Server
Administration and Maintenance
Instructions:
Design appropriate logging schemes for (a) a small site; (b) a large site; and (c) a very
large site. You may like to design multiple logging schemes for each type of site as
appropriate
� Server Administration and Maintenance
Contents
Logging Information of Different sites .................................................................................................... 3
What is logging? .................................................................................................................................. 3
What is included in logging files? ........................................................................................................ 3
(a) Small Site ........................................................................................................................................... 3
Assumptions: ................................................................................................................................... 3
Logging policies used ...................................................................................................................... 3
Management of Log files ................................................................................................................ 4
Condensing Log files into useful information ................................................................................. 4
(b) Large Site ........................................................................................................................................... 4
Assumptions: ................................................................................................................................... 4
Logging policies used ...................................................................................................................... 4
Management of Log files ................................................................................................................ 5
Condensing Log files into useful information ................................................................................. 5
(c) Very Large Site ................................................................................................................................... 6
Assumptions: ................................................................................................................................... 6
Logging policies used ...................................................................................................................... 6
Management of Log files ................................................................................................................ 6
Condensing Log files into useful information ................................................................................. 7
Bibliography ............................................................................................................................................ 8
Table 1 Software that uses syslog ........................................................................................................... 7
Page | 2
� Server Administration and Maintenance
Logging Information of Different sites
What is logging?
Logging is the information about system daemons, kernels, utilities, as stated by nenth, Snyder, &
R.Hein (2007, p. 201), and other devices that is recorded into text format and stored onto a Hard
Disk Drive (HDD). This is done to provide useful assistance in case of difficulties and for security.
What is included in logging files?
Log files will normally hold information such as time of access, user identification (UID), group
identification (GID) and any commands. It may also include information that deals with device types,
up time, downtime and terminal information and any errors that occur as well as any unauthorised
access attempts.
The information logged is normally generic unless a user creates something like a cron command,
with explicit commands, that will harvest required information at a given time as described by Frisch
(2002, p. 90). An example will be to retrieve a list of users who are utilising a certain program every
hour to gage the usefulness of the program and how often it is being used. By doing this, a company
could cut its cost on licensing if the program is rarely used.
(a) Small Site
Assumptions:
Site: A Small Office Home Office (SOHO) environment, no laptops included.
Users: 2 ‐ 20 terminals and/or users.
All computers will need to be logged onto with a username and password. It is expected that
not all terminals will be in use at all times.
No IT department.
Logging policies used
As this is a SOHO, it will still need to have UID assigned to each user and each user will need to be
placed into a group with a GID so a log on policy should be implemented. There may only be two
groups ‐ user and administrator. All user information will be stored on local machine. All machines
will connect to a single server and access privileges will be through group policies. The group policies
will allow user information to be logged. An incremental log policy would work well here.
Page | 3
� Server Administration and Maintenance
The group policy will create a log file and input when a user logs on or off and will include the date,
time and terminal and all other generic information. Other log information will be for devices and
system startup and shut down and will contain generic information too.
Management of Log files
The log files will need to be saved to the local HDD. When they are in a secure location on the HDD
the files can continue to log information for a long time before needing to be removed, this is
referred to as rotation by Frisch (2002, p. 113). This is also supported by nenth, Snyder, & R.Hein
(2007, p. 202), who indicate that keeping log files for a “period of time” then deleted is good policy.
As the text information will not be large, maybe several kilobits a day per user, the log files
themselves will not be large. It will be good policy to put a limit on the size of the log files, let us say
around 10 Mega Bytes (MB). Once the log file has reached this limit or a set time is reached, a
system daemon will move the file to the administrator’s terminal and create new log file for the local
machine.
Condensing Log files into useful information
As the information contained in the log files will be generic in form and held on the terminal it is
important that the administrator look at these files on a regular basis to check the log. However, as
this is a SOHO any problems that occur will be found quickly by staff because of the small size of the
network. It would be good to use a tool such as logcheck. This can be run through a cron command
to run every hour as stated nenth, Snyder, & R.Hein (2007, p. 221)
(b) Large Site
Assumptions:
Site: large company in one building
Users: 50 – 500 Users
All users will need to log on with secured authenticated user name and password to server.
It is expected that not all terminals will be in use at all times.
It department with at least 10 staff
Logging policies used
Secure username and authenticated password will be needed to log on to a terminal. Three
attempts before lock out of account. Group policies will be active. All logging will be through a client
machine as recommended by nenth, Snyder, & R.Hein (2007, p. 214). The client machine will be
Page | 4
� Server Administration and Maintenance
secured with a firewall with acces by administration privliges only. All information logged to be time
stamped and all logs will use cron commands to indicate time of actioning for the log and sending to
syslog. The cron command will be used to give daily, weekly and monthly logs.
Management of Log files
Syslog is to be used in order to collect information from other logs. Log files will be categorised by
importance and located on a large partition created for log files only. The following facilities will be
logged: Kernel, user processes, mail subsystem, printing subsystem authentication of users, cron and
syslog.
As described by Frisch (2002, p. 103) the facilities in the log files will be given a severity rating from
the following: emerg (system panic), alert (serious error. Immediate attention), crit (critical errors
like hard device errors) err (other errors), warnings (warnings), notice (noncritical), info (informative
message), debug (extra helpful information), none (ignore message) and mark (time stamp
messages).
All messages from syslog that have a level of emerg, alert and crit are sent directly to all system
administrators. Logs will be located on a client machine with its own partition on a HDD. Access will
be through the group user id for all logs so as to be more secure and allowing administrators to
access them without using sudo indicated by nenth, Snyder, & R.Hein (2007, p. 206).
Condensing Log files into useful information
Using software to make sense of the logs is beneficial to a business of this size because of the
amount of data being produced. Such software as cron, cups, imapd login su, and many others will
help to make sense of the incoming data in the logs. Using a program such as swatch, which will
need to be constantly running in order to read each new log created, can help in sorting the rubbish
from the harmful. One could suggest using an easy programming language such as Python to create
your own log checking or watching programme, which would allow you to receive the information
about the logs on your terms. It would be helpful to clarify the levels of severity and what processes
will now take effect.
Page | 5
� Server Administration and Maintenance
(c) Very Large Site
Assumptions:
Site: very large company
Users: 5000 + Users
All users will need to log on with secured authenticated user name and password to central
server located behind a firewall. It is expected that not all terminals will be in use at all
times.
It department with at least 40 staff
Logging policies used
Logging policies here will include security logging at building entrance or site entrance. In order to
enter building or site you will need Biometric or Radio Frequency Identification (RFID). Secure
username and authenticated password and an RFID card will be needed to log on to a terminal.
Three attempts before lock out of account. Group policies will be active. All logging will be through a
central logging host referred to as netloghost by nenth, Snyder, & R.Hein (2007, p. 214). The central
logging host will be secured with a firewall with acces by administration privliges only. All
information logged to be time stamped and all logs will use cron commands to indicate time of
actioning for the log and sending to syslog. The cron command will be used to give daily, weekly and
monthly logs.
The use of Pluggable Authentication Modules (PAM) will be use within the system so that
authentication can be more easily set in place for program access in conjunction with the UID and
GID policies which is suggested by Soyinka (2009, p. 89).
Management of Log files
As with the above large network it is the same here. However, the system log will be looked after by
a dedicated person or team members to keep the system reliable and effective. Syslog will be used
and monitored while the team members try to review the backup of potential harmful log files that
need attention on a regular basis.
Data collection here will take up Gigabytes (GB) of space and hours of management time. At this
level it would be wise to have many different servers to accommodate such a large amount of data.
Every user on every machine, using a multitude of programmes, connecting to multiple servers
through firewalls and antivirus systems, creates an overload of generic data as well as the important
helpful data. The need to find the correct information is apparent to all administrators, so the
information of data must be filtered through software such as swatch. Swatch traps cases
automatically says nenth, Snyder, & R.Hein (2007, p. 217), they go on to suggest that it takes
Page | 6
� Server Administration and Maintenance
practice to know what log information is important and which is not although software does help
but it is the human factor that is crucial. Below is a table (table 1) which shows software that uses
syslog as shown by nenth, Snyder, & R.Hein (2007, p. 218).
Software that uses syslog
Program Facility Levels Description
cron cron, daemon info Task‐scheduling daemon
cups lpr info Common UNIX Printing System
ftpd ftp info‐err FTP daemon (wu‐ftpd)
inetd daemon debug‐crit Internet super‐daemon (Debian)
imapd mail warning, err IMAP mail server
login authpriv info‐alert Login programs
lpd lpr info‐alert BSD printing system
named daemon info‐alert Name server (DNS)
ntpd daemon, user info‐crit Network time daemon
passwd authpriv notice, warning Password‐setting program
popper local0 debug, notice POP3 mail server
sendmail mail debug‐alert Mail transport system
ssh authpriv info Secure shell (remote logins)
su authpriv notice, crit Switches UIDs
sudo local2 notice, alert Limited su program
syslogd syslog, mark info, err Internal errors, time stamps
tcpd local7 debug‐err TCP wrapper for inetd
vmlinuz kern all The kernel
xinetd configurable info (default) Variant of inetd (Red Hat, SUSE)
Table 1 Software that uses syslog
Condensing Log files into useful information
Simple Event Correlator (SEC) is the management system that could be used here. This script reads
lines from files, named pipes and standard inputs and converts them into classes of “input events”
says nenth, Snyder, & R.Hein (2007, p. 221) by matching them to regular expressions. By doing this it
simply means that an administrator could setup up a script with the exact information as to what to
do when a certain error code or message was read by the program. Thereby resolving the problem
quickly and then notifying administrator of the problem and the immediate solution that was auto
generated.
Page | 7
� Server Administration and Maintenance
Bibliography
Frisch, A. (2002). Essential System Administration. Sebastopol, California , USA: O'Rielly & Associates,
Inc.
nenth, E., Snyder, G., & R.Hein, T. (2007). Linux Administration Handbook (2 nd ed.). Upper Saddle
River, NJ: Pearson Education, Inc.
Soyinka, W. (2009). Linux Administration A beginners Guide (5th ed.). (J. K. Brownlow, Ed.) USA: The
McGraw‐Hill Companies.
Page | 8
