108.2 System Logging Flashcards
Format for sending log messages to a remote server.
facility.priority action
Valid priorities in facility.priority include:
panic, alert, crit, err, warn, notice, info, debug
Difference with /etc/syslog.conf:
emerg and warning
Log daemon that tracks and maintains system logs of system activities.
syslogd
Command to enable syslogd utility to receive messages from the network.
syslogd -r
Command to specify a syslogd configuration file other than /etc/syslog.conf
syslogd -f
Command to turn on syslogd debug mode.
syslogd -d
Command to specify a time interval between two timestamp lines in a log.
syslogd -m
A shell command interface to the syslog system log module.
logger
A component of systemd that manages and views log files created by the journal component of systemd.
journalctl
Used to access binary systemd journal log files.
A system daemon that intercepts and logs kernel messages.
klogd - Kernel Log Daemon
No config file, only command line options
klogd does what?
- Tracks kernel messages by prioritizing them.
- Listens to the source for kernel messaging and intercepts the messages.
- Runs as a client of syslogd where the kernel messages are sent through syslogd.
- Can also act as a stand-alone program.
The highest priority level in /etc/syslog.conf.
emerg
Priority order from highest to lowest in /etc/syslog.conf.
emerg, alert, crit, err, warning, notice, info, debug
Valid facilities in facility.priority include:
auth, user, kern, cron, daemon, mail, locale
The best way to run the logrotate command and why.
In a daily cron job, because it prevents log files from becoming too large.
rsyslog is older or newer than syslog?
Newer
logrotate keeps which time periods of log files?
daily, weekly, monthly, or yearly
Path to the conf file for logrotate.
/etc/logrotate.conf
logrotate configuration options:
rotate 4 - for 4 weeks of log files
weekly - rotate log files weekly
create - create new empty log files after rotating
compress - compress rotated log files
include - reads log file rotation parameters from various files in /etc/logrotate.d/
shred - ensures that log files are not readable after their scheduled deletion
Path where some applications store log rotation parameters.
/etc/logrotate.d/[pkgname]
Path to the conf file for syslogd.
/etc/syslog.conf
The /etc/syslog.conf file contains:
Rules for logging system messages. Each rule is composed of a selector field and an action field. The selector field is composed of the facility and priority separated by a dot. Case insensitive.
E.g. kern.panic @192.168.1.100
Path to the conf file for journald and the journalctl utility.
/etc/systemd/journald.conf
The Storage option for /etc/systemd/journald.conf configures where journal data is stored. The options are:
volatile - in memory only
persistent - stores data to the disk and creates the directory if necessary
auto - the default, like persistent but does not create the directory
none - turns off storage and all log data is dropped
Path to the file used for logs sent by mail using logger.
/etc/logfiles/mail-logs
Command to send logs by mail to log file for system messages at err level or higher.
logger -p mail.err -f /etc/logfiles/mail-logs
Default location for logging services to store log files.
/var/log
Path to the directory for persistent journal logs created by journalctl.
/var/log/journal/
Safe to delete log files but not the journal directory.