1 / 18

CIS 193A – Lesson3

CIS 193A – Lesson3. Vigilance! Logging & Monitoring. Syslog Logrotate Logwatch Accounting. Focus Question. What tools does Linux provide for organizing and making useful sense of logged output?. The Syslog Utility. Daemons: syslogd and klogd Configuration: /etc/syslog.conf

stesha
Télécharger la présentation

CIS 193A – Lesson3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CIS 193A – Lesson3 Vigilance!Logging & Monitoring Syslog Logrotate Logwatch Accounting

  2. Focus Question What tools does Linux provide for organizing and making useful sense of logged output?

  3. The Syslog Utility • Daemons: syslogd and klogd • Configuration: /etc/syslog.conf • Log files: /var/log/messagessecuremaillogcronspooler boot.log

  4. Syslog Facilities Syslog categorizes messages into the following “facilities”: • authpriv - local0 • cron - local1 • daemon - local2 • ftp - local3 • kern - local4 • lpr - local5 • mail - local6 • news - local7 • syslog,user,uucp

  5. Syslog – Levels of Logging • Syslog organizes messages within a facility according to level of importance: • emerg • alert • crit • err • warning • notice • info • debug • Logging at one of these levels, logs all messages at that level and above

  6. Log Files • Syslog logs to files, but in UNIX, everything is a file! • Regular files in /var/log/ • Terminal screens: /dev/console • Another program: | program • A remote syslog server: @servername

  7. The logger Command The logger command allows shell scripts to use the syslog facility:logger [-t tag] –p facility.level “message” The logger command will also read the message to log from stdin: echo “message” | logger –p facility.level Often used in service init scripts.

  8. The logrotate Facility Customizable, pluggable log-rotating system. • Executable: /usr/sbin/logrotate activated by cron on a daily basis • Configuration: /etc/logrotate.conf and /etc/logrotate.d/*logrotate.conf contains global settings, and individual services add their settings to logrotate.d

  9. Features of logrotate • Rotates any file through a series of predefined extensions: .1, .2, … .n • You configure the frequency. • May compress files as well. • May rotate based on size of file. • May mail you the last file of series rather than delete.

  10. Configuration File Syntax Filename [,filename] { rotate n # n is number of copies weekly # frequency: daily, monthly compress mail email size nk postrotate command to restart logging service endscript }

  11. logwatch

  12. The logwatch Service Customizable, pluggable log-monitoring system written in perl. Goes through your logs for a given period of time and make a report in the areas that you wish with the detail that you wish. • Executable: /usr/sbin/logwatch • Configuration: /etc/logwatch /usr/share/logwatch/default.conf/*

  13. logwatch Features • Will analyze logfiles by service. • Supports three levels of detail. • Analyzes today’s, yesterday’s or historical data. • Mails summary of analysis to root account. • Extensible, drop-in scripts and configuration files.

  14. Logwatch Examples Although logwatch is normally run from cron just before a logrotate is done, you can run the command from the command line: logwatch --range all –-detail high –-service sshd –-print Logwatch –-range yesterday –-detail low –-logfile secure

  15. Process Accounting

  16. A Suite of Utilities • As a service: psacct • logs to /var/account/pacct • As a client: lastcomm • Other clients: • ac • sa • last, lastb

  17. Review

  18. Focus Question What tools does Linux provide for organizing and making useful sense of logging output? Syslog allows you to organize log messages from different facilities according to their severity level. Logrotate prevents the log files from getting too large, and logwatch summarizes information from the logs.

More Related