Logging Services
Logging Services
Example:
dhcpd service.error
Any log is created event and any event created from facility (kern,
authentication, mail, ssh) and have priority (severity Level) .
Example:
authpriv.err all of this section called selector
kern.info log info
Note: that the log is used to track security attacks (auditing) so the logs is very
important and we have to separate the log server from any other machine and
secure it.
Log origin:
service create (httpd, samba, mail)
rsyslogd
systemctl journald
Server side:
Log server work with Either UDP or TCP port 514
To show how to write configuration to rsyslog:
[root@server ~]# man rsyslog.conf
Any changes done in the syslog file yum must restart the service:
[root@server ~]# systemctl restart rsyslog.service
[root@server ~]# systemctl status rsyslog.service
[root@server ~]# logger -p local7.debug "testing log system"
Note: the rsyslog service for all system messages to systemd-journald service,
to have a complete view of all system logs.
Journald:
Everything in the system is just a binary file and can be extracted by using one
of two methods, it is a very large file but it allow you to get anything from it:
1.systemctl
2.journalctl
Rotate log file weekly ==> this option configure weekly rotation
Keep for weeks worth of backlog ==> keep 4 files are kept (month)
create ==> to create new log files
dateext ==> date will be used as an extension for the created files
compress ==> to compress the rotated files to save space