Professional Documents
Culture Documents
• Objectives
– to use standard administration utilities
• Contents
– manual pages
– identifying your system
– communicating with Users
– finding files
– looking at files and logs
– system defaults
– Syslog
– Logrotate
– logserver
• Practicals
– to become familiar with these commands
• Summary
On-Line Manuals
• On-line manuals in many sections: May vary on systems
1 user commands 5 fileformats like /etc/paswd
(8)1M maintenance commands 6 games
2 system calls 7 Miscellaneous
3 functions and libraries 8 System administration commands
4 special files found in /dev 9 Kernel routines
• man <command> displays first manual page found
$ man man
• man –k <keyword> <command> $ man –k tcp
• man <section> <command> $ man passwd
$ man 5 passwd
<command> is optional with <keyword>
• Some systems provide a whatis database (originally BSD)
– whatis command one line description of command
– apropos command keyword search for command
– Info command more information about command
– /usr/ucb/catman re-creates database from manual source files
Adding Manual Entries
• Manual pages are stored under /usr/share/man/ and
/usr/local/man
man[1-8] troff/nroff format manual pages (gz compressed)
cat[1-8] formatted manual pages (gz compressed)
• Manuals can be stored in different or multiple directories
by setting the MANPATH variable
– don’t forget to include /usr/share/man if defining MANPATH
$ MANPATH=/usr/share/man:/usr/X11/man
$ export MANPATH
$ man xterm
$ uname -a
Linux linux 2.6.11.4-20a-default #1 Wed Mar 23 21:52:37 UTC
2005 i686 i686 i386 GNU/Linux
$ hostname
mash4077
Identifying active users
• The who command shows who is currently logged on
– information kept in /var/run/utmp
– a history of every login is also kept in /var/log/wtmp
• Who can also be used to identify the current effective user
who am i
• Who can also be used to identify the original user
whoami
• The command id identifies the current user in more details
• some systems also have a w command (originally BSD)
• The last command show all historical logins
$ who $ id
trapper pts/0 Jul 25 11:01 uid=318(hawkeye) gid=300(users)
hawkeye console Jul 25 11:31 $ who /var/log/wtmp
$ who am i history of all system logins
hawkeye console Jul 25 11:31 $ last 10
history of 10 system logins
Talking to users
• Use write to display a message on a user's terminal
– user's can disable messages using mesg n command
– root can always write to a user
• Write all (wall) will display to all logged in users
– useful for sending out broadcasts
– used by the system shutdown mechanism
• Use the talk command to set up a two way dialogue.
$ write trapper $ talk trapper
Do you know where the system logbook is?
^D
$ mesg
is no
$ mesg y
# find . -print
# ls -l | grep '^d'
# ls -a | grep '^\.[^.]'
• Syslog filter
– Define message filters
log {
source(local);
filter(notdebug)
;
filter(notmail);
destination(mess
ages)
};
Syslog servers
• You can setup four types of logservers
– Syslog local logserver only (standard)
– Syslog proxy
– Syslog forward only (Syslog client)
– Syslog logserver
• Syslog logserver, the server named ”loghost”
Enter loghost ip address in /etc/hosts
192.168.0.42 server.ikea.se server loghost
192.168.0.231 client.ikea.se client local0
SuSE mandatory /etc/syslog-ng/syslog-ng.conf.in uncomment by removing ”#” on line 43:
udp(ip("0.0.0.0") port(514));
Apply configuration the SuSE way: # SuSEconfig --module syslog-ng
…
Check that server is listening: Finished.
SuSE predefines filter for any logging situation regarding mail server, kernel
messages and so on, and is little more comples than the simple above.
For examle one mail filer looks like this: filter f_mailerr { level(err, crit)
and facility(mail); };
• Syslog client config DESTINATION
We need to declare where to send log files, standard is local log file, in our case
we want log on the logserver.
Go to end of file: /etc/syslog-ng/syslog-ng.conf.in and add:
destination loghost {udp("loghost" port
(514));};
• Syslog client config LOG
Filter and Destination themself does not do anything, we must connect source with
filter and destination. Add after your new destination:
log {
source(src);filter(notdebug);destination
• Parse and apply the new syslog-ng configuration
(loghost); };
# SuSEconfig --module
syslog-ng
Logrotate
• The /etc/logrotate.conf File
– This is logrotate's general configuration file.
You can specify either "weekly" or "daily" rotation parameter.
The "rotate" parameter specifies the number of copies of log files
The "create" parameter creates a new log file after each rotation
• Sample contents of /etc/logrotate.conf
# rotate log files weekly
Weekly
# rotate log files daily
# daily
# keep 4 weeks worth of backlogs
rotate 4
# keep 7 days worth of backlogs
# rotate 7
# create new (empty) log files after rotating old ones
create
# configuration by service/facility
include /etc/logrotate.d/