05Logs - amagerard/TemplateVM GitHub Wiki
HOME
RedHat/TemplateVM.
| 1- Installation | 2- Network | 3- Firewall | 4- Selinux |
|---|---|---|---|
| 5- Logs | 6- Certificates | 7- Mail | 8- PassphraseSSH |
| 9- Sudo | 10- GnomeShell | 11- CloneVM | 12- Volume |
| 13- Troubleshoot |
5. Logs.
5.1 Configure rsyslog.
systemctl status rsyslog
As an example, I suggest you create a file to keep
the messages from the UFW firewall.
Enable logging for “ufw”.
ufw logging on
or
ufw logging medium
View ufw log status.
ufw status verbose
You view messages from UFW: journalctl –f
Configure rsyslog.conf.
Add these lines after '#### RULES ####'.
vi /etc/rsyslog.conf
#### RULES ####
# Log UFW.
:msg, contains, "UFW" /var/log/ufw.log
Then restart rsyslog.
systemctl restart rsyslog
Check the logs with traceroute.
dnf makecache --refresh
dnf -y install traceroute
Run the command traceroute 8.8.8.8 to generate logs.
View “ufw” logs.
tail –f /var/log/ufw.log
5.2 Archiving of logs.
These files tend to take up a lot of free space on your partition.
I offer you as an example the rotation of logs on /var/log/ufw.log.
Archiving is managed by “logrotate”.
vi /etc/logrotate.d/rsyslog
#Add this line after /var/log/....
/var/log/ufw.log
No need to restart a service, it's a scheduled task.
Test log rotation.
logrotate /etc/logrotate.d/rsyslog --verbose --force
View log rotation time for /var/log/ufw.log.
cat /var/lib/logrotate/logrotate.status