Linux System Administration
From Colwiki.org
Logfiles and configuration files
|
We will concentrate on the main tasks of system administration such as monitoring log files, scheduling jobs using at and cron. This also includes an overview of the documentation available (manpages and online resources) as well as some backup concepts.
Contents |
Logfiles and Configuration files
The /var/log/ directory
This is the directory where most logfiles are kept. Some applications generate their own log files (such as squid or samba). Most of the system logs are managed by the syslogd daemon. Common system files are :
cron keeps track of messages generated when cron executes mail messages relating to mail messages logs all messages except private authentication authpriv, cron, mail and news secure logs all failed authentications, users added/deleted etc
The most important log file is messages where most activities are logged.
The /etc/syslog.conf file
When syslogd is started it reads the /etc/syslog.conf configuration file by default. One can also start syslogd with -f and the path to an alternative config file. This file must contain a list of items followed by a priority, followed by the path to the log-file:
item1.priority1 ; item2.priority2 /path-to-log-file
Valid items are :
auth and authpriv user general and private authentication
cron cron daemon messages
kern kernel messages
mail
news
user user processes
uucp
Valid priorities are: (from highest to lowest)
emerg
alert
crit
err
warning
notice
info
debug
*
none
Priorities are minimal! All higher priorities will be logged too. To force a priority to be info only you need to use an '=' sign as in:
user.=info /var/log/user_activity
Listing of /etc/syslog.conf
# Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages, plus log them on another # machine. *.emerg * *.emerg @10.1.1.254 # Save boot messages also to boot.log local7.* /var/log/boot.log # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice
Log Utilities
The logger command
The first utility logger conveniently logs messages to the /var/log/messages file: If you type the following:
logger program myscipt ERR
The end of /var/log/messages should now have a message similar to this:
Jul 17 19:31:00 localhost penguin: program myscript ERR
local settings
The logger utility logs messages to /var/log/messages by default. There are local items defined that can help you create your own logfiles as follows. local0 to local7 are available items for administrators to use. The availability depends on the system (RedHat local7 logs boot-time information in /var/log/boot.log). Add the following line to /etc/syslog.conf:
local4.* /dev/tty9
Restart the syslogd
killall -HUP syslogd
The next command will be logged on the /dev/tty9
logger -p local4.notice "This script is writing to /dev/tty9"
An interesting device is the /dev/speech this is installed with the Festival tools.
Logrotate
The log files are updated using logrotate. Usually logrotate is run daily as a cron job. The configuration file /etc/logrotate.conf contains commands to create or compress files.
Listing of logrotate.conf
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# send errors to root
errors root
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
compress
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own lastlog or wtmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
Automatic Tasks
Using cron
The program responsible for running crons is called crond. Every minute the crond will read specific files containing command to be executed. These files are called crontabs.
User crontabs are in /var/spool/cron/<username>. These files should not be edited directly by non-root users and need to be edited using the crontab tool (see below).
The system crontab is /etc/crontab. This file will periodically exectute all the scripts in /etc/cron.* this includes any symbolic link pointing to scripts or binaries on the system. To manipulate cron entries one uses the crontab utility. Scheduled tasks are view with the -l option as seen below:
crontab -l
# DO NOT EDIT THIS FILE - edit the master and reinstall
# (/tmp/crontab.1391 installed on Tue Jul 17 17:56:48 2001)
# (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
0 * * 07 2 /usr/bin/find /home/penguin -name core -exec rm {} \;
Does the user root have any crontabs? Similarly the -e option will open your default editor and lets you enter a cron entry. User root can use the -u to view and change any user's cron entries. To delete your crontab file use crontab -r.
This is the format for crontabs :
Minutes(0-59) Hours(0-23) Day of Month(1-31) Month(1-12) Day of Week(0-6) command
Permissions
By default any user can use crontab. However you can control the accessibility with /etc/cron.deny and /etc/cron.allow.
Scheduling with “at”
The at jobs are run by the atd daemon. At jobs are spooled in /var/spool/at/. The at command is used to schedule a one off task with the syntax
at [time]
Where time can be expressed as:
now 3am + 2days midnight 10:15 Apr 12 teatime
For a complete list of valid time formats see /usr/share/doc/at-xxx/timespec. You can list commands that are scheduled with atq or at -l. The at jobs are saved in /var/spool/at/:
ls /var/spool/at/ ➔ a0000100fd244d spool
When using atq you should have a list of jobs proceeded by a number. You can use this number to dequeue it:
atq ➔ 1 2001-07-17 18:21 a root
From the atq listing we see that the job number is 1, so we can remove the job from the spool as follows:
at -d 1
By default at is restricted to the root user. To override this you must either have an empty /etc/at.deny or have a /etc/at.allow with the appropriate names.
Backups and Compressions
Backup strategies
There are three main strategies to back up a system:
- Full: copy all files
- Incremental: The first incremental copies all files added or changed since the last full backup, and subsequently copies all the files added or changed since the last incremental backup
- Differential: Copies all files added or changed since the last full backup
Example: If you made a full backup and 3 differential backups before a crash, how many tapes would you need to restore ?
Creating archives with tar
The main option to create an archive with tar is -c. You can also specify the name of the archive as the first argument if you use the -f flag.
tar -cf home.tar /home/
If you don't specify the file as an argument tar -c will simply output the archive as standard output:
tar -c /home/ > home.tar
Extracting archives with tar
Extracting is straight forward. Replace the -c flag with an -x. This will cause the archive file to create directories if necessary and copy the archived files in your current directory. To redirect the output of the extracted archive into the directory /usr/share/doc, for example, you can do:
tar xf backeddocs.tar -C /usr/share/doc
Compressions
All archives can be compressed using different compression utilities. These flags are available when creating, testing or extracting an archive:
tar option compression type Z compress z gzip j bzip2.
The cpio utility
The cpio utility is used to copy files to and from archives. List of files must be given to cpio either through a pipe (as when used with find) or via a file redirection such as with;
- Extract an archive on a tape:
cpio -i < /dev/tape
- Create an archive for the /etc directory:
find /etc | cpio -o > etc.cpio
Documentation
Manpages and the whatis database
The manpages are organised in sections
NAME the name of the item followed by a short one line description. SYNOPSYS the syntax for the command DESCRIPTION a longer description OPTIONS a review of all possible options and their function FILES files that are related to the current item (configuration files etc) SEE ALSO other manpages related to the current topic
These are the main sections one would expect within a manpage. The whatis database stores the NAME section of all the manpages on the system. This is done through a daily cron. The whatis database has the following two entries:
name(key) – one line description
The syntax for whatis is:
whatis <string>
The output is the full NAME section of the manpages where string matched named(key) . One can also use the man command to query the whatis database. The syntax is
man -k <string>
Unlike whatis this will query both the “name” and the “one line description” entries of the database. If the string matches a word in any of these fields the above query will return the full NAME section.
Example: (the matching string has been highlighted)
whatis lilo lilo (8) - install boot loader lilo.conf [lilo] (5) - configuration file for lilo
man -k lilo grubby (8) - command line tool for configuring grub, lilo, and elilo lilo (8) - install boot loader lilo.conf [lilo] (5) - configuration file for lilo
The FHS recommends manpages to be kept in /usr/share/man
Manpage Sections
Section 1 Information on executables Section 2 System calls, e.g mkdir(2) Section 3 Library calls, e.g stdio(3) Section 4 Devices (files in /dev) Section 5 Configuration files and formats Section 6 Games Section 7 Macro packages Section 8 Administration commands Section 9 Kernel routines
To access a specific section N one has to enter: man N command
Examples:
man mkdir man 2 mkdir
man crontab man 5 crontab
Info pages
The FHS recommends info pages be kept in /usr/share/info. These pages are compressed files that can be read with the info tool.The original GNU tools used info pages rather than manpages. Since then most info pages have been rewritten as manpages. However information about GNU projects such as gcc or glibc is still more extensive in the info pages compared to the manpages.
Online documents
GNU projects include documents such as a FAQ, README, CHANGELOG and sometimes user/admin guides. The formats can either be ASCII text, HTML, LateX or postscript. These documents are kept in the /usr/share/doc/ directory.
HOWTOs and The Linux Documentation Project
The Linux Documentation Project provides many detailed documents on specific topics. These are structured guides explaining concepts and implementations. The website URL is www.tldp.org.The LDP documents are freely redistributable and can be contributed too using a GPL type licence.
Usenet News Groups
The main newsgroups for Linux are the comp.os.linux.* groups (e.g comp.os.linux.networking, comp.os.linux.security ...). Once you have setup a news reader to connect to a news server (usually available through an ISP or a University campus) one downloads a list of all existing discussion groups and subscribes/unsubscribes to a given group.
There are many experienced as well as new users which rely on the newsgroups to get information on specific tasks or projects. Take the time to answer some of these questions if you feel you have the relevant experience.
NOTICE
The man -k option queries both fields in the whatis database. This will find everything about a given item. There is a tool called apropos (meaning about) which will do the same thing as man -k.
| In this module you learned how to monitor linux logs and how you can perform system administration functions like back-ups and have access to Linux documentation. There is much more Linux documentation on the internet and I would recommend that if you get stack in anything you are doing with Linux you should first consult the internet by searching through discussion forums and online how-tos. |
|
Logging
Scheduling
Archiving
|
This work is licenced under a Creative Commons - By Attribution Licence - Share Alike License.
