMiHϥ logrotate
]wɨӸѨMAOA٬ONnɪ +a XЮaI
[root@www ~]# chattr -a /var/log/messages
|
nɦA]w
ڭ̦beyL쪺Ab syslog.conf ɮAiHNnƶǰeLΪ̬OݥDWhCo˰NqOH
pGANnTǰeLWܡAU@pߧAtγQ cracker ҤJIA
L]NA /var/log/ 屼FAHSYڡIϥAwgNnƪHLO_ӤFA
KKILOLkk}աI^_^
AQ@ҡAA줽ǤQ Linux DAC@td@ӺAȡA
AFnAѨCDAA]AA``ݭnnJoQDhd\Anɡ
zIηQACѭniJQDhdơAQNСSYoӮɭԧڭ̥iHY@D
ynɦAzAΥLӰOҦQ linux DTAKKIo˧ڴNiJ@DNiHFI
ٮɤS٨ơAuK
nFo˪\OH²աAڭ CentOS 5.x w] syslog Nwg㦳oӵnɦA\FA
uOw]èSҰʸӥ\ӤwCAiHzL man syslogd hdߤ@UﶵNDաI
JMOnɦAAڭ̪ Linux DM|Ұʤ@ӰfӺťFAӹw]fNO UDP 514 I
2.4.1BnɦA[c
pWϩҥܡAA|ҰʺťfAΤݫhNnɦAX@eAhC
ӬJMOnɡyAzAҥHMAPΤ (client) oIo̪]wOOo˪G
# 1. Server ݡGק syslogd Ұʳ]wɡAq`b /etc/sysconfig I
[root@www ~]# vim /etc/sysconfig/syslog
# 쩳Uo@G
SYSLOGD_OPTIONS="-m 0"
# 令UoˤlI
SYSLOGD_OPTIONS="-m 0 -r"
# 2. sҰʻP[ syslogd I
[root@www ~]# /etc/init.d/syslog restart
[root@www ~]# netstat -lunp | grep syslog
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:514 0.0.0.0:* 13981/syslogd
# KKIAnɥDwg]woI²aI
|
zLo²檺ʧ@AA Linux DwgiHӦۨLDnTFI
MաAAnD譱¦Ao̳uOСA
AѤFTAA^Yӳo@@@I ^_^
ܩ client ݪ]wN²hFIunwYӸTǰeoDYiI
|ҨӻAڭ̪nɦA IP 192.168.1.100 A client ݧƱҦƳeDA
ҥHAiHb /etc/syslog.conf ̭sWo˪@G
[root@www ~]# vim /etc/syslog.conf
*.* @192.168.1.100
|
AsҰ syslog AߨNdwFIӥӥDWnɷAC@檺yDW١zN|ܨӦۤPDTFC
²aI ^_^CUӡAڭ̨ӽͤ@͡ApwnɨӶi (rotate) OH
]ڭ̤wgNnƼgJFOɤFA]wgQ chattr ]wF +a oݩʤFAӦpi
logrotate u@OHo̽ЯSOdNOGysyslog QΪO daemon 觋ӱҰʪA
ݨDɭԥߨN|Q檺AO logrotate oObWwɶF~ӶinɪA
ҥHo logrotate {ǷMNOb cron Ui檺Iz
JӬݤ@U /etc/cron.daily/ ̭ɮסAKKݨFaI /etc/cron.daily/logrotate
NOOFCѭni檺nɽ欰աI ^_^IUڭ̴Nӽͤ@ͫ˳]po logrotate aI
logrotate ]w
JM logrotate DnOwnɨӶiʧ@AҥHoALMnOy
bAU~Nnɶiz]wڡI logrotate oӵ{ѼƳ]wɦb̩OHINOG
- /etc/logrotate.conf
- /etc/logrotate.d/
logrotate.conf ~ODnѼɮסAܩ logrotate.d O@ӥؿA
ӥؿ̭Ҧɮ׳|QDʪŪJ /etc/logrotate.conf ӶiIt~Ab
/etc/logrotate.d/ ̭ɮפApGSWw쪺@Dzӳ]wAhH /etc/logrotate.conf
oɮתWwӫww]ȡI
nFAڭ̴ logrotate Dn\NONªnɮײʦɡA
åBsإߤ@ӷsŪɮרӰOAL浲GIUϥܡG
3.1.1B nɶi logrotate G
ѤWϥܧڭ̥iHMDAĤ@槹 rotate A쥻 messages |ܦ messages.1
ӥB|sy@ӪŪ messages tΨxsnɡCӲĤG椧Ah messages.1 |ܦ
messages.2 messages |ܦ messages.1 ASy@ӪŪ messages
xsnɡIpGڭ̶ȳ]wOdTӵnɦӤwܡAĥ|ɡAh
messages.3 oɮ״N|QRAåѫ᭱sOsnɩҨNIu@NOo˰աI
h[i@o˪ logrotate u@OHodzOb logrotate.conf ̭Aڭ̨Ӭݤ@Uw]
logrotate eaI
[root@www ~]# vim /etc/logrotate.conf
# U]wO "logrotate w]]w" ApGӧOɮ׳]wFLѼơA
# hNHӧOɮ׳]wDAYɮרS]w쪺ѼƫhHoɮתew]ȡI
weekly <==w]C§nɶi@ rotate u@
rotate 4 <==OdXӵnɩOHw]OOd|ӡI
create <==ѩnɳQWA]إߤ@ӷs~xsNI
#compress <==QʪnɬO_ݭnYHpGnɤӤjhiҼ{ѼƱҰ
include /etc/logrotate.d
# N /etc/logrotate.d/ oӥؿҦɮ׳ŪiӰ rotate u@I
/var/log/wtmp { <==Ȱw /var/log/wtmp ҳ]wѼ
monthly <==CӤ@ANCgI
minsize 1M <==ɮeq@wnWL 1M ~i rotate (LɶѼ)
create 0664 root utmp <==wsɮתvPݱb/s
rotate 1 <==ȫOd@ӡAYȦ wtmp.1 OdӤwC
}
# o wtmp iOnJ̻Ptέs}ɪɶPӷDεnJɶC
# ѩ㦳 minsize ѼơA]oCӤ@w|i@InɮeqC
# ѩȫOd@ӵnɦӤwANܥiHNL令 rotate 5 aI
|
ѳoɮת]wڭ̥iHD /etc/logrotate.d NO /etc/logrotate.conf
ҳWXӪؿAҥHAڭ̥iHNҦƳLgJ /etc/logrotate.conf
YiAOoˤ@ӳoɮ״NbOӽFAרOڭ̨ϥΫܦhAȦbtΤWɡA
CӪAȳnhק /etc/logrotate.conf ]w]GӦXz
ҥHApGWߥXӤ@ӥؿACӥH RPM ]觋ҫإߪAȪnɽ]wA
NiHWۦ@ɮסAåBm /etc/logrotate.d/ YiAuOKSXzkڡI ^_^
@ӻAo /etc/logrotate.conf Oyw]AzӤwA
ڭ̪UӪAȳiH֦ۤvnɽ]wAA]iHۦק令ۤvw˦ڡI
ҦpApGAtΪŶjAåB߰HbȪDAiHG
- N rotate 4 令 rotate 9 kAHOshƥɮסF
- jnɤݭn compress oIOŶӤpNݭn compress IרOܦwЪŶ httpd ݭn compress I
nFAWڭ̤jPФF /var/log/wtmp oɮת]wA{bADF logrotate.conf ]wykOG
nɪ|ɦW ... {
ӧOѼƳ]wȡAp monthly, compress
}
|
Uڭ̦AH /etc/logrotate.d/syslog oӽ syslog AȪɮסAӬݬݸӦp]wL rotate OH
[root@www ~]# vi /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler \
/var/log/boot.log /var/log/cron {
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
|
bWykAڭ̪DT logrotate gkG
- ɦWGQBznɵ|ɦWgbeAiHϥΪťզrjhӵnɡF
- ѼGWzɦWiѼƨϥ { } ]A_ӡF
- }GiIs~OӶiB~ROUFAoӳ]wݻP
sharedscripts .... endscript ]wXΤ~CܩiΪҬG
- prerotateGbҰ logrotate
ei檺OAҦpקnɪݩʵʧ@F
- postrotateGb logrotate ҰʪOAҦpsҰ
(kill -HUP) YӪAȡI
- Prerotate P postrotate w[WSݩʪɮ׳BzWAO۷n{ǡI
/etc/logrotate.d/syslog ]wɮת\NܦFG
- ӳ]wu /var/log/ messages, secure, maillog, spooler, boot.log, cron ġF
- nɽCg@BOd|ӡBBUӪnɤiY(w])F
- (postrotate) o syslog PID AH kill -HUP sҰ syslogd
]ڭ̦w /var/log/messages oɮW[ chattr +a ݩʮɡA
̾ logrotate u@zAڭ̪DAo /var/log/messages N|QW
/var/log/messages.1 ~OCOѩ[Wo +a ѼưڡAҥHWOiন\I
OHINQ prerotate P postrotate ӶinɽeBһݭn@ʧ@ڡI
GupɡAAiHo˭ק@Uoɮ׳I
[root@www ~]# vi /etc/logrotate.d/syslog
/var/log/messages /var/log/secure /var/log/maillog /var/log/spooler \
/var/log/boot.log /var/log/cron {
sharedscripts
prerotate
/usr/bin/chattr -a /var/log/messages
endscript
sharedscripts
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
/bin/kill -HUP `cat /var/run/rsyslogd.pid 2> /dev/null` 2> /dev/null || true
/usr/bin/chattr +a /var/log/messages
endscript
}
|
ݨ_HNOLh a oݩʡAn /var/log/messages iHiʧ@A
MFAAL[JoݩʡIЯSOdNOA
/bin/kill -HUP ... NqAo@檺تbNtΪ syslogd
sHѼ (syslog.conf) ŪJ@I]iHQO reload NաI
ѩڭ̫إߤF@ӷsŪɡApG榹@ӭsҰʪAȪܡA
OɭԱN|oͿ~I(Ц^ĤQCŪ@U
kill ᭱ signal e)
ڴ logrotate ʧ@
nFA]wAڭ̨Ӵլݬݳo˪]wO_iOHL橳UOG
[root@www ~]# logrotate [-vf] logfile
ﶵPѼơG
-v GҰܼҦA| logrotate B@L{I
-f GO_ŦX]wɪơAjCӵnɳi rotate ʧ@I
dҤ@G@ logrotate ݬݾӬy{H
[root@www ~]# logrotate -v /etc/logrotate.conf
reading config file /etc/logrotate.conf <==ŪDn]w
including /etc/logrotate.d <==Is~]w
reading config file acpid <==NO~]wڡI
....(ٲ)....
Handling 21 logs <==@ 21 ӵnɳQO
....(ٲ)....
rotating pattern: /var/log/messages /var/log/secure /var/log/maillog \
/var/log/spooler /var/log/boot.log /var/log/cron weekly (4 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/messages <==}lBz messages
log does not need rotating <==]ɶAݭnʡI
....(Uٲ)....
dҤGGji logrotate ʧ@
[root@www ~]# logrotate -vf /etc/logrotate.conf
....(eٲ)....
rotating log /var/log/messages, log->rotateCount is 4
renaming /var/log/messages.4 to /var/log/messages.5 (rotatecount 4, logstart 1, i 4),
renaming /var/log/messages.3 to /var/log/messages.4 (rotatecount 4, logstart 1, i 3),
renaming /var/log/messages.2 to /var/log/messages.3 (rotatecount 4, logstart 1, i 2),
renaming /var/log/messages.1 to /var/log/messages.2 (rotatecount 4, logstart 1, i 1),
renaming /var/log/messages.0 to /var/log/messages.1 (rotatecount 4, logstart 1, i 0),
old log /var/log/messages.0 does not exist
....(Uٲ)....
# ݨ_H rotate ʧ@NOoˤ@B@Bi檺
[root@www ~]# ll /var/log/messages*; lsattr /var/log/messages
-rw------- 1 root root 63 Apr 8 15:19 /var/log/messages
-rw------- 1 root root 670 Apr 8 14:22 /var/log/messages.1
-rw------- 1 root root 24984 Apr 1 19:26 /var/log/messages.2
-rw------- 1 root root 1911 Mar 28 11:32 /var/log/messages.3
-rw------- 1 root root 25193 Mar 22 04:02 /var/log/messages.4
-----a------- /var/log/messages <==Dʥ[J a ݩoI
|
W -f 㦳yjzNApG@]wSDܡAzפWAA
/var/log oӥؿN|_ܤoIӥBӤ|X{~T~IKKIo˴N
OK FIܴΤOܡHI
ѩ logrotate u@wg[J crontab YFIҥH{bCѨtγ|۰ʪLd
logrotate oIξߪաIuOn`N@U /var/log/messages YO_``UrG
Apr 8 15:19:47 www syslogd 1.4.1: restart (remote reception).
oO syslogd sҰʪɶ (NO] /etc/logrotate.d/syslog ]wtGI)
Uڭ̨Ӷi@ǨDmߡAAԲӪA logrotate \ΰڡI
ۭqnɪ\
]eOo˪Ae@p`A]AwgإߤF /var/log/admin.log oɮסA
{bAAQnNɮץ[W +a oüҡAӥB]wUTG
- nɽ@Ӥi@F
- ӵnɭYj 10MB ɡAhDʶiAݭnҼ{@Ӥ몺F
- OsӳƥɮסF
- ƥɮݭnY
AiH˳]wOH²ڡIݬݩUʧ@aI
# 1. إ +a oݩʰڡI
[root@www ~]# chattr +a /var/log/admin.log
[root@www ~]# lsattr /var/log/admin.log
-----a------- /var/log/admin.log
[root@www ~]# mv /var/log/admin.log /var/log/admin.log.1
mv: cannot move `/var/log/admin.log' to `/var/log/admin.log.1':
Operation not permitted
# o̽TwF[J a ݩʡIҥH root LkʦnɡI
# 2. }lإ logrotate ]wɡAW[@ɮצb /etc/logrotate.d NFI
[root@www ~]# vi /etc/logrotate.d/admin
# This configuration is from VBird 2009/04/08
/var/log/admin.log {
monthly <==CӤi@
size=10M <==ɮeqj 10M h}lBm
rotate 5 <==OdӡI
compress <==iYu@I
sharedscripts
prerotate
/usr/bin/chattr -a /var/log/admin.log
endscript
sharedscripts
postrotate
/usr/bin/killall -HUP syslogd
/usr/bin/chattr +a /var/log/admin.log
endscript
}
# 3. դ@U logrotate \TܡG
[root@www ~]# logrotate -v /etc/logrotate.conf
....(eٲ)....
rotating pattern: /var/log/admin.log 10485760 bytes (5 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/admin.log
log does not need rotating
not running prerotate script, since no logs will be rotated
not running postrotate script, since no logs were rotated
....(Uٲ)....
# ]٤@ӤAɮפ]Sj 10MAҥHݶiI
# 4. դ@Uj logrotate P\TܡG
[root@www ~]# logrotate -vf /etc/logrotate.d/admin
reading config file /etc/logrotate.d/admin
reading config info for /var/log/admin.log
Handling 1 logs
rotating pattern: /var/log/admin.log forced from command line (5 rotations)
empty log files are rotated, old logs are removed
considering log /var/log/admin.log
log needs rotating
rotating log /var/log/admin.log, log->rotateCount is 5
renaming /var/log/admin.log.5.gz to /var/log/admin.log.6.gz (rotatecount 5, logstart 1, i 5),
old log /var/log/admin.log.5.gz does not exist
renaming /var/log/admin.log.4.gz to /var/log/admin.log.5.gz (rotatecount 5, logstart 1, i 4),
old log /var/log/admin.log.4.gz does not exist
renaming /var/log/admin.log.3.gz to /var/log/admin.log.4.gz (rotatecount 5, logstart 1, i 3),
old log /var/log/admin.log.3.gz does not exist
renaming /var/log/admin.log.2.gz to /var/log/admin.log.3.gz (rotatecount 5, logstart 1, i 2),
old log /var/log/admin.log.2.gz does not exist
renaming /var/log/admin.log.1.gz to /var/log/admin.log.2.gz (rotatecount 5, logstart 1, i 1),
old log /var/log/admin.log.1.gz does not exist
renaming /var/log/admin.log.0.gz to /var/log/admin.log.1.gz (rotatecount 5, logstart 1, i 0),
old log /var/log/admin.log.0.gz does not exist
log /var/log/admin.log.6.gz doesn't exist -- won't try to dispose of it
running prerotate script
renaming /var/log/admin.log to /var/log/admin.log.1
running postrotate script
compressing log with: /bin/gzip
[root@www ~]# lsattr /var/log/admin.log*
-----a------- /var/log/admin.log
------------- /var/log/admin.log.1.gz <==YLI
|
ݨFܡHzLoӤ觋Aڭ̥iHإ߰_ݩۤv logrotate ]wɮסA
²KaIרOn`NA /etc/syslog.conf P /etc/logrotate.d/*
ɮױ``nft_ӡAҦpڭ̴쪺ӮרҤҫإߪ /var/log/admin.log
NO@ӫܦnҤlإ߫A٭nϥ logrotate ӽڡI ^_^
nɪROܭnIAiHۦH vi iJnɥhd\TCӨtΤ]Ѥ@dzniHAqnɤoơA
ҦpeL last, lastlog, dmesg OCLAoǸƲD`ApGAQn@fŪҦnTA
꦳IxZCLAnb CentOS logwatch oӵnɤR{AAiHǥѸӵ{AѵnɸTC
~A]̾ Red Hat tΪ syslog gF@p{jaϥγI
CentOS w]Ѫ logwatch
M@ǦΪtΫOALAnAѨtΪAA٬OonRӵnɤ~
ƹWAثewg۷hnɤRuAҦp CentOS 5.x Ww] logwatch oӮMҴѪRuA
L|CѤR@nɮסAåBNƥH email 榡He root OI
A]iH logwatch xWݬݡG
logwatch RGpUҥܡG
[root@www ~]# mail
Mail version 8.1 6/6/93. Type ? for help.
"/var/spool/mail/root": 433 messages 433 new
>N 1 logwatch@www.vbird.t Fri Sep 5 11:42 43/1542 "Logwatch for www.vbird.tsai (Linux)"
N 2 logwatch@www.vbird.t Sat Sep 6 15:34 92/2709 "Logwatch for www.vbird.tsai (Linux)"
N 3 logwatch@www.vbird.t Mon Sep 8 15:26 43/1542 "Logwatch for www.vbird.tsai (Linux)"
....(ٲ)....
N431 logwatch@www.vbird.t Wed Apr 8 04:02 53/1772 "Logwatch for www.vbird.tsai (Linux)"
& 431
Message 431:
From root@www.vbird.tsai Wed Apr 8 04:02:05 2009
Date: Wed, 8 Apr 2009 04:02:05 +0800
To: root@www.vbird.tsai
From: logwatch@www.vbird.tsai
Subject: Logwatch for www.vbird.tsai (Linux)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"
# |RPRI
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Wed Apr 8 04:02:05 2009
Date Range Processed: yesterday
( 2009-Apr-07 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: www.vbird.tsai
##################################################################
# UhO̾ڦUتAȨӶiURIOnJ̪ ssh AȤR
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
root:
192.168.100.101: 1 time
192.168.100.254: 1 time
---------------------- SSHD End -------------------------
# ϺЮeqRIiHקKAtΨϥιLqϺСAɭPtΤíDI
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 9.5G 3.8G 5.3G 42% /
/dev/hda3 4.8G 1.1G 3.5G 23% /home
/dev/hda1 99M 21M 73M 23% /boot
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
|
ѩեΥD|Ұʳ\hAȡAҥHRثܤ֡CYAtΤwgҰʳ\hAȪܡA
Rزz|hܦh~C
ۤvgnɤRuG
MwgF logwatch uAOۤvQnRƲP褣P
ҥHoANۤvgF@p{ (shell script yk) ΨӤRۤvnɡA
o{RnɸƨOTwA]AG
- /var/log/secure
- /var/log/messages
- /var/log/maillog
MաA٤uoǰաA]AUӥDn`AȡAp pop3, mail, ftp, su |ϥΨ pam AȡA
iHzLgoӤp{ӤRPBzOӸٷ|X@ǨtθTCpGAQnϥγoӵ{ܡA
wUG
w˪k]²AunNWzɮפUøYAN|o@ӦW logfile ؿA
Nؿʨ /usr/local/virus/ ؿUíק@UG /usr/local/virus/logfile.sh ɮסA
̭ email PTunק@UAANiHϥΰաڡI٭nOoANo{gJ /etc/crontab I
iHbCѪ 12:10am op{աI ^_^
[root@www ~]# mkdir /usr/local/virus
[root@www ~]# tar -zxvf logfile-0.1-4-2.tgz -C /usr/local/virus
[root@www ~]# cd /usr/local/virus/logfile
[root@www logfile]# vi logfile.sh
email="root@localhost" <==jb 93 楪kAжJA email A_hOdw]
basedir="/usr/local/virus/logfile" <==Odw]ȡADAؿPPI
[root@www logfile]# sh logfile.sh
# }lդRtΪnɡA̾ڧAnɤjpARɶTwI
[root@www logfile]# vi /etc/crontab
10 0 * * * root /usr/local/virus/logfile/logfile.sh
# W[o@ItΦbCѪۤvinɤRI
[root@www logfile]# mail
# ۤvXGAӵGXIUoˡG
# i{ŧiIA]iHbUs@ǿ~^I
##########################################################
wϥΥ{Ӭdzn
{ثeG Version 0.1-4-2
{̫sG 2006-09-22
YbztΤo{{D, wPpI
http://vbird.org.cn
D^G http://phorum.vbird.org/viewtopic.php?t=3425
##########################################################
# ݬݧAwP@~tΪpAרO partition ϥζqݭnHɪ`NI
=============== tηJ =================================
֤ߪ : Linux version 2.6.18-92.el5 (mockbuild@builder16.centos.org)
CPU T : Intel(R) Celeron(TM) CPU
: 1200.062 MHz
DW : www.vbird.tsai
έp : 2009/April/08 17:00:59 ( Wednesday )
R: Apr 8
w}: 7 days, 22:46,
ثeD partitions
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 9.5G 3.8G 5.3G 42% /
/dev/hda3 4.8G 1.1G 3.5G 23% /home
/dev/hda1 99M 21M 73M 23% /boot
tmpfs 363M 0 363M 0% /dev/shm
# oӵ{|Nw internet Pťf}ܡI
================= Ports RT =======================
DҥΪ port P process ownerG
ȹ糧} ports (PID|owner|command)
tcp 25|(root)|sendmail: accepting connections
tcp 631|(root)|cupsd
tcp 2207|(root)|python ./hpssd.py
tcp 2208|(root)|./hpiod
~} ports (PID|owner|command)
tcp 22|(root)|/usr/sbin/sshd
tcp 111|(rpc)|portmap
tcp 737|(root)|rpc.statd
udp 111|(rpc)|portmap
udp 514|(root)|syslogd -m 0 -r
udp 631|(root)|cupsd
udp 731|(root)|rpc.statd
udp 734|(root)|rpc.statd
udp 5353|(avahi)|avahi-daemon: running [www.local]
udp 32768|(avahi)|avahi-daemon: running [www.local]
udp 32769|(avahi)|avahi-daemon: running [www.local]
# HUw靈ҰʪAȭӧOiRI
================= SSH nɸTJ =======================
Sϥ SSH
================= Sednamil nɸTJ ==================
zDi SASL {Ҫ\
S sendmail T
================= nɸTJ =======================
1. nnO ( Secure file )
GwgF pop3 TI
Apr 8 15:46:22 www su: session opened for user vbird by root(uid=0)
Apr 8 15:47:02 www su: session closed for user vbird
2. ϥ last oӫOXG
wtmp begins Wed Apr 8 15:19:47 2009
3. NSn /var/log/messages CX@@I
wg crond P snmpd T
Apr 8 15:19:47 www syslogd 1.4.1: restart (remote reception).
Apr 8 15:34:25 www syslogd 1.4.1: restart (remote reception).
|
ثeOzLo{hRۤvzDAMAڥHAѨtΪpApGSphYɶitγBzI
ӥBONWz email վ㦨ۤviHb Internet WŪ쪺lAo˧ڨCѳiH쥿TnɤRTI