BSDwiki/ logging and monitoring

LOGGING and MONITORING

System monitoring and event logging are key tasks for a BSD system administrator. The BSDP candidate should understand the available options for logging and monitoring a BSD system and be able to configure various logging subsystems to record system events. The candidate should be well versed in methods used to extract information from log repositories.

3.10.1. Configure a log server.

Importance: 3.9, Frequency: 1.9, Bloom: K,A

Concept:

Collecting and analyzing system messages is an important administrative task. A BSD system can be configured to log events on the local system only or as a centralized logging server that collects logs from remote systems.

BSDP candidates must be able to configure a logging server.

Practical:

syslogd(8), syslog.conf(5), logger(1)

Estimated Time:

15 minutes to configure a log server according to a specification.

3.10.2. Configure automatic rotation of log files.

Importance: 4.2, Frequency: 2.1, Bloom: K,A

Concept:

Organization of logs is an important administrative task. System administrators need to ensure that sufficient space is available for logs and that log files are configured to rotate on key parameters such as time of day and size of logfile.

BSDP candidates must be able to configure rotation of log files.

Practical:

software of choice from packages/pkgsrc

newsyslog(8)

Estimated Time:

15 minutes to configure and test automatic rotation of log files according to a specification.

3.10.3. Search for patterns in logfiles using regular expressions.

Importance: 4.1, Frequency: 3.3, Bloom: K,C,A

Concept:

A system administrator needs to be able to quickly find important system messages.

BSDP candidates must be able to use regular expressions to search for specific patterns in logfiles. Candidates should also be able to automate the task of searching for a list of patterns in text or binary form.

Practical:

scripting language of choice

re_format(7), grep(1), sed(1)

Estimated Time:

10 minutes to set up a solution to search for patterns in a logfile according to a specification.

3.10.4. Monitor system for login abuses.

Importance: 4.3, Frequency: 3.5, Bloom: K,A

Concept:

Systems need to be monitored to ensure that only authorized users are able to login and that automated programs are unable to access resources only available to authorized users.

BSDP candidates should be able to enforce a policy that limits the number of login attempts and sends an alert when the login threshhold is reached.

Practical:

scripting language of choice from packages/pkgsrc

login.conf(5)

Estimated Time:

10 minutes to set up a solution to monitor the system for login abuses according to a specification.