[[email protected]]# cat /etc/# Log all kernel messages to the console. #kern.* /dev/console # Log anything (except mail) of level info or higher. *.info;mail.none;authpriv.none;cron.none:local2/var/log/messages # The authpriv file has restricted access.authpriv.* /var/log/secure # Log all the mail messages in one place.Let’s take a look at a typical logrotate.conf: In the example above, logrotate will perform the following actions for /var/loh/wtmp: attempt to rotate only once a month, but only if the file is at least 1 MB in size, then create a brand new log file with permissions set to 0664 and ownership given to user root and group utmp.
This section of the tutorial assumes that you have already installed the Maria DB server and client in the same RHEL 7 box where the logs are being managed: Note: If you don’t want to use the Maria DB root user to insert log messages to the database, you can configure another user account to do so.Explaining how to do that is out of the scope of this tutorial but is explained in detail in Maria DB knowledge base.mail.* -/var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file.In order to keep your RHEL 7 systems secure, you need to know how to monitor all of the activities that take place on such systems by examining log files.In this tutorial we will use the root account for simplicity.
Next, download the create script from Git Hub and import it into your database server: In this article we have explained how to set up system logging, how to rotate logs, and how to redirect the messages to a database for easier search. View all Posts Gabriel Cánepa Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina.
Of course examining logs (even with the help of tools such as grep and regular expressions) can become a rather tedious task.
For that reason, rsyslog allows us to export them into a database (OTB supported RDBMS include My SQL, Maria DB, Postgre SQL, and Oracle.
On Ubuntu and Debian it is not so obvious; the files contain the most lines from cron but these do not actually contain the lines we want.
Another method of finding which log file to check is to simply check the syslog configuration as the syslog configuration will show either a specific line for cron or cron being defaulted to a general log file.
Otherwise, you really want to consider removing old logs to save storage space.