Setting up System Logging Part II

Setting Up System Logging – Part II

Common Log Files

• As mentioned earlier, the default “ rsyslog.conf ” configuration works quite well in most situations, and it ensures that all important messages are written to different log files in the “ var/log “ directory.

The most important file that you’ll find in this directory is “ var/log/messages “ … which contains nearly all of the messages that pass through “ syslog “…

Example: “messages” log located in /var/log directory

 Listing 3.5 shows messages generated from different sources

 Every line in this log file is composed of a few standard components.. For Example:

1. To start with, there’s the date and time when the message was logged
2. Next, you see the name of the server (hnl in this example)
3. Next, the name of the process is mentioned
4. Finally, you can see the actual messages that were logged

 You will recognize the same structure in all log files..log into CentOS and run command “tail –f /var/log/secure “

 The file /var/log/secure is where you’ll find all messages that are related to authentication. . .the tail –f command opens the last 10 lines in this file and shows new lines while they are added. . . This gives you a very convenient way to monitor a log file and to find out what is going on with your server

Example Below:

Setting up Logrotate:

• On a very busy server, you may find that entries get added to your log files really fast
• This poses a risk BECAUSE you server may quickly become filled with log messages, leaving little space for regular files. There are 2 solutions to this problem:

1. The directory /var/log should be on a dedicated partition or logical volume

2. Another solution, is using “ logrotate “. . .By default, the logrotate command runs as a cron job once a day from /etc/cron.daily, and it helps you define a policy where log files that grow beyond a certain age or size are rotated.

Rotating a log file basically means that the old log file is closed and a new log file is opened.

 In most cases, logrotate keeps a certain number of the old logged files, often stored as compressed files on disk.

In the logrotate configuration, you can define exactly how you want to handle the rotation of log files . . . when the maximum amount of old log files is reached, logrotate removes them automatically

The configuration of logrotate is spread out between two different locations. . .

-The main logrotate file is “ /etc/logrotate.conf “ . . . In this file, some generic parameters are stored in addition to specific parameters that define how particular files should be handled

-The logrotate configuration for specific services is stored in the “ /etc/logrotate.d “ directory. . .these scripts are typically put there when you install the service, buy you can modify them as you like

-The logrotate file for the “sssd” services provides a good example to use if you want to create your own logrotatefile..

-Example of“ logrotate configuration file “ is below… Also go to Centos to check it out

• Listing 3.7 shown above… Breakdown time:

To start, the sample file tells logrotate which files to rotate… In this example, it applies to all files in “ /var/log/sssd “ where the name ends in “log”

The interesting parameters in this file are weekly, rotate 2, and compress

 The parameter “weekly” tells logrotate to rotate the files once every week

 Next, “rotate 2” tells logrotate to keep the two last versions of the file and remove everything that is older.

 “compress” parameter tells logrotate to compress the old files so that they take up less disk space.

 missingok - means to not output error if log file is missing

 notifempty - do not rotate log file if it is empty

Hands-on Example to Try:

As opposed to "logrotate.conf" file, a directory [ /etc/logrotate.d/ ] contains specific service configuration files used by logrotate..... Now Let's Create a sample Skeleton logrotate configuration

• let's say we have a logfile called: linuxcareer.log in the " /var/log " directory that needs to be rotated on a daily basis.

• First, we need to create a new logrotate configuration file to accomodate for our new log file

Insert the following text into: /etc/logrotate.d/linuxcareer:

Here's a line-by-line explanation of the above file:

To see more configuration options, run command: # man logrotate

Testing a new Logrotate configuration:

• Once you have created a new logrotate configuration file within /etc/logrotate.d:

EXAMPLE: # logrotate -f /etc/logrotate.d/linuxcareer

Exercises:

Configuring_Logging