Configure Alerts and Archiving for Log Files in Linux

Logwatch and Logrotate are two important utilities of Linux. Logwatch is a log analysis application that parses over system logs and creates recurrent reports based on guidelines defined by the user. Logwatch is formulated principally for the Linux operating system but carries log analysis over various platforms. Logrotate is created to facilitate the management of systems that produce large numbers of log files. It supports automatic rotation, squeezing, extraction, and mailing of log files. Each log file is configured as per the requirement and logrotate is run as a daily cron job.

In this virtual lab, you will learn how to handle log files in linux using Logrotate and Logwatch utilities.These are incredibly crucial for the security of the system. If log files are not rotated, reduced, and regularly docked, they could ultimately use all available disk space on a system. In this hands- on lab, learners will gain experience in configuring automatically and manually generated reports.

Understand the Scenario

In this hands-on challenge lab, you are a system administrator for a company that is evaluating its security position. Your job responsibility is to handle log files on Linux servers. To accomplish this challenge, first, you will install the Logwatch utility, and then you will configure Logwatch to implement automatic and manually generated reports. Next, you will inspect the default configuration for the Logrotate utility. Finally, you will create a test service and manage its logs by using Logrotate. To complete this challenge, you will use a default installation of CentOS 7 Linux with the Server with GUI package installed. The CentOS 7 contains non-privileged accounts, and you will be guided through the process of adding software if necessary.

Install and configure Logwatch

In this first section of the lab, you will sign in to the CentOS7-A virtual machine by using the given credentials to run the yum command to install the Logwatch utility. The Logwatch is a tool that monitors the server's logs and emails the administrator a summary daily. Learners will learn how to execute various commands in text editor such as MailTo, MailFrom, Range, and Low Service. These commands are required to set the email client. Finally, learners will check and confirm the installation of the Logwatch utility. They will also check the automatic reporting and manually reporting by using Logwatch.

Configure the Logrotate Utility

Logs are valuable for tracking usage or troubleshooting an application. As more data gets logged, log files utilize more extra disk space. The logrotate utility can efficiently execute log rotation. “Log rotation” relates to the method of archiving an application’s prevailing log, commencing a new record, and deleting older logs.Here, learners will learn how to verify that Logrotate is a scheduled task by a cron service and how to view the logrotate script and the content of the configuration file. Lab also teaches the concept of how to create a new configuration file to save the result. After creating this, learners will learn how to create a log file entry in the new file. Finally, they will check that they have created a log file for a service named new-service and confirm the new-service log file by using Logrotate.

Lab Summary Conclusion

After completing the “Configure Alerts and Archiving for Log Files in Linux” virtual lab, you will have accomplished the following:

• Installed and configured the Logwatch utility.
• Generated automatic and manual log reports by using Logwatch.
• Managed the archiving of log files by using Logrotate.
• Created a test service and managed its log files by using Logrotate.