Reviewing System Logs and Updating the journald Configuration

30 minutes
  • 4 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you will be reviewing the `secure` log located in the `/var/log` directory to check for any critical issues and will make a backup copy of the current log file in your home directory. After backing up the `secure` log, you will check to see if the system journals are configured to be persistent. If not, update the configuration to be persistent and limit the size of the journal files.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Review the /var/log/secure Log File for Any Critical Authorization Issues
  • Use the less command to view the file.
  • Jump to the end of the file and tail it for a bit to view inbound traffic.
Create a Backup of the /var/log/secure Log File
  • Create a log_archive directory in your home directory.
  • Copy the /var/log/secure file to the log_archive directory. Be sure to preserve extended attributes and security contexts when copying the file.
Determine If Journals Are Configured to Be Persistent
  • Confirm the /var/log/journal directory exists.
  • Create the /var/log/journal directory.
  • Confirm journal data is being written to the directory.
Update the journald Configuration to Limit the Size of Journal Files
  • Review the /etc/systemd/journald.conf.
  • Add SystemMaxUse=50M to the end of the configuration file.
  • Cycle the journald service.

Additional Resources

SCENARIO:

The development team has completed validation on a new server you delivered to them a while back. You are reviewing your final release checklist to sign off and release the server to the team. The last steps are to review the /var/log/secure log file for any critical authorization issues and backup the file. Then review journald configuration to confirm journals persist between reboots and update the configuration if necessary.

To complete the check list and officially release the server to the team, you will need to:

  • Review the secure log file for any recent access violations.
  • Make a copy of the secure.log file in the cloud_user's home directory.
  • Check to see if journals persistent between reboots.
  • Complete the configuration by creating the the journal directory, then update the configuration to limit the journal size.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?