Chapter 13 - Configuring Logging Flashcards
What are the 3 different approaches by services to write log information?
- Direct Write
- rsyslogd
- journald
What is rsyslogd?
rsyslog id is the enhancement of syslogd, a service that takes care of managing centralized log files.
Which daemon implements the journald?
systemd-joiurnald daemon
What does journald collect?
journald collects messages from the kernel, the entire boot procedure, and services and writes these messages to an event journal. This event journal is stored in a binary format, and it can be queried using the journalctl command.
Apart from rsyslogd and systemd-journald, there is the auditd service, What does the Audit service do?
This service provides auditing, an in-depth trace of what specific services, processes, or users have
been doing.
Who writes the files to /var/log?
rsyslogd
Which command helps users to write messages to rsyslog from the command line or a script?
logger command
Where is the configuration file for rsyslogd located?
/etc/rsyslog.conf
The rsyslog.conf file is used for what purpose?
This file is used to specify what should be logged and where it should be logged.
What is facility, priority and destination in logging?
A facility specifies a category of information that is logged. rsyslogd uses a fixed list of facilities, which cannot be extended.
A priority is used to define the severity of the message that needs to be logged.
A destination defines where the message should be written
What is the logrotate feature?
To prevent syslog messages from filling up your system completely, the log messages can be rotated. That means that when a certain threshold has been reached, the old log file is closed and a new log file is opened.
Where are the default setting for log rotation kept?
/etc/logrotate.conf
By default where is the journal log file stored?
/run/log/journal
What is the entire directory /run used for?
The entire /run directory is used for current process status information only.
