Syslog Server in Linux | RHCSA Certification #22 | Tech Arkit | EX200

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

[Music] for more updates click on subscribe and click on bell button for latest notifications [Music] the you [Music] hi friends welcome to tech FK ID YouTube channel my name is Ravi in this video session we are going to see that how a even are the logs we are going to see that how many types of lungs of the Aranda how we can collect a logs from the different different types of devices to the single plays and we can monitor 8 are we can correlate it whatever it is right so so this is about like how a logs example say that the body for all the logs will be stored under slash personas' now so here there are different types of logs right so these are the logs how you are getting stored so very it is like directed where it is instructed that law should be stored over here right so but you can see that so that all the logs will be stored over here so the different types of logs over here but what are those categories comes out the how it is aggregated all the stuff we are going to see that so the basically in the Linux machine the logs will be there is a configuration file so which says that you have to store this type of logs in this file this type of logs in this file and the log file path is /et c /r 6 long dot computation file so here the configuration file will be there so in this configuration file there are the configuration paths for here so you can see that right so I am just going to dig this little bit up and the appearance over here so that you can see little bit better so all the files in single write see here you can see that in the configuration file over here so the contribution file says that all the information and main non-male related and authentic non authenticated privileges and known the details will be stored over here on the slash var slash log messages and whatever the authentication related which is restricted access all the stuff will be stored over here in the secure and related to the mails okay what the bottom mailbox where they use a mail related will be stored all here and the ground a letter will be stored over here and any emergency messages the emergency messages which will be stored on your screen directly okay so without storing into the any of the file but it stores all the messages as well as well as to just show you emergency means like whenever you in stage with the report so other users are logged in then the immediately good that the system is going to be rebooted something like that and this is the errors critical higher things the special files okay all those names related and you know saver errors and critical logs will be stored over here and boot locks will be stored over here ok and this is the configuration file if you want to change anything over here you can change it and you can redirect those files from one location to another location but as of now we we are not doing gay ok but if you want you can do it so this is the lock - so the logs will be contains an example that information log warning logs critical logs ok and as well as the just message is all the stuff I did so these logs will be stored and the logs are different types you can see or hear so these are the grown boot locks whenever the system is booted then the boot logs will be shown over here if you want to see that what happened on the wild booting you can see that the message log so it show you all the component and related stuff and the firewall D will show like what of the file value later them modified our access to denied all the stuff and whenever the lost log will be shown like when system is been rebooted who logged in when logged in conversation duration all the stuff will be shown over here and may logs will show all the mail related logs and if you go here the speech dispatcher speech dispatcher is like something like whenever you want to say some to be speech ok you can say SPD is AI and saying that it will speech you are what are the you type and it'll speech into the long waits real language that is called and spooler just now we see that so not critical related and the news related the stuff out here and the pseudo logs this soda log specially whenever you create the pseudo users that users privilege you if you give with the pseudo then the authenticated pseudo logs when our yokai for any command with the pseudo that would be executed over here ok something I will see this so the user executed the command something like this SSH command ok so those all these commands will be displayed over here and stored over here so for the clear face so ok it will give you the who typed sudo command who used it sudo command all the stuff and some bar related and cups which means that the print server related and this is the SAR loss ok and this is related the watch on what colonization okay this is also related to the virtualization and there are some other logs also hadith logs also will be stored over here time related logs all this stuff right so these logs are stored in this log configuration will be located slash it is like ours it's love but here in case if you want to make okay so all the logs are there example say I have hundred servers then I want to monitor all the hundred service logs then what how what is the easy way to log or what is the easy way to monitor them okay then I don't want to see log into the each and every server and correlate the logs are each and every server and look at up the logs right so whenever I logged in to this server one so there is a even topping in this hour - then I miss that all right I have to call it again back and it's a different different scenarios right but I don't want to do the half way so I just wanted to go to this side where a single server and just I open one single log file where it will get all the important and critical messages and the single console you can monitor all the logs how we can do that so this is possible using the syslog server okay syslog server so this what happens over here it is done the ceased log okay so if you have a number of servers okay what it's going to do here it is our signal say that here is my sis log server this is my sister for example and here I have the client find the same way I have so many clients so many servers okay then what happens over here it is that all these systems logs will be stored and they will keep local copy and they will keep one more copy over here on this and here again just Taylor than whatever log file so then I can monitor all these systems weren't happening on the system about the critical and warnings are very important messages okay that's way you are going to make your monitoring system is very useful or if you want to correlate those logs what happening on the servers if you read some scripts to automate those process monitoring process whenever the critical humint happened just let us know okay you can do that too using the this process so how we are going to make that so in this server what I am going to do here it is that I'm going to install a syslog server then I'm going to connect few clients to this then whenever this authentication failure happens our authentication happens to Agnes to that client then I am a going to get this notification on this screen itself okay to do this what are these are the packages see how to install is diadem our syslog is the packaging how to install but it's already installed RPM - q a just great for syslog file our syslog RPM let's see that no I have yes I have so I wanted to install that if you already have if you do not have any simply say m install our syslog then it will install your required packages then you have to verify the daemon service name so it is called systemctl theaters and our sis log dot service ok this is the service you have to enable and run in this machine then in order to get logs from the remote machines ok so if you want to do that you can also restart your system our service you want okay for this for verification or something like that if you want to rephrase the configuration stuff all here so that that makes a easier stuff for us now the configuration file you have to make okay I modify the file is that same file / e TC / a syslog configuration file then in this body have to do so in this you have to just configure a few lines so you have to uncomment few lines then it becomes your server okay so what you have to do come over here and uncomment this syslog stuff okay this one UDP and TCP stuff okay these two stuff you have to eat it and then just uncomment it and save the configuration file and restart these services again back and verify the status back okay now your system logging service is ready to listen and you have to enable the firewall okay pseudo firewall - CMD - x1 permanently I'm just enabling the port okay 11 add at this port number is five and for the default port number for the syslog service is 5 and 4 and the and it's TCP then you can also enable unity because we have enabled board ok then you have to reload this configuration in order to effective that ok now let's verify that whether you are it's listening your 5 and 4 or 5 and 4 for on this any of the 4 ok next one is not okay that's okay so okay there is no command how to install some utilities to do that that's okay now let's think the remote server this example say that I'm pinging that remote server so okay what is that this is our blank machine okay IP address just see that IP address okay 141 of the earth client service and from server just ping and let's see that okay it is okay and go to client now here also we have to enable this firewall okay if it is a Linux machine in order to send some profit or from Georgia permanent okay then I'm adding port number called five and four slash TCP okay so here there is no pseudo configured that's why it is asking me for the password so in order to do that I'm just switching back to the sorry sitting back to the root user okay that's okay now I'm going to edit the configuration file okay the configuration file or here is that we I slash PTC a syslog con don't a syslog dot configuration file okay just go down all here I end up uncomment this line oh sorry it's it's it's you have to edit it [Applause] okay now I'm just going to edit the configuration file call / TT g / a syslog dot configuration file and here on the last line you just uncomment this one and provide that remote server IP address ah host name 192 dot once you see that 2 dot 140 is our server IP address okay one more time we can just run come over here so that is 2 dot 140 now you just provide that standard star which means that all the logs same to this server okay on port number 5 and 4 okay now just add this one just restart the service for the effective system deal and the restart our sis logged on service then verify the status of that service right then it is running properly or not ok now that's it then what you can do over here you can simply open this our server tail hyphen F slash slash log slash thank you so I'm just opening the secure file over here and just looking that if if I authenticate on that server then it again logged the authentication related over here see this it's already came client client this is the server and is the client so something like this though the files will be updated over here you can simply say that I just pinched it from hole here and again I'm switch back to the root user and say I intentionally type the password then it logs is that okay the bomb is succeeded not made the user wrote permission so which is learned on the client client client client so like section clothes from Road user the password check failed so like that what happened is that you can see that all the single all the logs from the all the service is going to be stored on the single system or server if you want to example say that if you want to okay you want to just grip that the log files okay simply say that maybe cat you can simply say you can I'm using this machine name okay you can simply use the s-- so that these are the log files which are came from the client to server like that they can integrate network devices you can integrate different windows systems or Linux systems UNIX systems okay all these systems you can cut this logs to be singing if this log server then you can correlate the slogs or you can verify those log saga based on the errors of it and the failures okay so whatever you want to write or if you want to pump to somewhere else and correlate you can do that so this is about this event management and configuration okay if you want to look at example that the particular obligation is failing if you want to do some analyze why it is failing you can simply go to Stanford slash love and verify that with their application related folder has been created and in that there is a log files are a general messages related the service would be available on the slash var slash log slash messages so that's about these session guys thanks for watching stay tuned please subscribe to the channel for more upcoming videos and curses please follow us on social networking site if you have any technical related questions you can ask

Info

Channel: Tech Arkit

Views: 9,438

Rating: 4.754601 out of 5

Keywords: techarkit, tech, arkit, syslog, rsyslog, syslog server, syslog server windows, syslog server linux, linux syslog, syslog port, rsyslog configuration, kiwi syslog server, kiwi syslog, what is syslog, syslog ng, rhcsa, rhce, linux, tutorial, linux for beginners, analyze logs, storing logs, rhcsa 8, rhcsa 8 certification, rhcsa by techarkit

Id: KHUG3gFl0fM

Channel Id: undefined

Length: 20min 8sec (1208 seconds)

Published: Sat Aug 11 2018