CT320: Network and System Administration

Fall 2019

Logging

Show Lecture.Logging as a slide show.

CT320 Logging

Chapter 11: Logging

Original slides from Dr. James Walden at Northern Kentucky University.

Overview

Finding logfiles

Finding logfiles (cont’d)

FileProgramFreqContents
acpidacpid-power related events
boot.logrc scriptsmonthlysystem startup scripts
croncronweeklycron execution and errors
cupsCUPSweeklyprinting related messages
dmesgkernel-kernel message buffer
faillogloginweeklyunsuccessful login attempts
/etc/httpdhttpddailyApache HTTP server logs
lastloglogin-last login time per user
mailmailersweeklymail facility messages

Finding logfiles (cont’d)

FileProgramFreqContents
messagesvariousweeklymain system log
samba/*smbdweeklySamba file sharing
securesshdmonthlyprivate authorization messages
sulogsu-successes and failures
syslogvariousweeklymain system logfile
warnvariousweeklywarning and error messages

syslog: system event logger

syslog: facility names

FacilityPrograms that use it
authauthorization commands
croncron
daemonsystem daemons
ftpftpd
kernkernel
lprline printer spooling
mailsendmail
syslogsyslogd
useruser processes

syslog: severity levels

LevelMeaning
emergpanic situations
alerturgent situations
critcritical conditions
errother error conditions
warningwarning messages
noticemight merit investigation
infoinformation messages
debugfor debugging only

syslog: action field

ActionMeaning
filenameappend message to local file
@hostnameforward to syslogd on hostname
@ipaddressforward to syslogd at ipaddress
|fifonamewrite to named pipe
user₁,user₂,…write to screens of listed users
*write to screens of all users

syslog: config examples

    # emergencies: tell everyone who is logged in
    *.emerg *
    # warnings: store them in message log
    *.warning /var/log/messages
    # kernel: store them in local log
    kern.info /var/log/kern.log
    # send to network logger
    auth.info @netloghost

logrotate

Logging Policies