Linux Sysadmin Test Prep
Logging
Logging
Reading logs
who(is logged in now)last(history of logins)last <username>last <reboot>lastlog(logins)last log(log files)
ls /var/logsudo tail /var/log/syslogTimestamp, Hostname, App-Name, Message
Tips
grep "invalid user" /var/log/auth.log
rsyslog
ls /etc/rsyslog.dcat /etc/rsyslog.d/50-default.conffacility.priority logLocationcron.warn /var/log/cron.warncron.=info /var/log/cron.infocron.!=info /var/log/cron.info
Tips
- Rules are applied in order. Use numbers in filename to order rules.
- Restart system service after changes.
| Lv. # | Lv. Name | Description |
|---|---|---|
| 1 | debug | Debug information from programs |
| 2 | info | Simple informational message - no intervention is required |
| 3 | notice | Condition that may require attention |
| 4 | warn | Warning |
| 5 | err | Error |
| 6 | crit | Critical condition |
| 7 | alert | Condition that needs immediate intervention |
| 8 | emerg | Emergency condition |
| * | * | All conditions |
logger
Tips
logger [options] [message]
logger -p cron.info " This is a info message from cron"(-p means priority)
Quiz
- Enable cron logging for all levels to go to your user console
- create a cron error and verify it works
- Change cron logging for all levels to go to /var/log/cron.log
- Create a rule for
local4critical level logs to be sent to/var/log/local4-info.log - Use logger to send a message from local4 of critical level to the log
logrotate
Tips
cat /etc/logrotate.conflogrotate -fv /etc/logrotate.conf-f,--force+-v,--verbose
Quiz
- Enable compression on your log files
- Create a
logrotategroup and allow it to use thelogrotatecommand - Rotate your
lightdmlogs