Linux Logs Management Flashcards
What is the name of the logging daemon
Systemd-journald
or rsyslogd
Where is the rsyslogd config file?
/etc/rsyslog.conf
How would you structure an rsyslog rule
facility.priority action (the location to send the log)
what are 10 valid rsyslog facility codes?
auth
authpriv
cron
daemon
kern
lpr
mail
news
security
user
What are 8 valid rsyslog priority codes
listed lowest to highest
debug
info
notice
warning
err
crit
alert
emerg
What directory are log files usually sent to?
/var/log
How do you manage space the logs take up
Use logrotate
/etc/logrotate.conf
How do you securely remove a file (overwrite and obfuscate)
shred
Use -f to force permission changes to allow overwriting
Use -n to adjust number or overwrites (default 3)
What is a quick way of creating a new empty file?
touch NEWFILE
How might you keep an eye on a log file as it updates?
Tail -f FILE
-f (—follow)
How does “locate” command work?
It searches a daily updated database: mlocate.db
What are 3 commonly used options for the “locate” command?
-A Match all patterns
-b Only the file names, not directories
-i Ignore case
Name five useful options/expressions for the “find” command
-iname Search by name case-insensitive
- type File type i.e. f. d. l
- exec COMMAND{};
- mtime find files on modification time
- empty
- nouser
-perm
Access Execute mode in Vi
:
Access command mode in Vi
ESC
Access input mode in Vi
i
Save a document in Vi
get onto execute mode then W (to write)
How to delete a line in Vi
dd from insert mode
:d via command mode
How to quit Vi without saving
:q!
How do you search in V
From command /STRING
Search and replace all instances of string in document with Vi
%s/ORIGINAL/REPLACE
Use vi to open and jump directly to the first (searched) instance of a string
vi +/STRING /FILEPATH
Navigate without arrows in Vi
H J K L
Enter insert mode while creating a new line in Vi
O for a line above the cursor or o for a line below
How to copy/cut in Vi
yy for a line
Or line range is. LINE,LINEy
How to switch files in Vi
:e FILE
Where would you find dmesg and syslog (mesg in some Rhel)?
/var/log
What are 6 valid rsyslog actions?
Forward to a file
Pipe to an app
Display
Send to remote host
Send to a list of users
Send to all logged in users
Where is the systemd-journald config file?
/etc/systemd/journald.conf
journald logs to binary files so can’t be checked with text tools, what tool should you use?
journalctl
What are five common journalctl command options
-a All data fields
-e starts at end of journal with pager
-l All printable fields
-nNUM Recent NUM of entries
-r reverse output
