Bookmark this page

P 1 2 3 4 5 6 7 8 9 10 11

Chapter 2. Configuring Baseline Data

Section Monitoring Systems

SectionObjectives
SectionSystem Monitoring with the web console
Sectionweb console Add-ons
SectionMonitoring Performance in the web console
SectionReviewing Logs in the web console
SectionSession Recording in the web console

Guided Exercise: Monitoring Systems

Configuring Remote Logging

Objectives
Remote logging

Guided Exercise: Configuring Remote Logging

Describing Configuration Management Automation

Objectives
Configuration Management Solutions
Using Ansible Automation Platform for Configuration Management
Ansible Automation Platform Architecture
Customized Configuration
RHEL System Roles

Guided Exercise: Implementing Configuration Changes with an Ansible Playbook

Configuring Change Tracking

Objectives
Using Intrusion Detection Software for Change Monitoring
Manually Deploying AIDE
Using auditd for System Auditing

Guided Exercise: Configuring Change Tracking

Lab: Configuring Baseline Data

Summary

Abstract

Goal	Configure baseline data collection with monitoring, logging, and change tracking.
Objectives	Monitor systems to gather information. Configure systems for remote logging to a central log host. Describe configuration management with Red Hat Satellite and Red Hat Ansible Automation Platform. Implement change tracking to monitor system modifications.
Sections	Monitoring Systems (and Guided Exercise) Configuring Remote Logging (and Guided Exercise) Describing Configuration Management Automation (and Guided Exercise) Configuring Change Tracking (and Guided Exercise)
Lab	Configuring Baseline Data

Monitoring Systems

Objectives

Monitor systems to gather information.

System Monitoring with the web console

The web console is a Red Hat Enterprise Linux 8 web-based interface. It is built with Cockpit technology, and is designed for managing and monitoring a Linux host. Users administer their system with the graphical interface, without requiring command-line tool knowledge. To perform privileged tasks in the web console, users must be configured for privileges with RHEL sudo configuration.

Figure 2.1: web console

Most Red Hat Enterprise Linux 8 deployments install the web console by default. If necessary, install the cockpit package to obtain the web console.

[root@host ~]# yum install cockpit

Use the systemctl command to enable and start the cockpit.socket service.

[root@host ~]# systemctl enable --now cockpit.socket

The web console uses existing system user names and passwords. If you are logging in with a user account with sudo privileges, you can perform privileged tasks in the web console, such as installing software or configuring SELinux.

Running privileged tasks requires entering your user password each time, as you do when running sudo commands on a command line. Alternatively, to avoid re-entering your password for each privileged task, select Reuse my password for privileged tasks on the login screen.

After successful authentication, the web console displays the Overview page.

web console Add-ons

Extend web console capabilities by installing available add-on packages with yum.

[root@host ~]# yum install add-on

This table lists available add-on applications for the web console.

Feature	Package	Usage
Composer	`cockpit-composer`	Building custom OS images
PackageKit	`cockpit-packagekit`	Managing packages, and installing updates and applications
Performance Metrics	`cockpit-pcp`	Collecting performance metrics
Podman containers	`cockpit-podman`	Managing podman containers
Session Recording	`cockpit-session-recording`	Recording and managing user sessions
Storage	`cockpit-storaged`	Managing system storage
Virtual Machines	`cockpit-machines`	Managing `libvirt` virtual machines

Monitoring Performance in the web console

The web console provides observable data for troubleshooting with the Utilization Saturation and Errors (USE) Method. The USE method is a checklist for solving performance issues quickly, by observing utilization, saturation, and errors for each expected resource.

Utilization: the average time that the resource was busy performing work
Saturation: the measurement of how much extra work is queued and not being serviced by the resource
Errors: the number of recorded error events

The Overview → Perfomance Metrics page displays a chronological view of historical data, and lists events, errors, and graphical representations for resource utilization and saturation.

To access the data, navigate to the Overview page, and click the View details and history link.

Figure 2.2: Performance metrics in the web console

Reviewing Logs in the web console

The web console Logs page provides an interface for displaying journalctl log journals. Log entries can be filtered by Time, Priority, Identifier, and Text patterns.

Time: Filter for a time range.
Priority: Select a minimum priority level, similar to journalctl --priority. The default is Error and above.
Identifier: Select a systemd unit or service name identifier, similar to journalctl --identifier.
Text: Enter a text pattern to match to filter messages.

Figure 2.3: Logs in the web console

Session Recording in the web console

The Session Recording capability is new with the web console, and is based on the tlog package. The web console session player can record and play back user terminal sessions. The session player captures terminal input and output and stores the session in a text format in the system journal.

Important

Session recording is disabled by default. When enabled, passwords and sensitive information are stored in plain text.

To enable session recording, install the cockpit-session-recording package, and ensure that the sssd service is enabled and started.

[root@host ~]# yum install cockpit-session-recording
[root@host ~]# systemctl status sssd

Configure the sssd-session-recording.conf file to specify the user or user groups to record, and the session scope:

none to record no sessions.
some to record only specified sessions.
all to record all sessions.

[root@host ~]# cat /etc/sssd/conf.d/sssd-session-recording.conf
[session_recording]
scope=none
users=
groups=

You can configure session recording for users and scope in the web console, on the Session Recording page. Click the gear icon to open the General Config form and select the wanted options.

Figure 2.4: Session recording in the web console

Figure 2.5: Session Recording General Config

Replay Recorded Sessions

Play back recorded sessions for analysis with web console or with the tlog-play tool that is included in the tlog package.

Play back with the web console

The Session Recording page lists previously recorded sessions for playback and analysis. To play a session, select and click a session entry in the list. The web console opens a page with playback and analysis controls for the session.

Figure 2.6: Session playback controls

Play back with tlog-play

Working from the command line, the tlog-play command is the playback program for terminal input and output that are recorded with the tlog-rec command.

When recording a terminal session, specify a file name for capturing the activity.

[user@host ~]$ tlog-rec --file-path=tlog.log

All terminal typing is stored in the log file, until the user types exit to end the recording.

To play back the session, specify the stored log file.

[user@host ~]$ tlog-play --file-path=tlog.log

References

For further information, refer to the Managing Systems Using the RHEL 8 Web Console Guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/managing_systems_using_the_rhel_8_web_console/index

For further information, refer to the Recording Sessions Guide at https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html-single/recording_sessions/index

For more information about Cockpit, visit Cockpit Project

Discuss Red Hat Enterprise Linux Diagnostics and Troubleshooting

Go to community

Welcome to the Red Hat Enterprise Linux Diagnostics and Troubleshooting (RH342) group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux Diagnostics and Troubleshooting! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH342.Read more about Red Hat Enterprise Linux Diagnostics and Troubleshooting here.

445

Revision: rh342-8.4-6dd89bd

Click Create to build all of the virtual machines needed for the classroom lab environment. This may take several minutes to complete. Once created the environment can then be stopped and restarted to pause your experience.
When a lab is created, click Start to run all of the virtual machines in the classroom.
Click Stop to stop all the virtual machines from running. This will not delete your lab.
If you Delete your lab, you will remove all of the virtual machines in your classroom and lose all of your progress.

Virtual machine actions

Click Start to power on the virtual machine.
Click Shutdown to gracefully shut down the virtual machine, preserving disk contents.
Click Power off to forcefully shut down the virtual machine, while still preserving disk contents.
Click Open console to connect to the system console of the virtual machine in a new browser.

Auto-stop timer

The Red Hat Learning Subscription entitles you to set allotment of lab time.
To help conserving your allotted time, the lab environment uses automatic timers to stop or destroy your lab environment when the timer expires.

Click the Auto-stop button [+] to extend the time you would like to spend with the labs.
Click the Auto-destroy button [+] to add day(s) to the auto-destroy timer.

Auto-stop has a maximum of 11 hours, and auto-destroy has a maximum of 14 days.
Be careful to keep the timers set while you are working, so that your environment doesn't shut down unexpectedly.
We also suggest not to set the auto-timers unnecessarily high, which could waste your lab time allotment