Viewing and Managing Log Files Flashcards
Log File Categories
System
Service
Event
Application
Debian based host system log location and what does it do?
/var/log/syslog
stores all global system activity and startup messages
options are controlled by /etc/syslog.config or /etc/rsyslog.conf
Aditional configuration files can be added to /etc/rsyslog.d/
What is the main system log on RHEL based hosts
/var/log/messages
Options controlled by /etc/syslog.config or /etc/rsyslog.conf
A logging system introduced by systemd and implemented by the journal daemon which stores logs in a binary format that can be viewed by using journalctl utility
systemd journal
Journalctl option -u or unit
view messages for a particular systemd unit
journalctl option -f
follow the journal for the latest messages
journalctl option -e
jump to the end of the journal
journalctl option -x
add explanatory texts from the message catalog
journalctl option -s, -u
show entries from a specified date (since and until)
Settings for the systemd journal can be updated by modifying?
/etc/systemd/journald.conf or adding configuration files to /etc/systemd/journald.conf.d/
A utility that can be installed and is installed by default on many distros in order to manage log files. It makes sure log files do not become to big and dictates how they will be stored on the host
logrotate
Main config file for log rotate
/etc/logrorate.conf and add confs can be set at /etc/logrotate.d
By default log rotate creates a crontab file in (which will be executed daily?
/etc/cron.daily
If you are trying to troubleshoot an issue where is the first place you should look?
The system log files in /var/log/syslog debian based hsots and /var/log/messages red hat based hosts
What is the format for entries in /var/log/syslog and messages?
timestamp, host name applicaiton and message