CHAPTER 13. RSYSLOG & LOGROTATE

Question 1

Which file is used to configure rsyslogd?

Answer 1

/etc/rsyslog.conf is used to configure rsyslogd.

Question 2

Which configuration file contains messages related to authentication?

Answer 2

/var/log/secure contains messages related to authentication.

Question 3

If you do not configure anything, how long will it take for log files to be rotated away?

Answer 3

Log files are rotated away by default after five weeks (one week for the current file, and four weeks for old files).

Question 4

Which command enables you to log a message from the command line to the user facility, using the notice priority?

Answer 4

logger -p user.notice “some text” logs a message from the command line to the user facility, using the notice priority.

Question 5

Which line would you add to write all messages with a priority of info to the file /var/log/messages.info?

Answer 5

Create a file in /etc/rsyslog.d. The name does not really matter. Give it the following contents: *.=info /var/log/messages.info.

Question 6

Which configuration file enables you to allow the journal to grow beyond its default size restrictions?

Answer 6

You can configure the journal to grow beyond its default size restrictions in /etc/systemd/journald.conf.

Question 7

Which command enables you to see new messages in the journal scrolling by in real time?

Answer 7

journalctl -f shows new messages in the journal scroll by in real time.

Question 8

Which command enables you to see all journald messages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.?

Answer 8

journalctl _PID=1 –since 9:00:00 –until 15:00:00 shows all journald mes-sages that have been written for PID 1 between 9:00 a.m. and 3:00 p.m.

Question 9

Which command enables you to see journald messages since the last reboot on a system where a persistent journal has been configured?

Answer 9

On a system where a persistent journal has been configured, journalctl -b shows journald messages since the last reboot.

Question 10

Which procedure enables you to make the journald journal persistent?

Answer 10

Making the journald journal persistent requires the following four commands, in order: mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald

Question 11

LAB

Configure the journal to be persistent across system reboots.

Answer 11

mkdir /var/log/journal; chown root:systemd-journal /var/log/journal; chmod 2755 /var/log/journal; killall -USR1 systemd-journald

Question 12

LAB

Make a configuration file that writes all messages with an info priority to the file /var/log/messages.info.

Answer 12

Create a file in /etc/rsyslog.d. Give it the following contents: *.=info /var/log/messages.info.

Question 13

LAB

Configure logrotate to keep ten old versions of log files.

Answer 13

In the /etc/logrotate.conf

# keep 4 weeks worth of backlogs
rotate 10