RH199 - ch11s06

Preface A: Introduction

Section A.1: RHCSA Rapid Track

Section A.2: Orientation to the Classroom Environment

Chapter 1: Accessing Systems and Obtaining Support

Section 1.1: Accessing the Command Line

Section 1.2: Quiz: Accessing the Command Line

Section 1.3: Configuring SSH Key-based Authentication

Section 1.4: Guided Exercise: Configuring SSH Key-based Authentication

Section 1.5: Getting Help From Red Hat Customer Portal

Section 1.6: Guided Exercise: Getting Help from Red Hat Customer Portal

Section 1.7: Detecting and Resolving Issues with Red Hat Insights

Section 1.8: Quiz: Detecting and Resolving Issues with Red Hat Insights

Section 1.9: Summary

Chapter 2: Navigating File Systems

Section 2.1: Describing Linux File System Hierarchy Concepts

Section 2.2: Quiz: Describing Linux File System Hierarchy Concepts

Section 2.3: Managing Files Using Command-line Tools

Section 2.4: Guided Exercise: Managing Files Using Command-line Tools

Section 2.5: Making Links Between Files

Section 2.6: Guided Exercise: Making Links Between Files

Section 2.7: Summary

Chapter 3: Managing Local Users and Groups

Section 3.1: Describing User and Group Concepts

Section 3.2: Quiz: Describing User and Group Concepts

Section 3.3: Gaining Superuser Access

Section 3.4: Guided Exercise: Gaining Superuser Access

Section 3.5: Managing Local User Accounts

Section 3.6: Guided Exercise: Managing Local User Accounts

Section 3.7: Managing Local Group Accounts

Section 3.8: Guided Exercise: Managing Local Group Accounts

Section 3.9: Managing User Passwords

Section 3.10: Guided Exercise: Managing User Passwords

Section 3.11: Lab: Managing Local Users and Groups

Section 3.12: Summary

Chapter 4: Controlling Access to Files

Section 4.1: Managing File System Permissions from the Command Line

Section 4.2: Guided Exercise: Managing File System Permissions from the Command Line

Section 4.3: Managing Default Permissions and File Access

Section 4.4: Guided Exercise: Managing Default Permissions and File Access

Section 4.5: Lab: Controlling Access to Files

Section 4.6: Summary

Chapter 5: Managing SELinux Security

Section 5.1: Changing the SELinux Enforcement Mode

Section 5.2: Guided Exercise: Changing the SELinux Enforcement Mode

Section 5.3: Controlling SELinux File Contexts

Section 5.4: Guided Exercise: Controlling SELinux File Contexts

Section 5.5: Adjusting SELinux Policy with Booleans

Section 5.6: Guided Exercise: Adjusting SELinux Policy with Booleans

Section 5.7: Investigating and Resolving SELinux Issues

Section 5.8: Guided Exercise: Investigating and Resolving SELinux Issues

Section 5.9: Lab: Managing SELinux Security

Section 5.10: Summary

Chapter 6: Tuning System Performance

Section 6.1: Killing Processes

Section 6.2: Guided Exercise: Killing Processes

Section 6.3: Monitoring Process Activity

Section 6.4: Guided Exercise: Monitoring Process Activity

Section 6.5: Adjusting Tuning Profiles

Section 6.6: Guided Exercise: Adjusting Tuning Profiles

Section 6.7: Influencing Process Scheduling

Section 6.8: Guided Exercise: Influencing Process Scheduling

Section 6.9: Lab: Tuning System Performance

Section 6.10: Summary

Chapter 7: Installing and Updating Software Packages

Section 7.1: Registering Systems for Red Hat Support

Section 7.2: Quiz: Registering Systems for Red Hat Support

Section 7.3: Installing and Updating Software Packages with Yum

Section 7.4: Guided Exercise: Installing and Updating Software Packages with Yum

Section 7.5: Enabling Yum Software Repositories

Section 7.6: Guided Exercise: Enabling Yum Software Repositories

Section 7.7: Managing Package Module Streams

Section 7.8: Guided Exercise: Managing Package Module Streams

Section 7.9: Lab: Installing and Updating Software Packages

Section 7.10: Summary

Chapter 8: Managing Basic Storage

Section 8.1: Mounting and Unmounting File Systems

Section 8.2: Guided Exercise: Mounting and Unmounting File Systems

Section 8.3: Adding Partitions, File Systems, and Persistent Mounts

Section 8.4: Guided Exercise: Adding Partitions, File Systems, and Persistent Mounts

Section 8.5: Managing Swap Space

Section 8.6: Guided Exercise: Managing Swap Space

Section 8.7: Lab: Managing Basic Storage

Section 8.8: Summary

Chapter 9: Controlling Services and the Boot Process

Section 9.1: Identifying Automatically Started System Processes

Section 9.2: Guided Exercise: Identifying Automatically Started System Processes

Section 9.3: Controlling System Services

Section 9.4: Guided Exercise: Controlling System Services

Section 9.5: Selecting the Boot Target

Section 9.6: Guided Exercise: Selecting the Boot Target

Section 9.7: Resetting the Root Password

Section 9.8: Guided Exercise: Resetting the Root Password

Section 9.9: Repairing File System Issues at Boot

Section 9.10: Guided Exercise: Repairing File System Issues at Boot

Section 9.11: Lab: Controlling Services and Daemons

Section 9.12: Summary

Chapter 10: Managing Networking

Section 10.1: Validating Network Configuration

Section 10.2: Guided Exercise: Validating Network Configuration

Section 10.3: Configuring Networking from the Command Line

Section 10.4: Guided Exercise: Configuring Networking from the Command Line

Section 10.5: Editing Network Configuration Files

Section 10.6: Guided Exercise: Editing Network Configuration Files

Section 10.7: Configuring Host Names and Name Resolution

Section 10.8: Guided Exercise: Configuring Host Names and Name Resolution

Section 10.9: Lab: Managing Networking

Section 10.10: Summary

Chapter 11: Analyzing and Storing Logs

Section 11.1: Describing System Log Architecture

Section 11.2: Quiz: Describing System Log Architecture

Section 11.3: Reviewing Syslog Files

Section 11.4: Guided Exercise: Reviewing Syslog Files

Section 11.5: Reviewing System Journal Entries

SectionSection 11.6: Guided Exercise: Reviewing System Journal Entries

Section 11.7: Preserving the System Journal

Section 11.8: Guided Exercise: Preserving the System Journal

Section 11.9: Maintaining Accurate Time

Section 11.10: Guided Exercise: Maintaining Accurate Time

Section 11.11: Lab: Analyzing and Storing Logs

Section 11.12: Summary

Chapter 12: Implementing Advanced Storage Features

Section 12.1: Creating Logical Volumes

Section 12.2: Guided Exercise: Creating Logical Volumes

Section 12.3: Extending Logical Volumes

Section 12.4: Guided Exercise: Extending Logical Volumes

Section 12.5: Managing Layered Storage with Stratis

Section 12.6: Guided Exercise: Managing Layered Storage with Stratis

Section 12.7: Compressing and Deduplicating Storage with VDO

Section 12.8: Guided Exercise: Compressing and Deduplicating Storage with VDO

Section 12.9: Lab: Implementing Advanced Storage Features

Section 12.10: Summary

Chapter 13: Scheduling Future Tasks

Section 13.1: Scheduling Recurring System Jobs

Section 13.2: Guided Exercise: Scheduling Recurring System Jobs

Section 13.3: Managing Temporary Files

Section 13.4: Guided Exercise: Managing Temporary Files

Section 13.5: Quiz: Scheduling Future Tasks

Section 13.6: Summary

Chapter 14: Accessing Network-Attached Storage

Section 14.1: Mounting Network-Attached Storage with NFS

Section 14.2: Guided Exercise: Managing Network-Attached Storage with NFS

Section 14.3: Automounting Network-Attached Storage

Section 14.4: Guided Exercise: Automounting Network-Attached Storage

Section 14.5: Lab: Accessing Network-Attached Storage

Section 14.6: Summary

Chapter 15: Managing Network Security

Section 15.1: Managing Server Firewalls

Section 15.2: Guided Exercise: Managing Server Firewalls

Section 15.3: Lab: Managing Network Security

Section 15.4: Summary

Chapter 16: Running Containers

Section 16.1: Introducing Containers

Section 16.2: Quiz: Introducing Containers

Section 16.3: Running a Basic Container

Section 16.4: Guided Exercise: Running a Basic Container

Section 16.5: Finding and Managing Container Images

Section 16.6: Guided Exercise: Finding and Managing Container Images

Section 16.7: Performing Advanced Container Management

Section 16.8: Guided Exercise: Performing Advanced Container Management

Section 16.9: Attaching Persistent Storage to a Container

Section 16.10: Guided Exercise: Attaching Persistent Storage to a Container

Section 16.11: Managing Containers as Services

Section 16.12: Guided Exercise: Managing Containers as Services

Section 16.13: Lab: Running Containers

Section 16.14: Summary

Chapter 17: Comprehensive Review

Section 17.1: Comprehensive Review

Section 17.2: Lab: Fixing Boot Issues and Maintaining Servers

Section 17.3: Lab: Configuring and Managing File Systems and Storage

Section 17.4: Lab: Configuring and Managing Server Security

Section 17.5: Lab: Running Containers

Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17

Guided Exercise: Reviewing System Journal Entries

In this exercise, you will search the system journal for entries recording events that match specific criteria.

Outcomes

You should be able to search the system journal for entries recording events based on different criteria.

On workstation, run lab log-query start to start the exercise. This script ensures that the environment is setup correctly.

[student@workstation ~]$ lab log-query start

From workstation, open an SSH session to servera as student.

[student@workstation ~]$ ssh student@servera
...output omitted...
[student@servera ~]$

Use the _PID=1 match with the journalctl command to display only log events originating from the systemd process running with the process identifier of 1 on servera. To quit journalctl, press q.

[student@servera ~]$ journalctl _PID=1
...output omitted...
Feb 13 13:21:08 localhost systemd[1]: Found device /dev/disk/by-uuid/cdf61ded-534c-4bd6-b458-cab18b1a72ea.
Feb 13 13:21:08 localhost systemd[1]: Started dracut initqueue hook.
Feb 13 13:21:08 localhost systemd[1]: Found device /dev/disk/by-uuid/44330f15-2f9d-4745-ae2e-20844f22762d.
Feb 13 13:21:08 localhost systemd[1]: Reached target Initrd Root Device.
lines 1-5/5 (END) q
[student@servera ~]$

Note

The journalctl command may produce a different output on your system.

Use the _UID=81 match with the journalctl command to display all log events originating from a system service started with the user identifier of 81 on servera. To quit journalctl press q.

[student@servera ~]$ journalctl _UID=81
...output omitted...
Feb 22 01:29:09 servera.lab.example.com dbus-daemon[672]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher'>
Feb 22 01:29:09 servera.lab.example.com dbus-daemon[672]: [system] Successfully activated service 'org.freedesktop.nm_dispatcher'
lines 1-5/5 (END) q
[student@servera ~]$

Use the -p warning option with the journalctl command to display log events with priority warning and above on servera. To quit journalctl press q.

[student@servera ~]$ journalctl -p warning
...output omitted...
Feb 13 13:21:07 localhost kernel: Detected CPU family 6 model 13 stepping 3
Feb 13 13:21:07 localhost kernel: Warning: Intel Processor - this hardware has not undergone testing by Red Hat and might not >
Feb 13 13:21:07 localhost kernel: acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration s>
Feb 13 13:21:07 localhost rpc.statd[288]: Running as root.  chown /var/lib/nfs/statd to choose different user
Feb 13 13:21:07 localhost rpc.idmapd[293]: Setting log level to 0
...output omitted...
Feb 13 13:21:13 servera.lab.example.com rsyslogd[1172]: environment variable TZ is not set, auto correcting this to TZ=/etc/lo>
Feb 13 14:51:42 servera.lab.example.com systemd[1]: cgroup compatibility translation between legacy and unified hierarchy sett>
Feb 13 17:15:37 servera.lab.example.com rsyslogd[25176]: environment variable TZ is not set, auto correcting this to TZ=/etc/l>
Feb 13 18:22:38 servera.lab.example.com rsyslogd[25410]: environment variable TZ is not set, auto correcting this to TZ=/etc/l>
Feb 13 18:47:55 servera.lab.example.com rsyslogd[25731]: environment variable TZ is not set, auto correcting this to TZ=/etc/l>
lines 1-17/17 (END) q
[student@servera ~]$

Display all log events recorded in the past 10 minutes from the current time on servera.

Use the --since option with the journalctl command to display all log events recorded in the past 10 minutes on servera. To quit journalctl press q.

[student@servera ~]$ journalctl --since "-10min"
...output omitted...
Feb 13 22:31:01 servera.lab.example.com CROND[25890]: (root) CMD (run-parts /etc/cron.hourly)
Feb 13 22:31:01 servera.lab.example.com run-parts[25893]: (/etc/cron.hourly) starting 0anacron
Feb 13 22:31:01 servera.lab.example.com run-parts[25899]: (/etc/cron.hourly) finished 0anacron
Feb 13 22:31:41 servera.lab.example.com sshd[25901]: Bad protocol version identification 'brain' from 172.25.250.254 port 37450
Feb 13 22:31:42 servera.lab.example.com sshd[25902]: Accepted publickey for root from 172.25.250.254 port 37452 ssh2: RSA SHA2>
Feb 13 22:31:42 servera.lab.example.com systemd[1]: Started /run/user/0 mount wrapper.
Feb 13 22:31:42 servera.lab.example.com systemd[1]: Created slice User Slice of UID 0.
Feb 13 22:31:42 servera.lab.example.com systemd[1]: Starting User Manager for UID 0...
Feb 13 22:31:42 servera.lab.example.com systemd[1]: Started Session 118 of user root.
Feb 13 22:31:42 servera.lab.example.com systemd-logind[712]: New session 118 of user root.
Feb 13 22:31:42 servera.lab.example.com systemd[25906]: pam_unix(systemd-user:session): session opened for user root by (uid=0)
...output omitted...
lines 1-32/84 39% q
[student@servera ~]$

Use the --since option and the _SYSTEMD_UNIT="sshd.service" match with the journalctl command to display all the log events originating from the sshd service recorded since 09:00:00 this morning on servera. To quit journalctl press q.

Note

You may or may not be located in the same timezone as your classroom. Check the time on servera and adjust the --since value accordingly if required.

[student@servera ~]$ journalctl --since 9:00:00 _SYSTEMD_UNIT="sshd.service"
...output omitted...
Feb 13 13:21:12 servera.lab.example.com sshd[727]: Server listening on 0.0.0.0 port 22.
Feb 13 13:21:12 servera.lab.example.com sshd[727]: Server listening on :: port 22.
Feb 13 13:22:07 servera.lab.example.com sshd[1238]: Accepted publickey for student from 172.25.250.250 port 50590 ssh2: RSA SH>
Feb 13 13:22:07 servera.lab.example.com sshd[1238]: pam_unix(sshd:session): session opened for user student by (uid=0)
Feb 13 13:22:08 servera.lab.example.com sshd[1238]: pam_unix(sshd:session): session closed for user student
Feb 13 13:25:47 servera.lab.example.com sshd[1289]: Accepted publickey for root from 172.25.250.254 port 37194 ssh2: RSA SHA25>
Feb 13 13:25:47 servera.lab.example.com sshd[1289]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 13 13:25:47 servera.lab.example.com sshd[1289]: pam_unix(sshd:session): session closed for user root
Feb 13 13:25:48 servera.lab.example.com sshd[1316]: Accepted publickey for root from 172.25.250.254 port 37196 ssh2: RSA SHA25>
Feb 13 13:25:48 servera.lab.example.com sshd[1316]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 13 13:25:48 servera.lab.example.com sshd[1316]: pam_unix(sshd:session): session closed for user root
Feb 13 13:26:07 servera.lab.example.com sshd[1355]: Accepted publickey for student from 172.25.250.254 port 37198 ssh2: RSA SH>
Feb 13 13:26:07 servera.lab.example.com sshd[1355]: pam_unix(sshd:session): session opened for user student by (uid=0)
Feb 13 13:52:28 servera.lab.example.com sshd[1473]: Accepted publickey for root from 172.25.250.254 port 37218 ssh2: RSA SHA25>
Feb 13 13:52:28 servera.lab.example.com sshd[1473]: pam_unix(sshd:session): session opened for user root by (uid=0)
...output omitted...
lines 1-32 q
[student@servera ~]$

Log out of servera.

[student@servera ~]$ exit
logout
Connection to servera closed.
[student@workstation ~]$

Finish

On workstation, run lab log-query finish to complete this exercise. This script ensures that the environment is restored back to the clean state.

[student@workstation ~]$ lab log-query finish

This concludes the guided exercise.

Revision: rh199-8.2-3beeb12