Lab 2.1 Standardizing on Timezone - savannahc502/SavC-TechJournal-SEC350 GitHub Wiki
Time Settings for Ubuntu and Rocky Linux
In order to configure operating system logs on Ubuntu and Rocky (and the mnajority of Linux distributions), you will need to edit the /etc/rsyslog.conf file so that the timestamp format accurately captures time. You can even change timestamp formatting and appearance (though the following lab does not delve into that).
Typically, by simply commenting out the traditional file format line in the rsyslog configuration file and restarting the service, you can get a more precise data and time attached to logs.
Further Readings:
- Digital Ocean article: Great overview of viewing and configuring logs on Ubuntu, Debian, and CentOS.
- Sematext article: Ubuntu Logs
Lab Overview
Time standardization is important for syslog entries so that you have a cohesive timeline for events that affect multiple log sources. Currently, the enterprise does not have time set consistently. This lab aims to do that.
Time on rw01-savannah (Ubuntu Linux)
- Before configuration, no indication of timezone or year
- Comment out the line in
/etc/rsyslog.conf - Reload rsyslog
sudo systemctl restart rsyslog
Deliverable 1
Time on web01-savannah (CentOS 7)
On web01, the syslogs will be saved to /var/log/messages
- Comment out the line in
/etc/rsyslog.conf - Reload rsyslog
sudo systemctl restart rsyslog
Deliverable 2
Time on log01-savannah (CentOS 7)
On log01, the syslogs will be saved to /var/log/messages
- Comment out the line in
/etc/rsyslog.conf - Reload rsyslog
sudo systemctl restart rsyslog