CST8177 - Lab #7
Student Name
 Student Number
Lab section

		

		

		
Service Management and System Logging
Objectives
In-Lab Demo - Display and explain all the entries in the rsyslog config file.
Preparation
Modify /boot/grub/grub.conf (Note: first, copy grub.conf to grub.conf.backup Just In Case) to add two stanzas matching your current one. To the end of the kernel statement for one of the copies add 3; at the end of  to the other, add single (or s, or 1). Adjust the title statement for each stanza to be more descriptive (it's just text). You may also have to remove the statement hiddenmenu to permit the display of the menu.
Boot into runlevel 3 and log in as root to test your new grub.conf. Next, test single-user mode to check it as well. Return to runlevel 5.
Supporting commands:
Exercise #1: Identify system architecture
Exercise #2: Identify runlevel for the atd daemon
Section A – The system logging daemon: rsyslogd
Linux and UNIX systems have a bunch of processes that are not attached to any terminal, and when they have errors to report they don't have a console to dump them to. In the very early days of UNIX development, each program would dump out errors into its own file. As you can imagine, this got to be unmanageable, as the files would be found (or rather, be hidden) all over the place.
A service was created to handle error logging: the service is called rsyslog (originally just syslog). The daemon is called rsyslogd, which uses the configuration file /etc/rsyslog.conf.
Exercise #1: Working with the rsyslog service
Note: The utility /sbin/rsyslogd is the daemon; the service started during startup is called rsyslog. In this lab, rsyslog always refers to the service and rsyslogd to the daemon. However, the whole thing is often just called syslog.
Runlevel configuration
Is the rsyslog service currently running?			[  Y  /  N  ]
Is the rsyslogd daemon currently running?			[  Y  /  N  ]
In which runlevels is the rsyslog service started?
____________________________________________________________________________
Disable the rsyslog service in runlevel 3 using the chkconfig command.
_____________________________________________________________________________
Is the rsyslog service still running?				[  Y  /  N  ]
Is the rsyslogd daemon still running?				[  Y  /  N  ]
Enable the rsyslog service in runlevel 3 using the chkconfig command.
_____________________________________________________________________________

Record the name of the rsyslog link (use the absolute path) that is used in the runlevel directory of runlevel 3:
_____________________________________________________________________________
Record the name of the rsyslog script (use the absolute path) that is executed when the service is activated:
_____________________________________________________________________________
Managing a service
The service command allows you to start, restart, stop, and get the status of a service, its daemon. It is usually a short script that facilitates the task of managing a service. The syntax of the command is:
service  service_name  start|restart|stop|status
Record the status of the rsyslog service using the service command:
_____________________________________________________________________________
Record the command line you use:
_____________________________________________________________________________
What is the pid (only) of your rsyslogd process? How did you find it?
_____________________________________________________________________________
Show the service command to stop the rsyslog service, and then stop it:
_____________________________________________________________________________
Record the status of the rsyslog service and the command used:
_____________________________________________________________________________
Show the command and the pid (only) of your rsyslogd process (daemon):
_____________________________________________________________________________
Show the service command to start the rsyslog service, and start it:
_____________________________________________________________________________
Record the status of the rsyslog service and the command used:
_____________________________________________________________________________
Show the command and the pid (only) of your rsyslogd process (daemon):
_____________________________________________________________________________
If your rsyslogd pid has changed during the steps above, briefly explain why:
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________

Section B – Log files
Exercise #1: Viewing log files
To view the log file you can use the less command or, if the log file is very long and you are only interested in the most recent log data, the tail command. The tail command defaults to displaying the last 10 lines of a file (just as head defaults to the first 10) but you can modify this behaviour by providing the number of lines as an option to the command.
Example #1: view the whole log file in pages
less /var/log/maillog
Example #2: view the last 10 lines of the log file
tail /var/log/maillog
Example #3: view the last 20 lines of the log file
tail -20 /var/log/maillog
Example #4: follow (-f) the tail of the log file as lines are added
(^C to exit when done)
tail -f /var/log/maillog View the log files below and note the type of information recorded. Note: If your log files do not have any content, check your rotated log files. They will have the same base name modified by the date of rotation or a sequence number. Log rotation is necessary since each log file grows over time and will soon become an inconvenient size for viewing or worse, fill the disk. When each log file qualifies, that log file is renamed to an archive name and a new log file created. When there are more than some limit of archived log files (there's a set of rules to look at), the oldest is deleted.
Note: Execute the command dmesg. Do you notice a difference between the content of the log file and the output of the command? You should.
The utility dmesg retrieves the contents that are currently stored in the kernel ring-buffer, while the log file is created at startup and is only a record of the last startup process.
Exercise #2: Creating and analyzing log data
In this exercise, create a new account and view the resulting log entries.