14 logging journalctl rsyslog logrotate /var/log/ | systemctl status

By OK -

journald information is mainly accessed through systemctl status (journalctl)
everything else (rsyslog) is in /var/log/messages and other files  in /var/log


[root@localhost linda]# lsof /var/log/messages
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
abrt-watc  750 root    4r   REG  253,0   156115 67567391 /var/log/messages
rsyslogd  1031 root    4w   REG  253,0   156115 67567391 /var/log/messages
[root@localhost linda]# 




logging information 
- journalctl (systemd)
- rsyslog (old system to logging information)
[root@svn ~]# cat /etc/rsyslog.conf 

#### RULES ####

 # Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

 # Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
#everything logs to /var/log/messages except mail,authpriv,cron
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

 # Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog
# Log cron stuff
cron.*                                                  /var/log/cron

 # Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

 # Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

 # Save boot messages also to boot.log
local7.*  
[root@svn ~]# systemctl status rsyslog

 [root@svn ~]# journalctl -b  #shows boot information
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:42:02 EEST. --
Jul 04 21:45:31 localhost.localdomain systemd-journal[92]: Runtime journal is using 8.0
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuset
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpu
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuacct
Jul 04 21:45:31 localhost.localdomain kernel: Linux version 3.10.0-514.el7.x86_64 (buil
Jul 04 21:45:31 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-
Jul 04 21:45:31 localhost.localdomain kernel: Disabled fast string operations
Jul 04 21:45:31 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
Jul 04 21:45:31 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000000000x0000

[root@svn ~]# journalctl --since=yesterday
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:43:01 EEST. --
Jul 11 22:27:34 svn.localdomain systemd[1]: Time has been changed
Jul 11 22:27:34 svn.localdomain dbus[660]: [system] Successfully activated service 'org
Jul 11 22:27:34 svn.localdomain dbus-daemon[660]: dbus[660]: [system] Successfully acti
Jul 11 22:27:34 svn.localdomain systemd[1]: Started Network Manager Script Dispatcher S

 journald and systemctl are integrated

 rsyslog has got log-server, which holds logs for a long period.
journald could use rsyslog log-server for logging purpose

 journald information is automatically logged to rsyslog

 Jul 11 22:27:34 svn.localdomain NetworkManager[760]: <info>  [1499801254.5861] device (
[root@svn ~]# systemctl status
● svn.localdomain
    State: degraded
     Jobs: 0 queued
   Failed: 1 units
    Since: Tue 2017-07-04 21:45:32 EEST; 1 weeks 0 days ago
   CGroup: /
           ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
           ├─user.slice
           │ ├─user-1000.slice
           │ │ └─session-1.scope
           │ │   ├─ 2824 gdm-session-worker [pam/gdm-password]
           │ │   ├─ 2836 /usr/bin/gnome-keyring-daemon --daemonize --login
           │ │   ├─ 2839 gnome-session --session gnome-classic

[root@svn ~]# journalctl slapd
Failed to add match 'slapd': Invalid argument
Failed to add filters: Invalid argument

[root@svn ~]# journalctl -u slapd
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:47:01 EEST. --
Jul 04 21:45:49 svn.localdomain systemd[1]: Starting OpenLDAP Server Daemon...
Jul 04 21:45:49 svn.localdomain runuser[1131]: pam_unix(runuser:session): session opene
Jul 04 21:45:50 svn.localdomain runuser[1131]: pam_unix(runuser:session): session close
Jul 04 21:45:51 svn.localdomain slapcat[1206]: DIGEST-MD5 common mech free
Jul 04 21:45:51 svn.localdomain runuser[1243]: pam_unix(runuser:session): session opene

[root@svn ~]# journalctl -u slapd -o verbose
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:48:01 EEST. --
Tue 2017-07-04 21:45:49.580142 EEST [s=15cf7ac6bd7e4cf9b239a878584a8f43;i=8ba;b=53df0ce
    PRIORITY=6
    _UID=0
    _GID=0
    _BOOT_ID=53df0ce6b4c54e0bb62f180adeed377c
    _MACHINE_ID=89eb0221097e4741bc835bff78792748
    SYSLOG_FACILITY=3
    SYSLOG_IDENTIFIER=systemd
    _TRANSPORT=journal
    _PID=1
    _COMM=systemd
    _EXE=/usr/lib/systemd/systemd
    _CAP_EFFECTIVE=1fffffffff
    _SYSTEMD_CGROUP=/
    CODE_FILE=src/core/unit.c
    CODE_LINE=1413
    CODE_FUNCTION=unit_status_log_starting_stopping_reloading
    MESSAGE_ID=7d4958e842da4a758f6c1cdc7b36dcc5
    _HOSTNAME=svn.localdomain
    _CMDLINE=/usr/lib/systemd/systemd --switched-root --system --deserialize 21
    _SELINUX_CONTEXT=system_u:system_r:init_t:s0
    UNIT=slapd.service
    MESSAGE=Starting OpenLDAP Server Daemon...
============
logrotate


 [root@svn ~]# cat /etc/logrotate.d/vsftpd 
/var/log/vsftpd.log {
    # ftpd doesn't handle SIGHUP properly
    nocompress
    missingok
}

 /var/log/xferlog {
    # ftpd doesn't handle SIGHUP properly
    nocompress
    missingok
}
[root@svn ~]# 


[root@svn ~]# cat /etc/cron.daily/logrotate 
#!/bin/sh

/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
[root@svn ~]# 

show current folder size
[root@svn Downloads]# du -hs
1.9G .


How to add apache to logrotate

Add the following file to /etc/logrotate.d directory.
# vi /etc/logrotate.d/apache
/usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log {
    size 100M
    compress
    dateext
    maxage 30
    postrotate
      /usr/bin/killall -HUP httpd
      ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated" ramesh@thegeekstuff.com
    endscript
}


After adding the above /etc/logrotate.d/apache file, for testing purpose, you can manually call the logrotate script as shown below.
# /etc/cron.daily/logrotate
Once the log files are rotated, do a ls to verify them. As we explained above, the rotated log files will be kept for 30 days.
# ls /usr/local/apache2/logs
access_log
error_log
access_log-20110716.gz
error_log-20110716.gz

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more