Examining System Logs
Notes:
-
Syslogd controls the logging of messages from the kernel, various daemons,
authorization events, etc.
-
The configuration file for syslogd is /etc/syslog.conf
-
On floppix, system logs are recorded on virtual console 8. Press [alt][F8]
to view the logs.
-
Note: some utilities create their own log files so some information that
is not saved by syslog may still be logged.
Exercise:
This lab involves executing various commands and then checking in the log
to see if the event was logged. System logs are most useful if you can identify
normal and abnormal entries. So this is the time to look at normal activities
and the log entries they generate. For each of the following, do the required
action and then switch to virtual console 8 to view the log entry. Note:
some activities may not generate log messages.
-
Load floppix but do NOT login
Switch to virtual console 8 to view the log messages.
What types of activities are logged during system startup?
-
What is the last entry in the log?
-
Login using your own initials. What log entry (if any) was generated?
-
Enter the command "su -" to become root. What log entry (if any)
was generated?
-
Determine your ip address (ifconfig). What log entry (if any) was
generated?
-
"telnet localhost". What log entry (if any) was generated?
-
At the login prompt for the telnet session, login as alterego. What log entry
(if any) was generated?
-
Logout of the telnet session. What log entry (if any) was generated?
-
Use vi to edit the file /etc/hosts.allow. This file and /etc/hosts.deny control
which other systems are allowed to make certain types of network connections
to your system. At the moment, no-one else is allowed to connect to your
system but you can make a network connection to yourself. Currently the last
line of this file reads "ALL: 127.0.0.1". Change it to:
"in.ftpd: 127.0.0.1". What log entry (if any) was generated when
you edited this file?
-
"telnet localhost". This time, what log entry (if any) was generated?
-
Read the mail message(s) for root. What log entry (if any) was generated?
-
Change the owner of getme to alterego. What log entry (if any) was
generated?
-
"exit" from the root account. What log entry (if any) was generated?
-
"ftp localhost" and login as alterego. What log entry (if any) was
generated?
-
Download getme and quit. What log entry (if any) was generated?
-
Send email to alterego. What log entry (if any) was generated?
-
Create a crontab to echo Study Linux every minute. What log entry (if any)
was generated?
-
Wait one minute (until your crontab runs at least once). What log entry (if
any) was generated?
-
Delete the crontab. What log entry (if any) was generated?
-
Change your password. What log entry (if any) was generated?
-
Put floppix disk 1 in the floppy drive and mount it. What log entry (if any)
was generated?
-
Eject the floppy and then "umount /floppy". What log entry (if any) was
generated?
Copyright ©
L.M.MacEwan