Configure System Logging Flashcards
SLES 15 has 2 options, for system logging:
1) rsyslog for main monitoring
2) systemd journal for local system-related logging. It is missing some rsyslog features and it can be set to forward to rsyslog which is recommended
Where is recommended that systemd journal forward messages to?
rsyslog
Which is the main config file for rsyslogd?
c
What command do you have to run after modifying this file > /etc/rsyslog.conf?
systemctl restart rsyslog
What file contains rsyslog service run-time parameters?
/etc/sysconfig/syslog
Logging is made up of?
rules
rules are made up of?
1) selector > (set of messages): facilities, priorities
2) action > what to do with the matches (destination/target)
example of a logging rule:
filter action
mail.* -/var/log/mail
mail is the facility
action is determines the destination
the - means this message is not so important
example of selectors and priorities:
fac. * all priorities
fac. pri that priority and higher
fac. =pri just that priority
fac. !pri all priorities BUT
Some facilities (think of them as categories of what to log) are:
kernel, user, mail, daemon, auth, syslog, cron, security, ntp
some priorities are:
emerg, alert, crit, err, warn
0 1 2 3 4
To configure systemd journal Persistency
vi /etc/systemd/journal.conf
storage=persistent it is says “auto” it will forward to rsyslog
then
systemctl restart journald
Should you need rsyslog if running a local-only system?
No. If rsyslog is installed and configured, systemd will be configured by default to forward entries to rsyslog
How do you configure journal forwarding to rsyslog?
vi /etc/systemd/journal.conf
ForwardToSyslog=yes
then
systemctl restart journald
what command shows you only the latest kernel entries?
journalctl -k
