RHCSA Rapid Track

Bookmark this page
P1234567891011121314151617
PreviousNext

Lab: Analyze and Store Logs

In this lab, you change the time zone on an existing server and configure a new log file for all events for authentication failures.

Outcomes

  • Update the time zone on an existing server.

  • Configure a new log file to store all messages for authentication failures.

As the student user on the workstation machine, use the lab command to prepare your system for this exercise.

This command prepares your environment and ensures that all required resources are available.

[student@workstation ~]$ lab start logs-review

Instructions

  1. Log in to the serverb machine as the student user.

    [student@workstation ~]$ ssh student@serverb
...output omitted...
[student@serverb ~]$

  2. Pretend that the serverb machine is relocated to Jamaica and that you must update the time zone to America/Jamaica. Verify that you correctly set the appropriate time zone.

    1. Select the appropriate time zone for Jamaica.

      [student@serverb ~]$ tzselect
Please identify a location so that time zone rules can be set correctly.
Please select a continent, ocean, "coord", or "TZ".
 1) Africa
 2) Americas
 3) Antarctica
 4) Asia
 5) Atlantic Ocean
 6) Australia
 7) Europe
 8) Indian Ocean
 9) Pacific Ocean
10) coord - I want to use geographical coordinates.
11) TZ - I want to specify the timezone using the Posix TZ format.
#? 2
Please select a country whose clocks agree with yours.
 1) Anguilla            19) Dominican Republic  37) Peru
 2) Antigua & Barbuda   20) Ecuador             38) Puerto Rico
 3) Argentina           21) El Salvador         39) St Barthelemy
 4) Aruba               22) French Guiana       40) St Kitts & Nevis
 5) Bahamas             23) Greenland           41) St Lucia
 6) Barbados            24) Grenada             42) St Maarten (Dutch)
 7) Belize              25) Guadeloupe          43) St Martin (French)
 8) Bolivia             26) Guatemala           44) St Pierre & Miquelon
 9) Brazil              27) Guyana              45) St Vincent
10) Canada              28) Haiti               46) Suriname
11) Caribbean NL        29) Honduras            47) Trinidad & Tobago
12) Cayman Islands      30) Jamaica             48) Turks & Caicos Is
13) Chile               31) Martinique          49) United States
14) Colombia            32) Mexico              50) Uruguay
15) Costa Rica          33) Montserrat          51) Venezuela
16) Cuba                34) Nicaragua           52) Virgin Islands (UK)
17) Curaçao             35) Panama              53) Virgin Islands (US)
18) Dominica            36) Paraguay
#? 30

The following information has been given:

	Jamaica

Therefore TZ='America/Jamaica' will be used.
Selected time is now:	Wed Mar 16 07:17:15 EST 2022.
Universal Time is now:	Wed Mar 16 12:17:15 UTC 2022.
Is the above information OK?
1) Yes
2) No
#? 1

You can make this change permanent for yourself by appending the line
	TZ='America/Jamaica'; export TZ
to the file '.profile' in your home directory; then log out and log in again.

Here is that TZ value again, this time on standard output so that you
can use the /usr/bin/tzselect command in shell scripts:
America/Jamaica

    2. Elevate the student user privileges to update the time zone of the serverb server to America/Jamaica.

      [student@serverb ~]$ sudo timedatectl set-timezone America/Jamaica
[sudo] password for student: student

    3. Verify that you successfully set the time zone to America/Jamaica.

      [student@serverb ~]$ timedatectl
               Local time: Wed 2022-03-16 07:18:40 EST
           Universal time: Wed 2022-03-16 12:18:40 UTC
                 RTC time: Wed 2022-03-16 12:18:40
                Time zone: America/Jamaica (EST, -0500)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

  3. View the recorded log events in the previous 30 minutes on the serverb machine.

    1. Determine the time frame to view the journal entries.

      [student@serverb ~]$ date
Wed Mar 16 07:19:29 AM EST 2022
[student@serverb ~]$ date -d "-30 minutes"
Wed Mar 16 06:49:38 AM EST 2022

    2. View the recorded log events in the previous 30 minutes on the serverb machine.

      [student@serverb ~]$ journalctl --since 06:49:00 --until 07:19:00
...output omitted...
Mar 16 07:10:58 localhost kernel: x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
Mar 16 07:10:58 localhost kernel: found SMP MP-table at [mem 0x000f5bd0-0x000f5bdf]
Mar 16 07:10:58 localhost kernel: Using GB pages for direct mapping
Mar 16 07:10:58 localhost kernel: RAMDISK: [mem 0x2e0d9000-0x33064fff]
Mar 16 07:10:58 localhost kernel: ACPI: Early table checksum verification disabled
Mar 16 07:10:58 localhost kernel: ACPI: RSDP 0x00000000000F5B90 000014 (v00 BOCHS )
Mar 16 07:10:58 localhost kernel: ACPI: RSDT 0x000000007FFE12C4 00002C (v01 BOCHS  BXPCRSDT 00000001 BXPC 00000001)
Mar 16 07:10:58 localhost kernel: ACPI: FACP 0x000000007FFE11D0 000074 (v01 BOCHS  BXPCFACP 00000001 BXPC 00000001)
Mar 16 07:10:58 localhost kernel: ACPI: DSDT 0x000000007FFDFDC0 001410 (v01 BOCHS  BXPCDSDT 00000001 BXPC 00000001)
lines 1-50/50 q
[student@serverb ~]$

  4. Create the /etc/rsyslog.d/auth-errors.conf file. Configure the rsyslog service to write the Logging test authpriv.alert message to the /var/log/auth-errors file. Use the authpriv facility and the alert priority.

    1. Create the /etc/rsyslog.d/auth-errors.conf file and specify the new /var/log/auth-errors file as the destination for authentication and security messages.

      authpriv.alert  /var/log/auth-errors

    2. Restart the rsyslog service to apply the configuration file changes.

      [student@serverb ~]$ sudo systemctl restart rsyslog

    3. Use the logger -p command to write the Logging test authpriv.alert message to the /var/log/auth-errors file. Use the authpriv facility and the alert priority.

      [student@serverb ~]$ logger -p authpriv.alert "Logging test authpriv.alert"

    4. Verify that the /var/log/auth-errors file contains the log entry with the Logging test authpriv.alert message.

      [student@serverb ~]$ sudo tail /var/log/auth-errors
Mar 16 07:25:12 serverb student[1339]: Logging test authpriv.alert

    5. Return to the workstation system as the student user.

      [student@serverb ~]$ exit
logout
Connection to serverb closed.
[student@workstation ~]$

Evaluation

As the student user on the workstation machine, use the lab command to grade your work. Correct any reported failures and rerun the command until successful.

[student@workstation ~]$ lab grade logs-review

Finish

On the workstation machine, change to the student user home directory and use the lab command to complete this exercise. This step is important to ensure that resources from previous exercises do not impact upcoming exercises.

[student@workstation ~]$ lab finish logs-review

This concludes the section.

PreviousNext
Revision: rh199-9.0-4fecb06