Chapter 18: Logging and Time Services

Hardware clock, System clock

A Linux computer typically maintains these two clocks

0.pool.ntp.org

An opensource public aliased pool of the global list of NTP servers

tail -f /var/log/secure

Command to follow the secure log file for people logging in

ntpdate ntpfoo

Command to update the system clock via an NTP server ntpfoo

ntpq

Command used to query an NTP server for its statistics and connects to the local host by default

2015 04 26 20 19

If you ran date "+%Y %m %d %H %M" on April 26, 2015 at 8:19 p.m what would you see

kernel.warning, cron.err

If your syslog.conf file contained a line such as *.notice;mail.none /var/log/foo What two messages would make it into /var/log/foo

1, alert

Level, tag syslog for Alert: Immediate action is needed to prevent a failure

2, crit

Level, tag syslog for Critical: The system has reached a critical level

7, debug

Level, tag syslog for Debug: A message about internal state that is for debugging problems

0, emerg

Level, tag syslog for Emergency: The system is unusable

3, err

Level, tag syslog for Error: Some part of the system encountered an error

6, info

Level, tag syslog for Informational: A normal log entry about a routine event that happened successfully

5, notice

Level, tag syslog for Notice: Not an error condition, but may need special handling

4, warn

Level, tag syslog for Warning: Something happened that may have been processed incorrectly

/var/log/maillog

Location for all logs relating to email

/var/log/messages

Location for general purpose log messages that aren't in one of the other files

/var/log/xferlog

Location for logs of local File Transfer Protocol server activity

/var/log/cron

Location for logs of schedule job activity

/var/log/secure

Location for security logs, such as records of connection attempts and failures

From cron or anacron

Log rotation is triggered

mail

Syslog facility for email server

syslog

Syslog facility for internal messages for syslog

kern

Syslog facility for kernel messages

daemon

Syslog facility for other system daemons

lpr

Syslog facility for printing

user

Syslog facility for random user level messages

cron

Syslog facility for scheduled jobs such as cron and at

auth

Syslog facility for security logs that can be public

authpriv

Syslog facility for security logs that need to be private

local0-7

Syslog facility for the eight different user-definable facilites

/etc/ntp.conf

The configuration file for ntpd

/var/log/messages

The default location for logs

/var/log/journal

The location where systemd stores its log files

klogd

The logger daemon that listens for kernel logs and forwards them to syslogd

10%

The percentage of the filesystem journal will use before expiring entries

The Linux kernel

The source of the Linux system clock is

date 012118302016

What command sets the clock to 6:30 p.m on January 21, 2016 if the current year is 2015

hwclock -u

What command will check the hardware clock time if using UTC

logger This is a message

What command will log a message "This is a message" to syslog from the command line

ntpdate pool.ntp.org

What command will update a server clock from a remote time source

journalctl -f

What command will watch the systemd journal logs in real time

hwclock -w

What command would copy the software clock time to the hardware clock

/etc/adjtime

What file will display whether the hardware clock is set to UTC or LOCAL

stratum 2 NTP

What is a server that uses another server to get time from that has a reference clock

syslog-ng

What is an alternative syslog implementation

*.debug;mail.none

What syslog configuration rules ignores anything from the mail facility but captures info messages from other places

hwclock --systohc, hwclock -w

What two commands will set the hardware clock using the value of the system clock

warning, alert

What two syslog severities are more severe than notice

journalctl

command to view a journald binary log file

+%H

date option to display the current hour in 24-hour time

+%M

date option to display the current minute

+%S

date option to display the current second

+%s

date option to display the current time since epoch

+%Y

date option to display the four-digit year

+%d

date option to display the two-digit day

+%m

date option to display the two-digit month

-u

journalctl option to filter logs by only those generated by the given systemd unit

-f

journalctl option to follow logs as they are written

-r

journalctl option to view logs in reverse

-e

journalctl option to view the end of the logs

/etc/systemd/journald.conf

journald's configuration file

logger -p

logger option to override the default destination of the message being the user facility at the notice level

journald

logging tool that logs to a binary file

/etc/logrotate.conf, /etc/logrotate.d

logrotate's configuration files

peers

ntpq command line command to give details about each of the servers defined with the server keyword in the configuration

associations

ntpq command line command to give more details about each of the servers defined with the server keyword in the configuration including how well the remote server is performing

-r

option to start a syslog server to receive remote messages

/etc/syslog.conf

syslogd's configuration file