#!/bin/bash # #获取凝思操作系统下日志及相关的配置信息脚本get_parameter_log.sh #如果运行该脚本时,带参数1为-somelog时,则生成的/opt/${hostname}.${DATE}.tgz文件中只包含部分日志信息 #如果运行该脚本时,带参数1为-alllog时,则生成的/opt/${hostname}.${DATE}.tgz文件中包含/var/log/目录下的所有日志信息 # #北京凝思科技有限公司技术支持部 #叶金成 #2013-02-18 # echo_fail() { echo -e "\\033[1;31m" "failed" } reset_color() { echo -en "\\033[0;39m" } #exit_script() { # echo -e "由于凝思安全功能不正常,是否提前退出收集信息脚本(y/n)?\n" # echo -e "Because linx security function is not normal, whether early exit collect information script(y/n)?\n" # read flag_of_exit # if [ -z ${flag_of_exit} ] # then # flag_of_exit="n" # fi # if [ ${flag_of_exit} == "y" ];then # reset_color # exit 1 # fi #} #grep '6.0.3' /etc/issue &>/dev/null #if [ $? -eq 0 ];then # if [ -d /sys/kernel/security/linx ];then # echo "The linx6.0.3 safety function is normal" # else # echo "The linx6.0.3 safety function abnormal" # echo_fail # exit_script # fi #else # lsmod |grep linx &>/dev/null # if [ $? -eq 0 ];then # echo "The rocky4.2 or linx6.0.4 security module is loaded." # else # echo "The rocky4.2 or linx6.0.4 security module isn't loaded." # echo_fail # exit_script # fi #fi reset_color export LANG=posix E_BADARGS=65 if [ $# -lt 1 -o "x$1" != "x-somelog" -a "x$1" != "x-alllog" ];then echo "usage: `basename $0` -somelog bond0" echo "usage: `basename $0` -somelog eth0" echo "or" echo "usage: `basename $0` -alllog bond0" echo "usage: `basename $0` -alllog eth0" exit $E_BADARGS fi DATE=$(date +%Y%m%d%H%M%S) hostname=`uname -n` #check root user's HISTTIMEFORMAT grep HISTTIMEFORMAT /root/.bashrc &> /dev/null if [ $? -ne 0 ];then #设置保存历史命令的文件大小 echo "HISTFILESIZE=200000" >> /root/.bashrc #保存历史命令条数 echo "HISTSIZE=200000" >> /root/.bashrc #实时记录历史命令,默认只有在用户退出之后才会统一记录,很容易造成多用户间的相互覆盖 echo "export PROMPT_COMMAND=\"history -a\"">>/root/.bashrc #记录每条历史命令的执行时间 echo "HISTTIMEFORMAT=\"%Y%m%d-%H%M%S:\"" >> /root/.bashrc echo "export HISTTIMEFORMAT" >> /root/.bashrc fi grep HISTTIMEFORMAT ~sysadmin/.bashrc &> /dev/null if [ $? -ne 0 ];then #设置保存历史命令的文件大小 echo "HISTFILESIZE=200000" >> ~sysadmin/.bashrc #保存历史命令条数 echo "HISTSIZE=200000" >> ~sysadmin/.bashrc #实时记录历史命令,默认只有在用户退出之后才会统一记录,很容易造成多用户间的相互覆盖 echo "export PROMPT_COMMAND=\"history -a\"">>~sysadmin/.bashrc #记录每条历史命令的执行时间 echo "HISTTIMEFORMAT=\"%Y%m%d-%H%M%S:\"" >> ~sysadmin/.bashrc echo "export HISTTIMEFORMAT" >> ~sysadmin/.bashrc fi id d5000 if [ $? -eq 0 ];then chmod -R 644 ~d5000/.history_log/* fi id ems if [ $? -eq 0 ];then chmod -R 644 ~ems/.history_log/* fi id oms if [ $? -eq 0 ];then chmod -R 644 ~oms/.history_log/* fi id kingsoft if [ $? -eq 0 ];then grep HISTTIMEFORMAT ~kingsoft/.bashrc &> /dev/null if [ $? -ne 0 ];then #设置保存历史命令的文件大小 echo "HISTFILESIZE=200000" >> ~kingsoft/.bashrc #保存历史命令条数 echo "HISTSIZE=200000" >> ~kingsoft/.bashrc #实时记录历史命令,默认只有在用户退出之后才会统一记录,很容易造成多用户间的相互覆盖 echo "export PROMPT_COMMAND=\"history -a\"" >> ~kingsoft/.bashrc #记录每条历史命令的执行时间 echo "HISTTIMEFORMAT=\"%Y%m%d-%H%M%S:\"" >> ~kingsoft/.bashrc echo "export HISTTIMEFORMAT" >> ~kingsoft/.bashrc echo "#include .bashrc if it exists">>~kingsoft/.profile echo "if [ -f \"\$HOME/.bashrc\" ];then">>~kingsoft/.profile echo ". \"\$HOME/.bashrc\"">>~kingsoft/.profile echo "fi">>~kingsoft/.profile chown kingsoft.kingsoft ~kingsoft/.bashrc chown kingsoft.kingsoft ~kingsoft/.profile fi fi mkdir /tmp/${hostname} cd /tmp/${hostname} ifconfig eth0> ./${hostname}.eth0-mac-address cp /etc/fstab ./${hostname}.fstab ls -al /sys/kernel/security/linx/ > ./${hostname}.sys.kernel.security.linx cp /etc/security/LinxSetupSign ./${hostname}.etc.security.LinxSetupSign cp /etc/hosts ./${hostname}.hosts cp /etc/network/interfaces ./${hostname}.etc.network.interfaces cp /etc/rc.d/rc.local ./${hostname}.etc.rc.d.rc.local cp /etc/X11/xorg.conf ./${hostname}.etc.X11.xorg.conf cp /etc/cgconfig.conf ./${hostname}.etc.cgconfig.conf cp /etc/cgrules.conf ./${hostname}.etc.cgrules.conf cp /etc/ntp.conf ./${hostname}.etc.ntp.conf cp /etc/ntp/ntp.conf ./${hostname}.etc.ntp.ntp.conf cp /etc/linxsn/cgroup_sn.conf ./${hostname}.etc.linxsn.cgroup_sn.conf cp /etc/linxsn/HA_sn.conf ./${hostname}.etc.linxsn.HA_sn.conf cp /etc/linxsn/multipath_sn.conf ./${hostname}.etc.linxsn.multipath_sn.conf cp /etc/sysctl.conf ./${hostname}.etc.sysctl.conf tar czvf ./${hostname}.etc.sysctl.d.tgz /etc/sysctl.d tar czvf ./${hostname}.etc.logrotate.d.tgz /etc/logrotate.d cp /etc/modprobe.conf ./${hostname}.modprobe.conf tar czvf ./${hostname}.etc.modprobe.d.tgz /etc/modprobe.d cp /etc/sysconfig/modules ./${hostname}.etc.sysconfig.modules cp /etc/ld.so.conf ./${hostname}.etc.ld.so.conf tar czvf ./${hostname}.etc.ld.so.conf.d.tgz /etc/ld.so.conf.d cp /usr/sbin/update_time.sh ./${hostname}.usr.sbin.update_time.sh cat /proc/cmdline>./${hostname}.cmdline cat /proc/asound/cards>./${hostname}.proc.asound.cards df -h >./${hostname}.df.-h df -ih >./${hostname}.df.-ih last -i >./${hostname}.last.-i.wtmp last -i -f /var/log/btmp >./${hostname}.last.-i.btmp lastlog >./${hostname}.lastlog smartctl -a /dev/sda >./${hostname}.smartctl.sda smartctl -a /dev/sdb >./${hostname}.smartctl.sdb smartctl -a /dev/sdc >./${hostname}.smartctl.sdc smartctl -a /dev/sdd >./${hostname}.smartctl.sdd #append history into ~root/.bash_history or ~sysadmin/.bash_history history -a #clear history history -c #read ~root/.bash_history or ~sysadmin/.bash_history history -r #将~root/.bash_history文件中的unix时间格式转换成可正常显示的格式并保存到./${hostname}.history.root文件中 (perl -pe 's/(\d+)/localtime($1)/e' ~root/.bash_history)>./${hostname}.history.root #将~sysadmin/.bash_history文件中的unix时间格式转换成可正常显示的格式并保存到./${hostname}.history.sysadmin文件中 (perl -pe 's/(\d+)/localtime($1)/e' ~sysadmin/.bash_history)>./${hostname}.history.sysadmin mkdir .history_log id d5000 if [ $? -eq 0 ];then #su - d5000 -c "history -M;history -S" mkdir .history_log/d5000 for filename in `ls ~d5000/.history_log` do (perl -pe 's/(\d+)/localtime($1)/e' ~d5000/.history_log/${filename})>.history_log/d5000/${filename}.bak mv .history_log/d5000/${filename}.bak .history_log/d5000/${filename} done chown -R d5000.d5000 .history_log/d5000 fi id ems if [ $? -eq 0 ];then #su - ems -c "history -M;history -S" mkdir .history_log/ems for filename in `ls ~ems/.history_log` do (perl -pe 's/(\d+)/localtime($1)/e' ~ems/.history_log/${filename})>.history_log/ems/${filename}.bak mv .history_log/ems/${filename}.bak .history_log/ems/${filename} done chown -R ems.ems .history_log/ems fi id oms if [ $? -eq 0 ];then #su - oms -c "history -M;history -S" #(perl -pe 's/(\d+)/localtime($1)/e' ~oms/.history)>./${hostname}.history.oms mkdir .history_log/oms for filename in `ls ~oms/.history_log` do (perl -pe 's/(\d+)/localtime($1)/e' ~oms/.history_log/${filename})>.history_log/oms/${filename}.bak mv .history_log/oms/${filename}.bak .history_log/oms/${filename} done chown -R oms.oms .history_log/oms fi id kingsoft if [ $? -eq 0 ];then su - kingsoft -c "history -a;history -c;history -r" (perl -pe 's/(\d+)/localtime($1)/e' ~kingsoft/.bash_history)>./${hostname}.history.kingsoft fi dmesg>./${hostname}.dmesg lspci -vvnn>./${hostname}.lspci.-vvnn lshw>./${hostname}.lshw dmidecode>./${hostname}.dmidecode iostat -d -x -k 1 10 > ./${hostname}.iostat.-d.-x.-k.1-10 cat ~d5000/cgroup_limits/d5000_limits/tasks>./${hostname}.cgroup.d5000.tasks cat ~ems/cgroup_limits/ems_limits/tasks>./${hostname}.cgroup.ems.tasks cat ~oms/cgroup_limits/oms_limits/tasks>./${hostname}.cgroup.oms.tasks cat /lxcg/d5000_limits/tasks>./${hostname}.lxcg.cgroup.d5000.tasks cat /lxcg/ems_limits/tasks>./${hostname}.lxcg.cgroup.ems.tasks cat /lxcg/oms_limits/tasks>./${hostname}.lxcg.cgroup.oms.tasks free>./${hostname}.free top -bn10 >./${hostname}.top.-bn10 fdisk -l >./${hostname}.fdisk.-l grep '6.0.3' /etc/issue &>/dev/null if [ $? -ne 0 ];then parted -l >./${hostname}.parted.-l fi top -bn1 -H >./${hostname}.top.-bn1.-H mii-tool>./${hostname}.mii-tool ipmitool -I open sel list>./${hostname}.ipmitool.i.open.sel.list ipmitool -I open sdr>./${hostname}.ipmitool.i.open.sdr ipmitool -I open sensor list>./${hostname}.ipmitool.i.open.sensor.list ipmitool -I open chassis restart_cause>./${hostname}.ipmitool.i.open.chassis.restart_cause ipmitool -I open chassis policy list>./${hostname}.ipmitool.i.open.chassis.policy.list cat /proc/loadavg >./${hostname}.proc.loadavg cat /proc/net/bonding/bond0 >./${hostname}.proc.net.bonding.bond0 cat /proc/net/bonding/bond1 >./${hostname}.proc.net.bonding.bond1 cat /proc/stat >./${hostname}.proc.stat cat /proc/cpuinfo >./${hostname}.proc.cpuinfo cat /proc/vmstat >./${hostname}.proc.vmstat vmstat 1 10 >./${hostname}.vmstat.1_10 cat /etc/issue >./${hostname}.etc.issue uname -a >./${hostname}.uname.-a crm configure show>./${hostname}.crm.configure.show crm_mon -1>./${hostname}.crm_mon.-1 cat /etc/corosync/corosync.conf >./${hostname}.etc.corosync.corosync.conf corosync-cfgtool -s >./${hostname}.corosync-cfgtool.-s cat /etc/corosync/lxha_iplist.conf >./${hostname}.etc.corosync.lxha_iplist.conf cat /etc/multipath.conf >./${hostname}.etc.multipath.conf multipath -ll >./${hostname}.multipath-ll cat /etc/lvm/lvm.conf >./${hostname}.etc.lvm.lvm.conf cat /etc/security/limits.conf >./${hostname}.etc.security.limits.conf cat /proc/meminfo >./${hostname}.proc.meminfo lsmod >./${hostname}.lsmod sysctl -A>./${hostname}.sysctl.-A ulimit -a>./${hostname}.ulimit.-a lsof>./${hostname}.lsof cat /etc/audit/audit.rules>./${hostname}.etc.audit.audit.rules cat ~d5000/.tcshrc>./${hostname}.d5000.tcshrc cat ~oms/.tcshrc>./${hostname}.oms.tcshrc cat ~ems/.tcshrc>./${hostname}.ems.tcshrc cat /etc/crontab>./${hostname}.etc.crontab tar czvf ./${hostname}.etc.tgz /etc/rc.d /etc/init.d /etc/rc?.d tar czvf ./${hostname}.etc.security.tgz /etc/security tar czvf ./${hostname}.etc.pam.d.tgz /etc/pam.d faillog -a > ./${hostname}.faillog.-a crontab -u d5000 -l>./${hostname}.var.spool.cron.crontabs.d5000 netstat -anp>./${hostname}.netstat.-anp ps auxww>./${hostname}.ps.auxww ps eauxf>./${hostname}.ps.eauxf ps -efL>./${hostname}.ps.-efL pstree >./${hostname}.pstree ifconfig -a>./${hostname}.ifconfig.-a route>./${hostname}.route ip route show>./${hostname}.ip.route.show GATEWAY=`route -n|grep ^0.0.0.0|awk '{print $2}'` ping -c 10 ${GATEWAY}>./${hostname}.ping.-c.10.gateway #wmli@linx-info.com,2013-05-20,get disk parameter DISK=$(fdisk -l|grep Disk|grep dev|awk -F':' '{print $1}'|awk '{print $NF}') DF=$(hostname).Diskinfo echo 'DiskInfo' > $DF echo "======================================================"|tee -a $DF if [ $(which hdparm) ];then for i in $DISK do echo -n "$i "|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'device size with M = 1000\*1000:'|awk '{print $(NF-1),$NF}')"|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'Model Number:')"|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'Serial Number:')"|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'Transport:')"|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'Form Factor:')"|tee -a $DF echo "$(hdparm -I $i 2>/dev/null|grep 'Nominal Media Rotation Rate: 7200')"|tee -a $DF echo "------------------------------------------------------"|tee -a $DF done else echo "hdparm: command not found!">>${DF} fi #get network interface bond0 flow if [ -z $2 ];then eth_name="bond0" else eth_name=$2 fi i=0 send_o=`ifconfig $eth_name | grep bytes | awk '{print $6}' | awk -F : '{print $2}'` recv_o=`ifconfig $eth_name | grep bytes | awk '{print $2}' | awk -F : '{print $2}'` send_n=$send_o recv_n=$recv_o send_max_r=0 recv_max_r=0 send_max_b=0 recv_max_b=0 save_filename=${hostname}.network_flow_data echo "network_flow program started run">${save_filename} echo "network interface ${eth_name}">>${save_filename} date>>${save_filename} start_time=`date +\%s` flag_of_end="n" #while [ ${flag_of_end} != "y" ] #默认运行1分钟,如果提示结束运行时,输入y,可以提前结束 while [ $i -lt 60 ] do send_l=$send_n recv_l=$recv_n echo -e "默认获取1分钟时间内的${eth_name}的网络流量\n" echo -e "The network traffic by default for 1 minutes ${eth_name}\n" echo -e "是否提前结束网络流量的获取(y/n)?\n" echo -e "Gets whether early termination network traffic(y/n)?\n" read -t 3 flag_of_end if [ -z ${flag_of_end} ] then flag_of_end="n" fi if [ ${flag_of_end} == "y" ];then break fi send_n=`ifconfig $eth_name | grep bytes | awk '{print $6}' | awk -F : '{print $2}'` recv_n=`ifconfig $eth_name | grep bytes | awk '{print $2}' | awk -F : '{print $2}'` # i=`expr $i + 3` ((i=i+3)) echo $i # let "i=i+3" #send_r=`expr \( $send_n - $send_l \) / 3` ((send_r=((send_n - send_l)/3))) echo $send_n echo $send_l echo $send_r #send_b=`expr $send_r \* 8` ((send_b=send_r * 8)) #除法运算,scale=2为指定小数位数为2位 send_bm=$(echo "scale=2;$send_b/1048576"|bc) send_bytem=$(echo "scale=2;$send_b/1048576/8"|bc) # recv_r=`expr \( $recv_n - $recv_l \) / 3` ((recv_r=((recv_n - recv_l)/3))) echo $recv_n echo $recv_l echo $recv_r #recv_b=`expr $recv_r \* 8` ((recv_b=recv_r * 8)) recv_bm=$(echo "scale=2;$recv_b/1048576"|bc) recv_bytem=$(echo "scale=2;$recv_b/1048576/8"|bc) #total_r=`expr $send_r + $recv_r ` ((total_r=send_r + recv_r)) echo $total_r #total_b=`expr $total_r \* 8` ((total_b=total_r * 8)) total_bm=$(echo "scale=2;$total_b/1048576"|bc) total_bytem=$(echo "scale=2;$total_b/1048576/8"|bc) #send_ra=`expr \( $send_n - $send_o \) / $i` ((send_ra=((send_n - send_o)/i))) echo $send_n echo $send_o echo $send_ra #send_ba=`expr $send_ra \* 8` ((send_ba=send_ra * 8)) send_bam=$(echo "scale=2;$send_ba/1048576"|bc) send_byteam=$(echo "scale=2;$send_ba/1048576/8"|bc) #recv_ra=`expr \( $recv_n - $recv_o \) / $i` ((recv_ra=((recv_n - recv_o)/i))) echo $recv_n echo $recv_o echo $recv_ra #recv_ba=`expr $recv_ra \* 8` ((recv_ba=recv_ra * 8)) recv_bam=$(echo "scale=2;$recv_ba/1048576"|bc) recv_byteam=$(echo "scale=2;$recv_ba/1048576/8"|bc) #total_ra=`expr $send_ra + $recv_ra` ((total_ra=send_ra + recv_ra)) echo $total_ra #total_ba=`expr $total_ra \* 8` ((total_ba=total_ra * 8)) total_bam=$(echo "scale=2;$total_ba/1048576"|bc) total_byteam=$(echo "scale=2;$total_ba/1048576/8"|bc) echo -e "send_r:$send_r send_max_r:$send_max_r\n" if [ $send_r -gt $send_max_r ];then send_max_r=$send_r fi #send_max_b=`expr $send_max_r \* 8` ((send_max_b=send_max_r * 8)) send_max_bm=$(echo "scale=2;$send_max_b/1048576"|bc) send_max_bytem=$(echo "scale=2;$send_max_b/1048576/8"|bc) if [ $recv_r -gt $recv_max_r ];then recv_max_r=$recv_r fi #recv_max_b=`expr $recv_max_r \* 8` ((recv_max_b=recv_max_r * 8)) recv_max_bm=$(echo "scale=2;$recv_max_b/1048576"|bc) recv_max_bytem=$(echo "scale=2;$recv_max_b/1048576/8"|bc) sendn=`ifconfig $eth_name | grep bytes | awk -F \( '{print $3}' | awk -F \) '{print $1}'` send_dropped=`ifconfig $eth_name |grep "TX packets"| grep dropped | awk -F \: '{print $4}' | awk '{print $1}'` echo $send_dropped #total_max_r=`expr $send_max_r + $recv_max_r` ((total_max_r=send_max_r + recv_max_r)) #total_max_b=`expr $total_max_r \* 8` ((total_max_b=total_max_r * 8)) total_max_m=$(echo "scale=2;$total_max_b/1048576"|bc) total_max_bytem=$(echo "scale=2;$total_max_b/1048576/8"|bc) recvn=`ifconfig $eth_name | grep bytes | awk -F \( '{print $2}' | awk -F \) '{print $1}'` recv_dropped=`ifconfig $eth_name | grep "RX packets" | grep dropped | awk -F \: '{print $4}' | awk '{print $1}'` echo $recv_dropped clear echo -e "network_flow.sh has been running $i seconds \n">>${save_filename} 2>&1 echo -e "Last second : Send rate: $send_r Bytes/sec Recv rate: $recv_r Bytes/sec Total rate: $total_r Bytes/sec\n">>${save_filename} 2>&1 echo -e "Last second : Send rate: $send_b Bits/sec Recv rate: $recv_b Bits/sec Total rate: $total_b Bits/sec\n">>${save_filename} 2>&1 echo -e "Last second : Send rate: $send_bm Mbps Recv rate: $recv_bm Mbps Total rate: $total_bm Mbps\n">>${save_filename} 2>&1 echo -e "Last second : Send rate: $send_bytem Mbyte/sec Recv rate: $recv_bytem Mbyte/sec Total rate: $total_bytem Mbyte/sec\n">>${save_filename} 2>&1 echo -e "Average value: Send rate: $send_ra Bytes/sec Recv rate: $recv_ra Bytes/sec Total rate: $total_ra Bytes/sec\n">>${save_filename} 2>&1 echo -e "Average value: Send rate: $send_ba Bits/sec Recv rate: $recv_ba Bits/sec Total rate: $total_ba Bites/sec\n">>${save_filename} 2>&1 echo -e "Average value: Send rate: $send_bam Mbps Recv rate: $recv_bam Mbps Total rate: $total_bam Mbps\n">>${save_filename} 2>&1 echo -e "Average value: Send rate: $send_byteam Mbyte/sec Recv rate: $recv_byteam Mbyte/sec Total rate: $total_byteam Mbyte/sec\n">>${save_filename} 2>&1 echo -e "Maximun value: Send rate: $send_max_r Bytes/sec Recv rate: $recv_max_r Bytes/sec Total rate: $total_max_r Bytes/sec\n">>${save_filename} 2>&1 echo -e "Maximun value: Send rate: $send_max_b Bits/sec Recv rate: $recv_max_b Bits/sec Total rate: $total_max_b Bits/sec\n">>${save_filename} 2>&1 echo -e "Maximun value: Send rate: $send_max_bm Mbps Recv rate: $recv_max_bm Mbps Total rate: $total_max_m Mbps\n">>${save_filename} 2>&1 echo -e "Maximun value: Send rate: $send_max_bytem Mbyte/sec Recv rate: $recv_max_bytem Mbyte/sec Total rate: $total_max_bytem Mbyte/sec\n">>${save_filename} 2>&1 echo -e "Send dropped packets numbers: $send_dropped \n">>${save_filename} 2>&1 echo -e "Recv dropped packets numbers: $recv_dropped \n">>${save_filename} 2>&1 done echo -e "Total traffic after startup: Send traffic: $sendn Recv traffic: $recvn\n">>${save_filename} 2>&1 end_time=`date +\%s` #use_time_s=`expr $end_time - $start_time` ((use_time_s=end_time - start_time)) #use_time_h=`expr $use_time_s / 3600` ((use_time_h=use_time_s / 3600)) echo -e "Get network flow time: $use_time_s seconds\n">>${save_filename} 2>&1 echo -e "Get network flow time: $use_time_h hours\n">>${save_filename} 2>&1 if [ "x$1" = "x-alllog" ] then tar czvf ./${hostname}.var.log.tgz /var/log/* elif [ "x$1" = "x-somelog" ] then tail -20000 /var/log/messages >./${hostname}.var.log.messages.20000 tail -20000 /var/log/kernel >./${hostname}.var.log.kernel.20000 tail -20000 /var/log/kern.log >./${hostname}.var.log.kern.log.20000 tail -20000 /var/log/errors >./${hostname}.var.log.errors.20000 tail -20000 /var/log/syslog >./${hostname}.var.log.syslog.20000 tail -20000 /var/log/auth >./${hostname}.var.log.auth.20000 tail -20000 /var/log/audit/audit.log >./${hostname}.var.log.audit.audit.log.20000 tail -20000 /var/log/auth.log >./${hostname}.var.log.auth.log.20000 tail -20000 /var/log/corosync.log >./${hostname}.var.log.corosync.log.20000 tail -20000 /tmp/corosync.log >./${hostname}.tmp.corosync.log.20000 tail -20000 /var/log/Xorg.0.log >./${hostname}.var.log.Xorg.0.log.20000 tail -20000 /var/log/Xorg.1.log >./${hostname}.var.log.Xorg.1.log.20000 #tar czvf ./${hostname}.linx-watch-top.tgz /var/log/linx*.log fi #tar czvf /opt/${hostname}.${DATE}.tgz /tmp/${hostname} rm ~sysadmin/*.tgz tar czvf ~sysadmin/${hostname}.${DATE}.tgz /tmp/${hostname} chown sysadmin.sysadmin ~sysadmin/${hostname}.${DATE}.tgz rm -rf /tmp/${hostname} export LANG=zh_CN.utf-8