CST8177 - Lab #7
Student Name
|
Student Number
|
Lab section
|
|
|
|
Service Management and System Logging
Objectives
To learn more about how to manage the system logs
See how crond and rsyslogd interoperate.
Begin to see how system services work together (daemon, config file, client, system logs). All the services you will learn about next semester follow this model.
In-Lab Demo - Display and explain all the entries in the rsyslog config file.
Preparation
Modify /boot/grub/grub.conf (Note: first, copy grub.conf to grub.conf.backup Just In Case) to add two stanzas matching your current one. To the end of the kernel statement for one of the copies add 3; at the end of to the other, add single (or s, or 1). Adjust the title statement for each stanza to be more descriptive (it's just text). You may also have to remove the statement hiddenmenu to permit the display of the menu.
Boot into runlevel 3 and log in as root to test your new grub.conf. Next, test single-user mode to check it as well. Return to runlevel 5.
Supporting commands:
runlevel - To display the previous and current runlevel
telinit n, where n is a runlevel number - To switch runlevel
pgrep and ps with grep – To search for a running process
chkconfig - To manage runlevel services
--list [service] - To list the state of one or all services in all runlevels; a state can be on or off
--level n service on - To change the state of a runlevel service to on in the specified runlevel
--level n service off - To change the state of a runlevel service to off in the specified runlevel
--add service - To add the service to the runlevels based on default settings from the runlevel scripts that exist
--del service - To remove the service from all runlevels
uname - To display basic system information
service – To manage system service daemons
Exercise #1: Identify system architecture
Identify the kernel version using uname -a
_______________________________________________________________________
Compare it with the kernel file name in the /boot directory.
_______________________________________________________________________
Are they the same version? [ Y / N ]
Exercise #2: Identify runlevel for the atd daemon
What is the current runlevel? How did you find it?
_______________________________________________________________________
Should atd be running at this level? [ Y / N ]
Is it? [ Y / N ]
How did you determine these things?
_______________________________________________________________________
_______________________________________________________________________
Stop the atd daemon and then start it up again.
_______________________________________________________________________
_______________________________________________________________________
Section A – The system logging daemon: rsyslogd
Linux and UNIX systems have a bunch of processes that are not attached to any terminal, and when they have errors to report they don't have a console to dump them to. In the very early days of UNIX development, each program would dump out errors into its own file. As you can imagine, this got to be unmanageable, as the files would be found (or rather, be hidden) all over the place.
A service was created to handle error logging: the service is called rsyslog (originally just syslog). The daemon is called rsyslogd, which uses the configuration file /etc/rsyslog.conf.
Exercise #1: Working with the rsyslog service
Note: The utility /sbin/rsyslogd is the daemon; the service started during startup is called rsyslog. In this lab, rsyslog always refers to the service and rsyslogd to the daemon. However, the whole thing is often just called syslog.
Runlevel configuration
Is the rsyslog service currently running? [ Y / N ]
Is the rsyslogd daemon currently running? [ Y / N ]
In which runlevels is the rsyslog service started?
____________________________________________________________________________
Disable the rsyslog service in runlevel 3 using the chkconfig command.
_____________________________________________________________________________
Is the rsyslog service still running? [ Y / N ]
Is the rsyslogd daemon still running? [ Y / N ]
Enable the rsyslog service in runlevel 3 using the chkconfig command.
_____________________________________________________________________________
Record the name of the rsyslog link (use the absolute path) that is used in the runlevel directory of runlevel 3:
_____________________________________________________________________________
Record the name of the rsyslog script (use the absolute path) that is executed when the service is activated:
_____________________________________________________________________________
Managing a service
The service command allows you to start, restart, stop, and get the status of a service, its daemon. It is usually a short script that facilitates the task of managing a service. The syntax of the command is:
service service_name start|restart|stop|status
Record the status of the rsyslog service using the service command:
_____________________________________________________________________________
Record the command line you use:
_____________________________________________________________________________
What is the pid (only) of your rsyslogd process? How did you find it?
_____________________________________________________________________________
Show the service command to stop the rsyslog service, and then stop it:
_____________________________________________________________________________
Record the status of the rsyslog service and the command used:
_____________________________________________________________________________
Show the command and the pid (only) of your rsyslogd process (daemon):
_____________________________________________________________________________
Show the service command to start the rsyslog service, and start it:
_____________________________________________________________________________
Record the status of the rsyslog service and the command used:
_____________________________________________________________________________
Show the command and the pid (only) of your rsyslogd process (daemon):
_____________________________________________________________________________
If your rsyslogd pid has changed during the steps above, briefly explain why:
_____________________________________________________________________________
_____________________________________________________________________________
_____________________________________________________________________________
Section B – Log files
Exercise #1: Viewing log files
To view the log file you can use the less command or, if the log file is very long and you are only interested in the most recent log data, the tail command. The tail command defaults to displaying the last 10 lines of a file (just as head defaults to the first 10) but you can modify this behaviour by providing the number of lines as an option to the command.
Example #1: view the whole log file in pages
less /var/log/maillog
Example #2: view the last 10 lines of the log file
tail /var/log/maillog
Example #3: view the last 20 lines of the log file
tail -20 /var/log/maillog
Example #4: follow (-f) the tail of the log file as lines are added
(^C to exit when done)
tail -f /var/log/maillog
View the log files below and note the type of information recorded. Note: If your log files do not have any content, check your rotated log files. They will have the same base name modified by the date of rotation or a sequence number.
Log rotation is necessary since each log file grows over time and will soon become an inconvenient size for viewing or worse, fill the disk. When each log file qualifies, that log file is renamed to an archive name and a new log file created. When there are more than some limit of archived log files (there's a set of rules to look at), the oldest is deleted.
/var/log/secure
/var/log/messages
/var/log/dmesg
Note: Execute the command dmesg. Do you notice a difference between the content of the log file and the output of the command? You should.
The utility dmesg retrieves the contents that are currently stored in the kernel ring-buffer, while the log file is created at startup and is only a record of the last startup process.
Exercise #2: Creating and analyzing log data
In this exercise, create a new account and view the resulting log entries.
Record enough of the last line in /var/log/secure to identify it
_______________________________________________________________________
Create a new user account (skip the /home set up)
_______________________________________________________________________
Set a password for the new user.
_______________________________________________________________________
View the log file /var/log/secure and record the new log entries.
_______________________________________________________________________
_______________________________________________________________________
_______________________________________________________________________
Remove the new user
_______________________________________________________________________