CHAPTER 13. RSYSLOG & LOGROTATE Flashcards

1
Q

Which file is used to configure rsyslogd?

A

/etc/rsyslog.conf is used to configure rsyslogd.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which configuration file contains messages related to authentication?

A

/var/log/secure contains messages related to authentication.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If you do not configure anything, how long will it take for log files to be rotated away?

A

Log files are rotated away by default after five weeks (one week for the current file, and four weeks for old files).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which command enables you to log a message from the command line to the user facility, using the notice priority?

A

logger -p user.notice “some text” logs a message from the command line to the user facility, using the notice priority.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which line would you add to write all messages with a priority of info to the file /var/log/messages.info?

A

Create a file in /etc/rsyslog.d. The name does not really matter. Give it the following contents: *.=info /var/log/messages.info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which configuration file enables you to allow the journal to grow beyond its default size restrictions?

A

You can configure the journal to grow beyond its default size restrictions in /etc/systemd/journald.conf.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which command enables you to see new messages in the journal scrolling by in real time?

A

journalctl -f shows new messages in the journal scroll by in real time.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which command enables you to see all journald messages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.?

A

journalctl _PID=1 –since 9:00:00 –until 15:00:00 shows all journald mes-sages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Which command enables you to see journald messages since the last reboot on a system where a persistent journal has been configured?

A

On a system where a persistent journal has been configured, journalctl -b shows journald messages since the last reboot.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which procedure enables you to make the journald journal persistent?

A

Making the journald journal persistent requires the following four commands, in order: mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

LAB

Configure the journal to be persistent across system reboots.

A

mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

LAB

Make a configuration file that writes all messages with an info priority to the file /var/log/messages.info.

A

Create a file in /etc/rsyslog.d. Give it the following contents: *.=info /var/log/messages.info.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

LAB

Configure logrotate to keep ten old versions of log files.

A

In the /etc/logrotate.conf

# keep 4 weeks worth of backlogs
rotate 10
How well did you know this?
1
Not at all
2
3
4
5
Perfectly