108.2 System Logging

Question 1

Format for sending log messages to a remote server.

Answer 1

facility.priority action

Question 2

Valid priorities in facility.priority include:

Answer 2

panic, alert, crit, err, warn, notice, info, debug

Difference with /etc/syslog.conf:
emerg and warning

Question 3

Log daemon that tracks and maintains system logs of system activities.

Answer 3

syslogd

Question 4

Command to enable syslogd utility to receive messages from the network.

Answer 4

syslogd -r

Question 5

Command to specify a syslogd configuration file other than /etc/syslog.conf

Answer 5

syslogd -f

Question 6

Command to turn on syslogd debug mode.

Answer 6

syslogd -d

Question 7

Command to specify a time interval between two timestamp lines in a log.

Answer 7

syslogd -m

Question 8

A shell command interface to the syslog system log module.

Answer 8

logger

Question 9

A component of systemd that manages and views log files created by the journal component of systemd.

Answer 9

journalctl

Used to access binary systemd journal log files.

Question 10

A system daemon that intercepts and logs kernel messages.

Answer 10

klogd - Kernel Log Daemon

No config file, only command line options

Question 11

klogd does what?

Answer 11

• Tracks kernel messages by prioritizing them.
• Listens to the source for kernel messaging and intercepts the messages.
• Runs as a client of syslogd where the kernel messages are sent through syslogd.
• Can also act as a stand-alone program.

Question 12

The highest priority level in /etc/syslog.conf.

Answer 12

emerg

Question 13

Priority order from highest to lowest in /etc/syslog.conf.

Answer 13

emerg, alert, crit, err, warning, notice, info, debug

Question 14

Valid facilities in facility.priority include:

Answer 14

auth, user, kern, cron, daemon, mail, locale

Question 15

The best way to run the logrotate command and why.

Answer 15

In a daily cron job, because it prevents log files from becoming too large.

Question 16

rsyslog is older or newer than syslog?

Answer 16

Newer

Question 17

logrotate keeps which time periods of log files?

Answer 17

daily, weekly, monthly, or yearly

Question 18

Path to the conf file for logrotate.

Answer 18

/etc/logrotate.conf

Question 19

logrotate configuration options:

Answer 19

rotate 4 - for 4 weeks of log files
weekly - rotate log files weekly
create - create new empty log files after rotating
compress - compress rotated log files
include - reads log file rotation parameters from various files in /etc/logrotate.d/
shred - ensures that log files are not readable after their scheduled deletion

Question 20

Path where some applications store log rotation parameters.

Answer 20

/etc/logrotate.d/[pkgname]

Question 21

Path to the conf file for syslogd.

Answer 21

/etc/syslog.conf

Question 22

The /etc/syslog.conf file contains:

Answer 22

Rules for logging system messages. Each rule is composed of a selector field and an action field. The selector field is composed of the facility and priority separated by a dot. Case insensitive.
E.g. kern.panic @192.168.1.100

Question 23

Path to the conf file for journald and the journalctl utility.

Answer 23

/etc/systemd/journald.conf

Question 24

The Storage option for /etc/systemd/journald.conf configures where journal data is stored. The options are:

Answer 24

volatile - in memory only
persistent - stores data to the disk and creates the directory if necessary
auto - the default, like persistent but does not create the directory
none - turns off storage and all log data is dropped

Question 25

Path to the file used for logs sent by mail using logger.

Answer 25

/etc/logfiles/mail-logs

Question 26

Command to send logs by mail to log file for system messages at err level or higher.

Answer 26

logger -p mail.err -f /etc/logfiles/mail-logs

Question 27

Default location for logging services to store log files.

Answer 27

/var/log

Question 28

Path to the directory for persistent journal logs created by journalctl.

Answer 28

/var/log/journal/

Safe to delete log files but not the journal directory.