Lesson 1
System and Kernel Logging
Security Defense Compromises
Adequate system logs are an administrator's first line of defense against problems and security compromises. Linux applications and the kernel itself record system-log messages in a consistent, easily accessible format. To quickly resolve system problems, you need to understand the purpose and content of each logfile. In this module, you will investigate Linux's logging directory and the standard system logfiles and application-specific logs stored there. You will learn how to access recent kernel messages and how to examine a typical logfile so you can quickly catch and fix problems. You will see how to administer, configure, maintain, and monitor the system logs so you don't miss security, hardware, or software problems.
Learning Objectives
After completing this module, you will be able to
- List logfiles for troubleshooting
- Display recent and old kernel messages
- Examine system logs' contents for significant events
- Configure the system log
- Describe the Red Hat Linux method for rotating logs
- Monitor logs with logwatch
The next lesson lists the logfiles required for troubleshooting.
One of the things which makes GNU/Linux a great operating system is that virtually anything and everything happening on and to the system may be logged in some manner. This information is invaluable for using the system in an informed manner, and should be one of the first resources you use to trouble-shoot system and application issues. The logs can tell you almost anything you need to know, as long as you have an idea where to look first.
Your Ubuntu system provides vital information using various system log files. These log files are typically plain ASCII text in a standard log file format, and most of them sit in the traditional system log subdirectory /var/log. Many are generated by the system log daemon, syslogd on behalf of the system and certain applications, while some applications generate their own logs by writing directly to files in /var/log. This guide talks about how to read and use several of these system log files, how to use and configure the system logging daemon, syslogd, and how log rotation works.
Redirecting logs to a loghost with rsyslogd
To redirect your computer's log files to another computer's rsyslogd, you must make some changes to your local rsyslogd's configuration file. The file that you need to work with is /etc/rsyslog.conf. If you are not already root, become root and then open the /etc/rsyslog.conf file in a text editor (such as vi).