Scribd
Upload
3 views

LAB 13_Configuring Logging

Uploaded by

Thien Duong
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
3 views

LAB 13_Configuring Logging

Uploaded by

Thien Duong
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 18

Exercise 13.

1 Using Live Log Monitoring and logger


In this exercise, you use tail -f to monitor a log file in real-time.
You also use logger to write messages to a log file.
1. Open a root shell.
2. From the root shell, type tail -f /var/log/messages
3. Open a second terminal window. In this terminal window, type
su - yourname to open a subshell as yourname.
4. Type su - to open a root shell, but enter the wrong password.
5. Notice that nothing appears in /var/log/messages. That is
because login-related errors are not written here.
6. From the user shell, type logger hello . You’ll see the message
appearing in the /var/log/messages file in real time.
7. In the tail -f terminal, use Ctrl+C to stop tracing the messages
file.
8. Type tail -n 20 /var/log/secure . This shows the last 20 lines
in /var/log/secure, which also shows the messages that the su -
password errors have generated previously.
Exercise 13.2 Changing rsyslog.conf Rules
In this exercise, you learn how to change rsyslog.conf. You
configure the Apache service to log messages through syslog, and
you create a rule that logs debug messages to a specific file.
1. By default, the Apache service does not log through rsyslog,
but keeps its own logging. You are going to change that. To start,
type yum install -y httpd to install the Apache service.
2. After installing the Apache service, open its configuration file
/etc/http/conf/httpd.conf and add the following line to it:
ErrorLog syslog:local1
3. Type systemctl restart httpd

4. Now create a line in the rsyslog.conf file that will send all
messages that it receives for facility local1 (which is now used by
the httpd service) to the file /var/log/httpd-error.log. To do this,
include the following line:
local1.=error -/var/log/httpd-error.log

5. Tell rsyslog to reload its configuration, by using systemctl


restart rsyslog

6. All Apache error messages will now be written to the httpd-


error.log file.
7. From the Firefox browser, go to http://localhost/nowhere.
Because the page you are trying to access does not exist, this will
be logged to the Apache error log.

8. Now let’s create a snap-in file that logs debug messages to a


specific file as well.
To do this, type echo “*.debug /var/log/messages-debug”
> /etc/rsyslogd/debug.conf
9. Again, restart rsyslogd using systemctl restart rsyslog
10. Use the command tail -f /var/log/messages-debug to open
a trace on the newly created file.
11. Type logger -p daemon.debug “Daemon Debug Message
”. You’ll see the debug message passing by.
12. Use Ctrl+C to close the debug log file.
Exercise 13.3 Discovering journalctl
In this exercise, you learn how to work with different journalctl
options.
1. Type journalctl . You’ll see the content of the journal since
your server last started, starting at the beginning of the journal.
The content is shown in less , so you can use common less
commands to walk through the file.
2. Type q to quit the pager. Now type journalctl --no-pager .
This shows the contents of the journal without using a pager.
3. Type journalctl -f . This opens the live view mode of journalctl,
which allows you to see new messages scrolling by in real time.
Use Ctrl+C to interrupt.
4. Type journalctl and press the Tab key twice. This shows
specific options that can be used for filtering. Type, for instance,
journalctl _UID=0

5. Type journalctl -n 20 . The -n 20 option displays the last 20


lines of the journal (just like tail -n 20 ).
6. Now type journalctl -p err . This command shows errors only.
7. If you want to view journal messages that have been written in
a specific time period, you can use the --since and --until
commands. Both options take the time parameter in the format
YYYY-MM-DD hh:mm:ss. Also, you can use yesterday , today ,
and tomorrow as parameters. So, type
journalctl –since yesterday to show all messages that have
been written since yesterday.
8. journalctl allows you to combine different options, as well. So,
if you want to show all messages with a priority err that have
been written since yesterday, use journalctl --since yesterday
-p err
9. If you need as much detail as possible, use journalctl -o
verbose . This shows different options that are used when writing
to the journal.

All these options can be used to tell the journalctl command


which specific
information you are looking for. Type, for instance, journalctl
_SYSTEMD_UNIT=sshd.service to show more information
about the sshd systemd unit.
Exercise 13.4 Making the journald Journal Permanent
In this exercise, you learn how to make the journald journal
permanent.
1. Open a root shell and type mkdir /var/log/journal .
2. Before journald can write the journal to this directory, you have
to set ownership.
Type chown root:systemd-journal /var/log/journal , followed
by
chmod 2755 /var/log/journal

3. Next, you can either reboot your system (restarting the


systemd-journald service is not enough) or use the killall -USR1
systemd-journald command.
4. The systemd journal is now persistent across reboots. If you
want to see the log messages since last reboot, use journalctl -b
.
End-of-Chapter Labs
You have now learned how to work with logging on Red Hat
Enterprise Linux 7 and know how to configure rsyslogd and
journald. You can now complete the endof-chapter labs to enforce
these newly acquired skills.
Lab 13.1
1. Configure the journal to be persistent across system reboots.
2. Make a configuration file that writes all messages with an info
priority to the file /var/log/messages.info.
3. Configure logrotate to keep 10 old versions of log files.

You might also like