CHAPTER 13. RSYSLOG & LOGROTATE Flashcards
Which file is used to configure rsyslogd?
/etc/rsyslog.conf is used to configure rsyslogd.
Which configuration file contains messages related to authentication?
/var/log/secure contains messages related to authentication.
If you do not configure anything, how long will it take for log files to be rotated away?
Log files are rotated away by default after five weeks (one week for the current file, and four weeks for old files).
Which command enables you to log a message from the command line to the user facility, using the notice priority?
logger -p user.notice “some text” logs a message from the command line to the user facility, using the notice priority.
Which line would you add to write all messages with a priority of info to the file /var/log/messages.info?
Create a file in /etc/rsyslog.d. The name does not really matter. Give it the following contents: *.=info /var/log/messages.info.
Which configuration file enables you to allow the journal to grow beyond its default size restrictions?
You can configure the journal to grow beyond its default size restrictions in /etc/systemd/journald.conf.
Which command enables you to see new messages in the journal scrolling by in real time?
journalctl -f shows new messages in the journal scroll by in real time.
Which command enables you to see all journald messages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.?
journalctl _PID=1 –since 9:00:00 –until 15:00:00 shows all journald mes-sages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.
Which command enables you to see journald messages since the last reboot on a system where a persistent journal has been configured?
On a system where a persistent journal has been configured, journalctl -b shows journald messages since the last reboot.
Which procedure enables you to make the journald journal persistent?
Making the journald journal persistent requires the following four commands, in order: mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald
LAB
Configure the journal to be persistent across system reboots.
mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald
LAB
Make a configuration file that writes all messages with an info priority to the file /var/log/messages.info.
Create a file in /etc/rsyslog.d. Give it the following contents: *.=info /var/log/messages.info.
LAB
Configure logrotate to keep ten old versions of log files.
In the /etc/logrotate.conf
# keep 4 weeks worth of backlogs rotate 10