Linux Logs Management

Question 1

What is the name of the logging daemon

Answer 1

Systemd-journald

or rsyslogd

Question 2

Where is the rsyslogd config file?

Answer 2

/etc/rsyslog.conf

Question 3

How would you structure an rsyslog rule

Answer 3

facility.priority action (the location to send the log)

Question 4

what are 10 valid rsyslog facility codes?

Answer 4

auth
authpriv
cron
daemon
kern
lpr
mail
news
security
user

Question 5

What are 8 valid rsyslog priority codes
listed lowest to highest

Answer 5

debug
info
notice
warning
err
crit
alert
emerg

Question 6

What directory are log files usually sent to?

Answer 6

/var/log

Question 7

How do you manage space the logs take up

Answer 7

Use logrotate

/etc/logrotate.conf

Question 8

How do you securely remove a file (overwrite and obfuscate)

Answer 8

shred
Use -f to force permission changes to allow overwriting
Use -n to adjust number or overwrites (default 3)

Question 9

What is a quick way of creating a new empty file?

Answer 9

touch NEWFILE

Question 10

How might you keep an eye on a log file as it updates?

Answer 10

Tail -f FILE

-f (—follow)

Question 11

How does “locate” command work?

Answer 11

It searches a daily updated database: mlocate.db

Question 12

What are 3 commonly used options for the “locate” command?

Answer 12

-A Match all patterns
-b Only the file names, not directories
-i Ignore case

Question 13

Name five useful options/expressions for the “find” command

Answer 13

-iname Search by name case-insensitive
- type File type i.e. f. d. l
- exec COMMAND{};
- mtime find files on modification time
- empty
- nouser
-perm

Question 14

Access Execute mode in Vi

Answer 14

:

Question 15

Access command mode in Vi

Answer 15

ESC

Question 16

Access input mode in Vi

Answer 16

i

Question 17

Save a document in Vi

Answer 17

get onto execute mode then W (to write)

Question 18

How to delete a line in Vi

Answer 18

dd from insert mode
:d via command mode

Question 19

How to quit Vi without saving

Answer 19

:q!

Question 20

How do you search in V

Answer 20

From command /STRING

Question 21

Search and replace all instances of string in document with Vi

Answer 21

%s/ORIGINAL/REPLACE

Question 22

Use vi to open and jump directly to the first (searched) instance of a string

Answer 22

vi +/STRING /FILEPATH

Question 23

Navigate without arrows in Vi

Answer 23

H J K L

Question 24

Enter insert mode while creating a new line in Vi

Answer 24

O for a line above the cursor or o for a line below

Question 25

How to copy/cut in Vi

Answer 25

yy for a line
Or line range is. LINE,LINEy

Question 26

How to switch files in Vi

Answer 26

:e FILE

Question 27

Where would you find dmesg and syslog (mesg in some Rhel)?

Answer 27

/var/log

Question 28

What are 6 valid rsyslog actions?

Answer 28

Forward to a file
Pipe to an app
Display
Send to remote host
Send to a list of users
Send to all logged in users

Question 29

Where is the systemd-journald config file?

Answer 29

/etc/systemd/journald.conf

Question 30

journald logs to binary files so can’t be checked with text tools, what tool should you use?

Answer 30

journalctl

Question 31

What are five common journalctl command options

Answer 31

-a All data fields
-e starts at end of journal with pager
-l All printable fields
-nNUM Recent NUM of entries
-r reverse output