Différences
Ci-dessous, les différences entre deux révisions de la page.
| Prochaine révision | Révision précédente | ||
| elearning:workbooks:redhat:rh124:l109 [2024/09/25 08:03] – created admin | elearning:workbooks:redhat:rh124:l109 [2024/09/27 13:05] (Version actuelle) – admin | ||
|---|---|---|---|
| Ligne 5: | Ligne 5: | ||
| Dernière mise-à-jour : ~~LASTMOD~~ | Dernière mise-à-jour : ~~LASTMOD~~ | ||
| - | ======LCF508 | + | ======RH12410 |
| =====Contenu du Module===== | =====Contenu du Module===== | ||
| - | * **LCF508 | + | * **RH12410 |
| + | * Contenu du Module | ||
| * Présentation | * Présentation | ||
| - | * La Commande dmesg | + | * Les Types de Processus |
| - | * LAB #1 - Surveillance Sécuritaire | + | * LAB #1 - Les Commandes relatives aux Processus |
| - | * 1.1 - La Commande | + | * 1.1 - La Commande |
| - | * 1.2 - La Commande | + | * 1.2 - La Commande |
| - | * 1.3 - La Commande | + | * 1.3 - La Commande |
| - | * 1.4 - Le Fichier / | + | * 1.4 - La Commande top |
| - | * 1.5 - Gestion des évènements audit | + | * 1.5 - Les Commandes fg, bg et jobs |
| - | * Le fichier / | + | * 1.6 - La Commande |
| - | * auditd | + | * 1.7 - La Commande nice |
| - | * auditctl | + | * 1.8 - La Commande |
| - | * audispd | + | * 1.9 - La Commande |
| - | * La consultation des événements audit | + | * 1.10 - La Commande kill |
| - | * La Commande | + | * 1.11 - La Commande pkill |
| - | * La Commande ausearch | + | |
| - | * Le fichier / | + | |
| - | * Applications | + | |
| - | * LAB #2 - rsyslog | + | |
| - | * 2.1 - Priorités | + | |
| - | * 2.2 - Sous-systèmes applicatifs | + | |
| - | * 2.3 - / | + | |
| - | * Modules | + | |
| - | * Directives Globales | + | |
| - | * Règles | + | |
| - | * Sous-système applicatif.Priorité | + | |
| - | * Sous-système applicatif!Priorité | + | |
| - | * Sous-système applicatif=Priorité | + | |
| - | * L' | + | |
| - | * n Sous-systèmes avec la même priorité | + | |
| - | * n Sélecteurs avec la même Action | + | |
| - | * LAB #3 - La Commande | + | |
| - | * LAB #4 - La Commande | + | |
| - | * LAB #5 - La Journalisation avec journald | + | |
| - | * 5.1 - Consultation des Journaux | + | |
| - | * 5.2 - Consultation des Journaux d'une Application Spécifique | + | |
| - | * 5.3 - Consultation des Journaux depuis le Dernier Démarrage | + | |
| - | * 5.4 - Consultation des Journaux d'une Priorité Spécifique | + | |
| - | * 5.5 - Consultation des Journaux d'une Plage de Dates ou d' | + | |
| - | * 5.6 - Consultation des Journaux en Live | + | |
| - | * 5.7 - Consultation des Journaux avec des Mots Clefs | + | |
| =====Présentation===== | =====Présentation===== | ||
| - | La majorité des journaux | + | Un processus est un fichier binaire ( binary file ) qui est chargé en mémoire centrale. Une fois chargé la mémoire exécute le programme en langage machine. Quand le programme est chargé, il a besoin |
| - | <WRAP center round important 60%> | + | L’ensemble des **données d’identification** est appelé l’**environnement |
| - | **Important** : Il est conseillé de déplacer le point de montage du répertoire | + | |
| - | </ | + | |
| + | | ||
| + | * Un numéro d' | ||
| + | * Un numéro | ||
| + | * La durée | ||
| + | * La priorité | ||
| + | * Le répertoire | ||
| + | * Les fichiers ouverts. | ||
| - | =====La Commande | + | Ces informations sont stockés dans le répertoire **/proc**. Le répertoire |
| - | Cette commande | + | Saisissez la commande |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | [ 0.000000] | + | 1 |
| - | CC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021 | + | 10 |
| - | [ 0.000000] Command line: BOOT_IMAGE=(hd0, | + | 10062 10591 13 |
| - | shkernel=auto resume=UUID=c8bb3f47-d67f-4b21-b781-766899dc83d4 rhgb quiet | + | 10066 10592 14 |
| - | [ 0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' | + | 10223 10595 15 |
| - | [ 0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' | + | 10383 10596 16 |
| - | [ 0.000000] x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' | + | |
| - | [ 0.000000] x86/fpu: xstate_offset[2]: | + | |
| - | [ 0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using ' | + | |
| - | [ 0.000000] BIOS-provided physical RAM map: | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved | + | |
| - | [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable | + | |
| - | [ 0.000000] NX (Execute Disable) protection: active | + | |
| - | [ 0.000000] SMBIOS 2.5 present. | + | |
| - | [ 0.000000] DMI: innotek GmbH VirtualBox/ | + | |
| - | [ 0.000000] Hypervisor detected: KVM | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | Les option | + | Chaque répertoire fait référence à un PID d'un processus. |
| < | < | ||
| - | [root@centos8 ~]# dmesg --help | + | [root@redhat9 proc]# cd 1 ; ls -l |
| + | total 0 | ||
| + | -r--r--r--. | ||
| + | dr-xr-xr-x. | ||
| + | -rw-r--r--. | ||
| + | -r--------. | ||
| + | -r--r--r--. | ||
| + | --w-------. | ||
| + | -r--r--r--. | ||
| + | -rw-r--r--. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | lrwxrwxrwx. | ||
| + | -r--------. | ||
| + | lrwxrwxrwx. | ||
| + | dr-x------. | ||
| + | dr-xr-xr-x. | ||
| + | -rw-r--r--. | ||
| + | -r--------. | ||
| + | -r--------. | ||
| + | -r--r--r--. | ||
| + | -rw-r--r--. | ||
| + | dr-x------. | ||
| + | -r--r--r--. | ||
| + | -rw-------. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--------. | ||
| + | dr-xr-xr-x. 53 root root 0 Sep 25 12:44 net | ||
| + | dr-x--x--x. | ||
| + | -r--r--r--. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | -rw-r--r--. | ||
| + | -r--------. | ||
| + | -r--------. | ||
| + | -r--------. | ||
| + | -rw-r--r--. | ||
| + | lrwxrwxrwx. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--------. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--r--r--. | ||
| + | -r--------. | ||
| + | dr-xr-xr-x. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | -rw-rw-rw-. | ||
| + | -rw-r--r--. | ||
| + | -r--r--r--. | ||
| + | </ | ||
| - | Usage: | + | <WRAP center round important> |
| - | dmesg [options] | + | **Important** - Vous n'avez pas besoin de consulter le contenu des fichiers et des répertoires. Il convient tout simplement de savoir que ces données existent. |
| + | </ | ||
| - | Display or control the kernel ring buffer. | + | =====Les Types de Processus===== |
| - | Options: | + | Il existe trois types de processus |
| - | -C, --clear | + | |
| - | -c, --read-clear | + | |
| - | -D, --console-off | + | |
| - | -E, --console-on | + | |
| - | -F, --file < | + | |
| - | -f, --facility < | + | |
| - | -H, --human | + | |
| - | -k, --kernel | + | |
| - | -L, --color[=< | + | |
| - | | + | |
| - | -l, --level < | + | |
| - | -n, --console-level < | + | |
| - | -P, --nopager | + | |
| - | -p, --force-prefix | + | |
| - | -r, --raw print the raw message buffer | + | |
| - | -S, --syslog | + | |
| - | -s, --buffer-size < | + | |
| - | -u, --userspace | + | |
| - | -w, --follow | + | |
| - | -x, --decode | + | |
| - | -d, --show-delta | + | |
| - | -e, --reltime | + | |
| - | -T, --ctime | + | |
| - | -t, --notime | + | |
| - | | + | |
| - | | + | |
| - | Suspending/ | + | |
| - | -h, --help | + | * **interactif** qui est lancé par le shell dans une console en premier plan ou en tâche de fond |
| - | -V, --version | + | * **batch** qui est lancé par le système au moment propice |
| + | * **daemon** qui est lancé au démarrage par le système ( lpd, dns etc ) | ||
| - | Supported log facilities: | + | Un processus peut être dans un de neuf états ou //process states// : |
| - | kern - kernel messages | + | |
| - | user - random user-level messages | + | |
| - | mail - mail system | + | |
| - | daemon - system daemons | + | |
| - | auth - security/authorization messages | + | |
| - | syslog - messages generated internally by syslogd | + | |
| - | lpr - line printer subsystem | + | |
| - | news - network news subsystem | + | |
| - | Supported log levels (priorities): | + | |
| - | | + | * //kernel mode//- le processus s' |
| - | alert - action must be taken immediately | + | * // |
| - | | + | * //waiting// – le processus est en attente pour une ressource autre que le processeur, |
| - | err - error conditions | + | * // |
| - | | + | |
| - | | + | * // |
| - | info - informational | + | * //elected// – le processus a le contrôle du processeur, |
| - | debug - debug-level messages | + | * //zombie// – le processus a terminé son exécution et est prêt à mourir. |
| - | For more details see dmesg(1). | + | =====LAB #1 - Les Commandes relatives aux Processus===== |
| - | </ | + | |
| - | =====LAB #1 - Surveillance Sécuritaire===== | + | ====1.1 - La Commande ps==== |
| - | ====1.1 - La Commande last==== | + | Cette commande |
| - | + | ||
| - | Cette commande | + | |
| < | < | ||
| - | [root@centos8 ~]# last | + | [root@redhat9 1]# cd ~ |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | trainee | + | |
| - | reboot | + | |
| - | reboot | + | |
| - | wtmp begins Fri May 8 08:13:49 2020 | + | [root@redhat9 ~]# ps |
| + | PID TTY TIME CMD | ||
| + | 10062 pts/0 00:00:00 su | ||
| + | 10066 pts/0 00:00:00 bash | ||
| + | 10602 pts/0 00:00:00 ps | ||
| </ | </ | ||
| - | Les option | + | Pour plus de détails, il convient d' |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| + | F S | ||
| + | 4 S | ||
| + | 4 S | ||
| + | 4 R | ||
| + | </ | ||
| - | Usage: | + | On note dans cette sortie |
| - | last [options] [< | + | |
| - | Show a listing of last logged in users. | + | ^ F | Drapeaux du processus. La valeur 4 indique que le processus utilise les privilèges de root | |
| + | ^ S | État du processus S (sleeping), R (In run queue), Z (zombie), N (low priority), D (uninterruptible sleep), T (Traced) | | ||
| + | ^ UID | Numéro de l’Utilisateur | | ||
| + | ^ PID | Numéro Unique de Processus | | ||
| + | ^ PPID | PID du processus parent | | ||
| + | ^ C | Facteur de priorité du processus | | ||
| + | ^ PRI | Priorité du processus | | ||
| + | ^ NI | La valeur de nice | | ||
| + | ^ ADDR | Adresse mémoire du processus | | ||
| + | ^ SZ | Utilisation de la mémoire virtuelle | | ||
| + | ^ WCHAN | Nom de la fonction du noyau dans laquelle le processus est endormi | | ||
| + | ^ TTY | Nom du terminal depuis lequel le processus a été lancé | | ||
| + | ^ TIME | Durée d' | ||
| + | ^ CMD | Commande exécutée | | ||
| - | Options: | + | Pour visualiser la table des processus, utilisez la commande ps avec les options l et x - la commande affiche tous les processus avec un affichage long : |
| - | | + | |
| - | -a, --hostlast | + | |
| - | -d, --dns translate the IP number back into a hostname | + | |
| - | -f, --file < | + | |
| - | -F, --fulltimes | + | |
| - | -i, --ip | + | |
| - | -n, --limit < | + | |
| - | -R, --nohostname | + | |
| - | -s, --since < | + | |
| - | -t, --until < | + | |
| - | -p, --present < | + | |
| - | -w, --fullnames | + | |
| - | -x, --system | + | |
| - | | + | |
| - | | + | |
| - | -h, --help | + | < |
| - | -V, --version | + | [root@redhat9 ~]# ps lx | more |
| - | + | F | |
| - | For more details see last(1). | + | 4 |
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 0 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 5 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | 1 | ||
| + | --More-- | ||
| + | [q] | ||
| </ | </ | ||
| - | ====1.2 - La Commande lastlog==== | + | On note dans cette sortie certaines informations supplémentaires : |
| - | Cette commande indique les dates et heures de la connexion au système la plus récente des utilisateurs : | + | ^ VSZ | La même chose que SZ dans l' |
| + | ^ RSS | La mémoire utilisée en kilobytes par le processus | | ||
| + | ^ STAT | La même chose que S dans l' | ||
| - | < | ||
| - | [root@centos8 ~]# lastlog | ||
| - | Username | ||
| - | root | ||
| - | bin **Never logged in** | ||
| - | daemon | ||
| - | adm **Never logged in** | ||
| - | lp | ||
| - | sync | ||
| - | shutdown | ||
| - | halt | ||
| - | mail | ||
| - | operator | ||
| - | games **Never logged in** | ||
| - | ftp **Never logged in** | ||
| - | nobody | ||
| - | dbus | ||
| - | systemd-coredump | ||
| - | systemd-resolve | ||
| - | tss **Never logged in** | ||
| - | polkitd | ||
| - | unbound | ||
| - | libstoragemgmt | ||
| - | cockpit-ws | ||
| - | sssd | ||
| - | setroubleshoot | ||
| - | sshd | ||
| - | chrony | ||
| - | tcpdump | ||
| - | trainee | ||
| - | cockpit-wsinstance | ||
| - | rngd | ||
| - | gluster | ||
| - | qemu | ||
| - | rpc **Never logged in** | ||
| - | rpcuser | ||
| - | saslauth | ||
| - | radvd **Never logged in** | ||
| - | dnsmasq | ||
| - | fenestros2 | ||
| - | fenestros1 | ||
| - | apache | ||
| - | </ | ||
| - | Les option de cette commande | + | Avec des options a,u et x la commande |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | Usage: lastlog | + | USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND |
| - | + | root | |
| - | Options: | + | root |
| - | | + | root |
| - | | + | root |
| - | -h, --help | + | root |
| - | -R, --root CHROOT_DIR | + | root |
| - | | + | root |
| - | -t, --time DAYS print only lastlog records more recent than DAYS | + | root 10 0.0 0.0 0 0 ? I< |
| - | -u, --user LOGIN print lastlog record of the specified LOGIN | + | root 12 0.0 0.0 0 0 ? I Sep25 0:00 [rcu_tasks_kthre] |
| + | root 13 0.0 0.0 0 0 ? I Sep25 0:00 [rcu_tasks_rude_] | ||
| + | root 14 0.0 0.0 0 0 ? I Sep25 0:00 [rcu_tasks_trace] | ||
| + | root 15 0.0 0.0 0 0 ? S Sep25 0:00 [ksoftirqd/ | ||
| + | root 16 0.0 0.0 0 0 ? I Sep25 0:01 [rcu_preempt] | ||
| + | root 17 0.0 0.0 0 0 ? S Sep25 0:00 [migration/ | ||
| + | root 18 0.0 0.0 0 0 ? S Sep25 0:00 [idle_inject/ | ||
| + | root 20 0.0 0.0 0 0 ? S Sep25 0:00 [cpuhp/0] | ||
| + | root 21 0.0 0.0 0 0 ? S Sep25 0:00 [cpuhp/1] | ||
| + | root 22 0.0 0.0 0 0 ? S Sep25 0:00 [idle_inject/ | ||
| + | root 23 0.0 0.0 0 0 ? S Sep25 0:00 [migration/ | ||
| + | root 24 0.0 0.0 0 0 ? S Sep25 0:00 [ksoftirqd/ | ||
| + | root 27 0.0 0.0 0 0 ? S Sep25 0:00 [cpuhp/2] | ||
| + | root 28 0.0 0.0 0 0 ? S Sep25 0:00 [idle_inject/ | ||
| + | root 29 0.0 0.0 0 0 ? S Sep25 0:00 [migration/ | ||
| + | root 30 0.0 0.0 0 0 ? S Sep25 0:00 [ksoftirqd/ | ||
| + | root 32 0.0 0.0 0 0 ? I< | ||
| + | root | ||
| + | root 34 0.0 0.0 0 0 ? | ||
| + | root 35 0.0 0.0 0 0 ? S Sep25 0:00 [migration/ | ||
| + | root 36 0.0 0.0 0 0 ? S Sep25 0:00 [ksoftirqd/ | ||
| + | root 38 0.0 0.0 0 0 ? I< | ||
| + | root 42 0.0 0.0 0 0 ? S Sep25 0:00 [kdevtmpfs] | ||
| + | root 43 0.0 0.0 0 0 ? I< | ||
| + | root 44 0.0 0.0 0 0 ? S Sep25 0:00 [kauditd] | ||
| + | root 45 0.0 0.0 0 0 ? S Sep25 0:00 [khungtaskd] | ||
| + | root 46 0.0 0.0 0 0 ? S Sep25 0:00 [oom_reaper] | ||
| + | root 47 0.0 0.0 0 0 ? I< | ||
| + | root 48 0.0 0.0 0 0 ? S Sep25 0:02 [kcompactd0] | ||
| + | root 49 0.0 0.0 0 0 ? SN | ||
| + | root 50 0.0 0.0 0 0 ? SN | ||
| + | root 51 0.0 0.0 0 0 ? I< | ||
| + | root 52 0.0 0.0 0 0 ? I< | ||
| + | root 53 0.0 0.0 0 0 ? I< | ||
| + | root 54 0.0 0.0 0 0 ? I< | ||
| + | root 55 0.0 0.0 0 0 ? I< | ||
| + | root 56 0.0 0.0 0 0 ? I< | ||
| + | root 57 0.0 0.0 0 0 ? I< | ||
| + | root 58 0.0 0.0 0 0 ? I< | ||
| + | root 59 0.0 0.0 0 0 ? S Sep25 0:00 [watchdogd] | ||
| + | root 61 0.0 0.0 0 0 ? I< | ||
| + | root 62 0.0 0.0 0 0 ? S Sep25 0:00 [kswapd0] | ||
| + | root 69 0.0 0.0 0 0 ? I< | ||
| + | root 76 0.0 0.0 0 0 ? I< | ||
| + | root 77 0.0 0.0 0 0 ? I< | ||
| + | root 78 0.0 0.0 0 0 ? I< | ||
| + | --More-- | ||
| + | [q] | ||
| </ | </ | ||
| - | ====1.3 - La Commande lastb==== | + | On note dans cette sortie certaines informations supplémentaires : |
| - | Cette commande indique les dates et heures des connexions infructueuses des utilisateurs à partir | + | ^ USER | L' |
| - | + | ^ %CPU | Ressources | |
| - | < | + | ^ %MEM | Ressources en mémoire vive utilisées par le processus | |
| - | [root@centos8 ~]# lastb | + | |
| - | trainee | + | |
| - | trainee | + | |
| - | trqinee | + | |
| - | + | ||
| - | btmp begins Thu Jun 3 09:51:07 2021 | + | |
| - | </ | + | |
| Les options de cette commande sont : | Les options de cette commande sont : | ||
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| Usage: | Usage: | ||
| - | lastb [options] [< | + | ps [options] |
| - | Show a listing of last logged in users. | + | Basic options: |
| + | -A, -e all processes | ||
| + | -a all with tty, except session leaders | ||
| + | a all with tty, including other users | ||
| + | | ||
| + | -N, --deselect | ||
| + | r only running processes | ||
| + | T all processes on this terminal | ||
| + | x | ||
| - | Options: | + | Selection by list: |
| - | -<number> how many lines to show | + | -C <command> command name |
| - | -a, --hostlast | + | -G, --Group < |
| - | -d, --dns translate the IP number back into a hostname | + | -g, --group < |
| - | -f, --file <file> use a specific file instead of / | + | -p, p, --pid <PID> process id |
| - | -F, --fulltimes | + | --ppid < |
| - | -i, --ip | + | -q, q, --quick-pid <PID> |
| - | -n, --limit <number> how many lines to show | + | |
| - | -R, --nohostname | + | -s, --sid <session> |
| - | -s, --since <time> display the lines since the specified time | + | -t, t, --tty <tty> terminal |
| - | -t, --until <time> display the lines until the specified time | + | -u, U, --user <UID> |
| - | -p, --present | + | -U, --User <UID> real user id or name |
| - | -w, --fullnames | + | |
| - | -x, --system | + | |
| - | | + | |
| - | | + | |
| - | -h, --help | + | The selection options take as their argument either: |
| - | -V, --version | + | a comma-separated list e.g. '-u root,nobody' |
| + | a blank-separated list e.g. '-p 123 4567' | ||
| - | For more details see last(1). | + | Output formats: |
| - | </code> | + | |
| + | | ||
| + | f, --forest | ||
| + | | ||
| + | | ||
| + | j BSD job control format | ||
| + | | ||
| + | l BSD long format | ||
| + | -M, Z add security data (for SELinux) | ||
| + | -O < | ||
| + | O < | ||
| + | -o, o, --format < | ||
| + | user-defined format | ||
| + | s | ||
| + | u | ||
| + | v | ||
| + | X | ||
| + | | ||
| + | --context | ||
| + | | ||
| + | | ||
| + | | ||
| + | set screen width | ||
| + | | ||
| + | set screen height | ||
| - | ====1.4 | + | Show threads: |
| + | H as if they were processes | ||
| + | -L | ||
| + | -m, m after processes | ||
| + | | ||
| - | Sous RHEL/CentOS ce fichier contient la journalisation des opérations de gestion des authentifications | + | Miscellaneous options: |
| + | | ||
| + | c show true command name | ||
| + | e show the environment after command | ||
| + | k, --sort | ||
| + | L show format specifiers | ||
| + | n | ||
| + | S, --cumulative | ||
| + | | ||
| + | -V, V, --version | ||
| + | -w, w unlimited output width | ||
| - | <code> | + | --help |
| - | [root@centos8 ~]# tail -n 15 / | + | |
| - | Jun 3 09:01:20 centos8 sshd[905]: Server listening on :: port 22. | + | |
| - | Jun 3 09:01:39 centos8 sshd[1585]: Accepted password for trainee from 10.0.2.2 port 52734 ssh2 | + | For more details see ps(1). |
| - | Jun 3 09:01:39 centos8 systemd[1590]: | + | |
| - | Jun 3 09:01:39 centos8 sshd[1585]: pam_unix(sshd: | + | |
| - | Jun 3 09:01:46 centos8 su[1627]: pam_systemd(su-l: | + | |
| - | Jun 3 09:01:46 centos8 su[1627]: pam_unix(su-l: | + | |
| - | Jun 3 09:51:05 centos8 login[1158]: | + | |
| - | Jun 3 09:51:05 centos8 login[1158]: | + | |
| - | Jun 3 09:51:07 centos8 login[1158]: | + | |
| - | Jun 3 09:51:18 centos8 unix_chkpwd[2400]: | + | |
| - | Jun 3 09:51:18 centos8 login[1158]: | + | |
| - | Jun 3 09:51:20 centos8 login[1158]: | + | |
| - | Jun 3 09:51:45 centos8 login[1158]: | + | |
| - | Jun 3 09:51:45 centos8 login[1158]: | + | |
| - | Jun 3 09:51:47 centos8 login[1158]: | + | |
| </ | </ | ||
| - | ====1.5 - Gestion des Evénements audit==== | + | ====1.2 - La Commande pgrep==== |
| - | + | ||
| - | ===Le fichier / | + | |
| - | + | ||
| - | Ce fichier contient les messages du système d' | + | |
| - | | + | La commande |
| - | | + | |
| - | | + | |
| - | Consultez maintenant | + | Par exemple, la commande suivante affiche |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | type=PROCTITLE msg=audit(1622728321.894: | + | 5734 |
| - | type=USER_START msg=audit(1622728321.901: | + | 9357 |
| - | type=CRED_REFR msg=audit(1622728321.902: | + | |
| - | type=CRED_DISP msg=audit(1622728321.908: | + | |
| - | type=USER_END msg=audit(1622728321.910: | + | |
| - | type=SERVICE_STOP msg=audit(1622728330.965: | + | |
| - | type=USER_ACCT msg=audit(1622728381.954: | + | |
| - | type=CRED_ACQ msg=audit(1622728381.954: | + | |
| - | type=LOGIN msg=audit(1622728381.954: | + | |
| - | type=SYSCALL msg=audit(1622728381.954: | + | |
| - | type=PROCTITLE msg=audit(1622728381.954: | + | |
| - | type=USER_START msg=audit(1622728381.960: | + | |
| - | type=CRED_REFR msg=audit(1622728381.962: | + | |
| - | type=CRED_DISP msg=audit(1622728381.966: | + | |
| - | type=USER_END msg=audit(1622728381.968: | + | |
| </ | </ | ||
| - | La gestion | + | Tandis que la commande suivante affiche tous les PID des processus appartenant à root ou à trainee |
| - | + | ||
| - | ===auditd=== | + | |
| - | + | ||
| - | Cet exécutable est le daemon du système audit. Il est responsable de l’écriture des enregistrements audit sur disque. Son fichier de configuration est le **/ | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | # | + | 1 |
| - | # This file controls the configuration of the audit daemon | + | 2 |
| - | # | + | 3 |
| - | + | 4 | |
| - | local_events = yes | + | 5 |
| - | write_logs = yes | + | 6 |
| - | log_file = / | + | 8 |
| - | log_group = root | + | 10 |
| - | log_format = ENRICHED | + | 12 |
| - | flush = INCREMENTAL_ASYNC | + | 13 |
| - | freq = 50 | + | 14 |
| - | max_log_file = 8 | + | 15 |
| - | num_logs = 5 | + | 16 |
| - | priority_boost = 4 | + | 17 |
| - | name_format = NONE | + | 18 |
| - | ##name = mydomain | + | 20 |
| - | max_log_file_action = ROTATE | + | 21 |
| - | space_left = 75 | + | 22 |
| - | space_left_action = SYSLOG | + | 23 |
| - | verify_email = yes | + | 24 |
| - | action_mail_acct = root | + | 27 |
| - | admin_space_left = 50 | + | 28 |
| - | admin_space_left_action = SUSPEND | + | 29 |
| - | disk_full_action = SUSPEND | + | 30 |
| - | disk_error_action = SUSPEND | + | 32 |
| - | use_libwrap = yes | + | 33 |
| - | ## | + | 34 |
| - | tcp_listen_queue = 5 | + | 35 |
| - | tcp_max_per_addr = 1 | + | 36 |
| - | ## | + | 38 |
| - | tcp_client_max_idle = 0 | + | 42 |
| - | transport = TCP | + | 43 |
| - | krb5_principal = auditd | + | 44 |
| - | ## | + | 45 |
| - | distribute_network = no | + | 46 |
| - | q_depth = 400 | + | 47 |
| - | overflow_action = SYSLOG | + | 48 |
| - | max_restarts = 10 | + | 49 |
| - | plugin_dir = / | + | 50 |
| + | 51 | ||
| + | 52 | ||
| + | 53 | ||
| + | 54 | ||
| + | 55 | ||
| + | 56 | ||
| + | 57 | ||
| + | 58 | ||
| + | 59 | ||
| + | 61 | ||
| + | 62 | ||
| + | 69 | ||
| + | 76 | ||
| + | 77 | ||
| + | 78 | ||
| + | 79 | ||
| + | --More-- | ||
| + | [q] | ||
| </ | </ | ||
| - | Les option | + | Les options |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | auditd: unrecognized option ' | + | |
| - | Usage: auditd [-f] [-l] [-n] [-s disable|enable|nochange] [-c < | + | |
| - | </ | + | |
| - | ===auditctl=== | + | Usage: |
| + | pgrep [options] < | ||
| - | Cet exécutable est utilisé pour configurer les règles du système audit. Au démarrage, auditctl lit et applique les règles contunues dans le fichier **/ | + | Options: |
| + | -d, --delimiter < | ||
| + | -l, --list-name | ||
| + | -a, --list-full | ||
| + | -v, --inverse | ||
| + | -w, --lightweight | ||
| + | -c, --count | ||
| + | -f, --full | ||
| + | -g, --pgroup <PGID,...> | ||
| + | -G, --group <GID,...> | ||
| + | -i, --ignore-case | ||
| + | -n, --newest | ||
| + | -o, --oldest | ||
| + | -O, --older < | ||
| + | -P, --parent < | ||
| + | -s, --session < | ||
| + | -t, --terminal < | ||
| + | -u, --euid < | ||
| + | -U, --uid < | ||
| + | -x, --exact | ||
| + | -F, --pidfile < | ||
| + | -L, --logpidfile | ||
| + | -r, --runstates < | ||
| + | --ns < | ||
| + | | ||
| + | | ||
| + | the --ns option. | ||
| + | | ||
| - | < | + | -h, --help |
| - | [root@centos8 ~]# cat / | + | -V, --version |
| - | ## This file is automatically generated from / | + | |
| - | -D | + | |
| - | -b 8192 | + | |
| - | -f 1 | + | |
| - | --backlog_wait_time 60000 | + | |
| + | For more details see pgrep(1). | ||
| </ | </ | ||
| - | Les options de cette commande | + | ====1.3 - La Commande pstree==== |
| + | |||
| + | Cette commande | ||
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | usage: auditctl | + | systemd─┬─ModemManager───3*[{ModemManager}] |
| - | -a < | + | ├─NetworkManager───2*[{NetworkManager}] |
| - | | + | ├─accounts-daemon───3*[{accounts-daemon}] |
| - | -b < | + | |
| - | | + | │ |
| - | -c Continue through errors in rules | + | |
| - | -C f=f Compare collected fields if available: | + | |
| - | Field name, operator(=, | + | ├─auditd─┬─sedispatch |
| - | -d < | + | │ └─2*[{auditd}] |
| - | | + | ├─avahi-daemon───avahi-daemon |
| - | | + | ├─colord───3*[{colord}] |
| - | -D Delete all rules and watches | + | |
| - | -e [0..2] Set enabled flag | + | |
| - | -f [0..2] Set failure flag | + | ├─dbus-broker-lau───dbus-broker |
| - | | + | |
| - | -F f=v Build rule: field name, operator(=, | + | ├─gdm─┬─gdm-session-wor─┬─gdm-wayland-ses─┬─dbus-run-sessio─┬─dbus-daemon |
| - | > | + | |
| - | -h Help | + | |
| - | -i Ignore errors when reading rules from file | + | |
| - | -k < | + | |
| - | -l List rules | + | |
| - | -m text Send a user-space message | + | |
| - | -p [r|w|x|a] | + | |
| - | | + | |
| - | -q < | + | |
| - | -r < | + | |
| - | -R < | + | |
| - | -s Report status | + | |
| - | -S syscall | + | |
| - | -t Trim directory watches | + | |
| - | -v Version | + | |
| - | -w < | + | |
| - | -W < | + | │ |
| - | --loginuid-immutable | + | |
| - | --backlog_wait_time | + | |
| - | --reset-lost | + | |
| + | | ||
| + | | ||
| + | | ||
| + | ├─2*[gjs───6*[{gjs}]] | ||
| + | ├─gsd-printer───2*[{gsd-printer}] | ||
| + | ├─3*[httpd─┬─httpd] | ||
| + | │ ├─httpd───68*[{httpd}]] | ||
| + | | ||
| + | ├─ibus-portal───2*[{ibus-portal}] | ||
| + | | ||
| + | | ||
| + | ├─lsmd | ||
| + | ├─mcelog | ||
| + | ├─polkitd───7*[{polkitd}] | ||
| + | ├─power-profiles-───2*[{power-profiles-}] | ||
| + | | ||
| + | ├─rsyslogd───2*[{rsyslogd}] | ||
| + | ├─rtkit-daemon───2*[{rtkit-daemon}] | ||
| + | | ||
| + | ├─switcheroo-cont───2*[{switcheroo-cont}] | ||
| + | ├─systemd─┬─(sd-pam) | ||
| + | | ||
| + | | ||
| + | │ | ||
| + | │ | ||
| + | ├─systemd───(sd-pam) | ||
| + | ├─systemd-journal | ||
| + | ├─systemd-logind | ||
| + | ├─systemd-udevd | ||
| + | ├─udisksd───4*[{udisksd}] | ||
| + | ├─upowerd───2*[{upowerd}] | ||
| + | ├─wpa_supplicant | ||
| + | └─xdg-permission-───2*[{xdg-permission-}] | ||
| </ | </ | ||
| - | ===La consultation des événements audit=== | + | Les options de cette commande |
| - | + | ||
| - | La consultation des événements audit se fait en utilisant les commandes **ausearch** et **aureport** : | + | |
| - | + | ||
| - | ==La Commande aureport== | + | |
| - | + | ||
| - | Cette commande | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| + | pstree: unrecognized option ' | ||
| + | Usage: pstree [-acglpsStTuZ] [ -h | -H PID ] [ -n | -N type ] | ||
| + | [ -A | -G | -U ] [ PID | USER ] | ||
| + | or: pstree -V | ||
| - | Summary Report | + | Display a tree of processes. |
| - | ====================== | + | |
| - | Range of time in logs: 05/08/2020 08:13:52.320 - 06/03/2021 10: | + | |
| - | Selected time for report: 05/08/2020 08:13:52 - 06/03/2021 10: | + | |
| - | Number of changes in configuration: | + | |
| - | Number of changes to accounts, groups, or roles: 56 | + | |
| - | Number of logins: 21 | + | |
| - | Number of failed logins: 5 | + | |
| - | Number of authentications: | + | |
| - | Number of failed authentications: | + | |
| - | Number of users: 3 | + | |
| - | Number of terminals: 10 | + | |
| - | Number of host names: 4 | + | |
| - | Number of executables: | + | |
| - | Number of commands: 11 | + | |
| - | Number of files: 0 | + | |
| - | Number of AVC's: 0 | + | |
| - | Number of MAC events: 35 | + | |
| - | Number of failed syscalls: 0 | + | |
| - | Number of anomaly events: 7 | + | |
| - | Number of responses to anomaly events: 0 | + | |
| - | Number of crypto events: 287 | + | |
| - | Number of integrity events: 0 | + | |
| - | Number of virt events: 0 | + | |
| - | Number of keys: 0 | + | |
| - | Number of process IDs: 616 | + | |
| - | Number of events: 6030 | + | |
| - | </ | + | |
| - | Les options de cette commande sont : | + | -a, --arguments |
| + | -A, --ascii | ||
| + | -c, --compact-not | ||
| + | -C, --color=TYPE | ||
| + | (age) | ||
| + | -g, --show-pgids | ||
| + | -G, --vt100 | ||
| + | -h, --highlight-all highlight current process and its ancestors | ||
| + | -H PID, --highlight-pid=PID | ||
| + | highlight this process and its ancestors | ||
| + | -l, --long | ||
| + | -n, --numeric-sort | ||
| + | -N TYPE, --ns-sort=TYPE | ||
| + | sort output by this namespace type | ||
| + | (cgroup, ipc, mnt, net, pid, time, user, uts) | ||
| + | -p, --show-pids | ||
| + | -s, --show-parents | ||
| + | -S, --ns-changes | ||
| + | -t, --thread-names | ||
| + | -T, --hide-threads | ||
| + | -u, --uid-changes | ||
| + | -U, --unicode | ||
| + | -V, --version | ||
| + | -Z, --security-context | ||
| + | show security attributes | ||
| - | < | + | PID start at this PID; default |
| - | [root@centos8 ~]# aureport --help | + | |
| - | usage: aureport [options] | + | |
| - | -a, | + | |
| - | -au, | + | |
| - | --comm Commands run report | + | |
| - | -c, | + | |
| - | -cr, | + | |
| - | -e, | + | |
| - | -f, | + | |
| - | --failed only failed events in report | + | |
| - | -h, | + | |
| - | --help help | + | |
| - | -i, | + | |
| - | -if, | + | |
| - | --input-logs Use the logs even if stdin is a pipe | + | |
| - | --integrity Integrity event report | + | |
| - | -l, | + | |
| - | -k, | + | |
| - | -m, | + | |
| - | -ma, | + | |
| - | -n, | + | |
| - | -nc, | + | |
| - | --node <node name> | + | |
| - | -p, | + | |
| - | -r, | + | |
| - | -s, | + | |
| - | --success only success events in report | + | |
| - | --summary sorted totals for main object in report | + | |
| - | -t, | + | |
| - | -te,--end [end date] [end time] ending date & time for reports | + | |
| - | -tm, | + | |
| - | -ts, | + | |
| - | --tty Report about tty keystrokes | + | |
| - | -u,--user User name report | + | |
| - | -v, | + | |
| - | --virt Virtualization report | + | |
| - | -x, | + | |
| - | If no report is given, the summary report will be displayed | + | |
| </ | </ | ||
| - | ==La Commande | + | ====1.4 - La Commande |
| - | Cette commande | + | Cette commande |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_AUTH msg=audit(1598972728.209: | + | |
| - | omain addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_ACCT msg=audit(1598972728.214: | + | |
| - | ost.localdomain addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=CRED_ACQ msg=audit(1598972728.218: | + | |
| - | dr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_START msg=audit(1598972728.223: | + | |
| - | ,pam_xauth acct=" | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_END msg=audit(1598973013.687: | + | |
| - | pam_xauth acct=" | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=CRED_DISP msg=audit(1598973013.687: | + | |
| - | ddr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_AUTH msg=audit(1618847281.847: | + | |
| - | ng.loc addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_ACCT msg=audit(1618847281.847: | + | |
| - | 8.ittraining.loc addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=CRED_ACQ msg=audit(1618847281.847: | + | |
| - | ddr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_START msg=audit(1618847281.883: | + | |
| - | ,pam_xauth acct=" | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_END msg=audit(1618848279.544: | + | |
| - | ,pam_xauth acct=" | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=CRED_DISP msg=audit(1618848279.544: | + | |
| - | | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_AUTH msg=audit(1618848357.204: | + | |
| - | addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | time-> | + | |
| - | type=USER_AUTH msg=audit(1618848363.134: | + | |
| - | ng.loc addr=? terminal=pts/ | + | |
| - | ---- | + | |
| - | --More-- | + | |
| - | </ | + | |
| - | Les options de cette commande sont : | + | top - 14:41:00 up 2 days, 1:56, 1 user, load average: 0.01, 0.01, 0.00 |
| + | Tasks: 199 total, | ||
| + | %Cpu(s): | ||
| + | MiB Mem : | ||
| + | MiB Swap: | ||
| - | < | + | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| - | [root@centos8 ~]# ausearch --help | + | |
| - | usage: ausearch [options] | + | 1 root 20 |
| - | -a,--event <Audit event id> | + | 2 root 20 |
| - | --arch < | + | 3 root |
| - | -c, | + | 4 root |
| - | --checkpoint < | + | 5 root |
| - | --debug Write malformed events that are skipped to stderr | + | 6 root |
| - | -e,--exit <Exit code or errno> | + | 8 root |
| - | -f, | + | 10 root |
| - | --format [raw|default|interpret|csv|text] results format options | + | 12 root 20 |
| - | -ga, | + | 13 root 20 |
| - | -ge, | + | 14 root 20 |
| - | group id | + | 15 root 20 |
| - | -gi,--gid <Group Id> | + | 16 root 20 |
| - | -h, | + | 17 root rt |
| - | -hn,--host <Host Name> | + | 18 root -51 |
| - | -i, | + | 20 root 20 |
| - | -if,--input <Input File name> | + | 21 root 20 |
| - | --input-logs Use the logs even if stdin is a pipe | + | 22 root -51 |
| - | --just-one Emit just one event | + | 23 root rt |
| - | -k, | + | 24 root 20 |
| - | -l, --line-buffered Flush output on every line | + | 27 root 20 |
| - | -m, | + | 28 root -51 |
| - | -n, | + | 29 root rt |
| - | -o, | + | 30 root 20 |
| - | -p,--pid <Process id> | + | 32 root |
| - | -pp,--ppid <Parent Process id> | + | 33 root 20 |
| - | -r, | + | 34 root -51 |
| - | -sc, | + | 35 root rt |
| - | -se, | + | 36 root 20 |
| - | object | + | 38 root |
| - | --session <login session id> | + | 42 root 20 |
| - | -su, | + | 43 root |
| - | -sv, | + | 44 root 20 |
| - | success value | + | 45 root 20 |
| - | -te,--end [end date] [end time] ending date & time for search | + | 46 root 20 |
| - | -ts,--start [start date] [start time] starting data & time for search | + | 47 root |
| - | -tm, | + | 48 root 20 |
| - | -ua, | + | 49 root 25 |
| - | -ue, | + | 50 root 39 19 |
| - | user id | + | 51 root |
| - | -ui,--uid <User Id> | + | 52 root |
| - | -ul, | + | 53 root |
| - | -uu,--uuid <guest UUID> | + | 54 root 0 -20 |
| - | machine with the given UUID. | + | 55 root |
| - | -v, | + | 56 root |
| - | -vm, | + | 57 root 0 -20 |
| - | machine with the name. | + | 58 root |
| - | -w,--word string matches are whole word | + | 59 root -51 |
| - | -x, | + | ... |
| </ | </ | ||
| - | <WRAP center round important 60%> | + | Pour afficher l'aide de la commande |
| - | **Important** : Pour plus d'information concernant le système audit, consultez les manuels | + | |
| - | </ | + | |
| - | + | ||
| - | =====Le fichier / | + | |
| - | + | ||
| - | Ce fichier contient la plupart des messages du système | + | |
| < | < | ||
| - | [root@centos8 ~]# tail -n 15 / | + | Help for Interactive Commands |
| - | Jun 3 10:15:01 centos8 systemd[1]: session-76.scope: Succeeded. | + | Window |
| - | Jun | + | |
| - | Jun | + | |
| - | Jun 3 10:17:01 centos8 systemd[1]: Started Session 78 of user trainee. | + | |
| - | Jun 3 10:17:01 centos8 systemd[1]: session-78.scope: Succeeded. | + | |
| - | Jun 3 10:18:01 centos8 systemd[1]: Started Session 79 of user trainee. | + | |
| - | Jun | + | |
| - | Jun 3 10:19:01 centos8 systemd[1]: Started Session 80 of user trainee. | + | |
| - | Jun 3 10:19:01 centos8 systemd[1]: session-80.scope: | + | |
| - | Jun 3 10:20:02 centos8 systemd[1]: Started Session 81 of user trainee. | + | |
| - | Jun 3 10:20:02 centos8 systemd[1]: session-81.scope: | + | |
| - | Jun 3 10:21:01 centos8 systemd[1]: Started Session 82 of user trainee. | + | |
| - | Jun 3 10:21:01 centos8 systemd[1]: session-82.scope: | + | |
| - | Jun 3 10:22:01 centos8 systemd[1]: Started Session 83 of user trainee. | + | |
| - | Jun 3 10:22:01 centos8 systemd[1]: session-83.scope: | + | |
| - | </ | + | |
| - | =====Applications===== | + | Z, |
| + | l, | ||
| + | 0,1,2,3,4 Toggle: ' | ||
| + | f,F,X | ||
| - | Certaines applications consignent leurs journaux dans des répertoires spécifiques. Par exemple | + | L,&,<,> |
| + | R,H,J,C . Toggle: ' | ||
| + | c,i,S,j . Toggle: ' | ||
| + | x,y . Toggle highlights: ' | ||
| + | z,b . Toggle: ' | ||
| + | u,U,o,O . Filter by: ' | ||
| + | n,#, | ||
| + | V,v . Toggle: ' | ||
| - | * cups, | + | |
| - | | + | |
| - | * samba, | + | |
| - | * ... | + | |
| - | + | ( commands shown with '.' require a visible task display window ) | |
| - | < | + | Press ' |
| - | [root@centos8 ~]# ls -l /var/log | + | Type ' |
| - | total 2448 | + | |
| - | drwxr-xr-x. 2 root | + | |
| - | drwx------. 2 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-rw----. 1 root | + | |
| - | -rw-rw----. 1 root | + | |
| - | drwxr-xr-x. 2 chrony chrony | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-r--r--. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-r--r--. 1 root | + | |
| - | -rw-r--r--. 1 root | + | |
| - | -rw-r-----. 1 root | + | |
| - | drwxr-xr-x. 2 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-r--r--. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-rw-r--. 1 root | + | |
| - | drwx------. 3 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | drwx------. 2 root | + | |
| - | drwx------. 3 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | -rw-------. 1 root | + | |
| - | drwxr-x---. 2 sssd | + | |
| - | drwxr-xr-x. 3 root | + | |
| - | drwxr-xr-x. 2 root | + | |
| - | -rw-rw-r--. 1 root | + | |
| </ | </ | ||
| - | =====LAB #2 - rsyslog===== | + | <WRAP center round important> |
| + | **Important** | ||
| + | </ | ||
| - | **rsyslog**, le successeur | + | Au lancement, le temps de rafraîchissement |
| - | + | ||
| - | rsyslog apporte des améliorations par rapport à syslogd : | + | |
| - | + | ||
| - | * l' | + | |
| - | * la haute disponibilité, | + | |
| - | * l' | + | |
| - | + | ||
| - | Les messages de journalisation envoyés | + | |
| - | + | ||
| - | rsyslog décide ensuite de l' | + | |
| - | + | ||
| - | * ignorer les informations, | + | |
| - | * envoyer les informations à un rsyslog | + | |
| - | * inscrire les informations dans un fichier sur disque (par exemple, **/ | + | |
| - | * transmettre les informations à un utilisateur (par exemple **root**), | + | |
| - | * transmettre les informations à tous les utilisateurs (par exemple *****), | + | |
| - | * transmettre les informations à une application liée à rsyslog via un tube (par exemple, **|logrotate**). | + | |
| - | + | ||
| - | Sous RHEL/ | + | |
| < | < | ||
| - | [root@centos8 ~]# cat / | + | top - 14:42:15 up 2 days, 1:57, 1 user, load average: 0.00, 0.00, 0.00 |
| - | # Options for rsyslogd | + | Tasks: 199 total, |
| - | # Syslogd options are deprecated since rsyslog v3. | + | %Cpu(s): |
| - | # If you want to use them, switch to compatibility mode 2 by "-c 2" | + | MiB Mem : |
| - | # See rsyslogd(8) for more details | + | MiB Swap: |
| - | SYSLOGD_OPTIONS="" | + | Change delay from 3.0 to 1 |
| + | ... | ||
| </ | </ | ||
| - | L'option **-c** | + | Pour trier la liste selon l'utilisation |
| - | ^ Directive ^ Version ^ | + | < |
| - | | SYSLOGD_OPTIONS=" | + | [root@redhat9 ~]# top |
| - | | SYSLOGD_OPTIONS=" | + | top - 14:43:12 up 2 days, 1:58, 1 user, load average: 0.00, 0.00, 0.00 |
| - | | SYSLOGD_OPTIONS=" | + | Tasks: 199 total, |
| + | %Cpu(s): | ||
| + | MiB Mem : | ||
| + | MiB Swap: | ||
| - | ====2.1 - Priorités==== | + | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| + | 6049 gdm | ||
| + | 6617 gdm | ||
| + | 6206 gdm | ||
| + | 5707 root 20 | ||
| + | 6444 gdm | ||
| + | 5675 polkitd | ||
| + | 6462 gdm | ||
| + | 6674 gdm | ||
| + | 6486 gdm | ||
| + | 6432 gdm | ||
| + | 6439 gdm | ||
| + | 6451 gdm | ||
| + | 6571 gdm | ||
| + | 853 root 20 | ||
| + | 5975 gdm | ||
| + | 7620 apache | ||
| + | 7431 apache | ||
| + | 6455 gdm | ||
| + | 7898 apache | ||
| + | | ||
| + | 7621 apache | ||
| + | 7899 apache | ||
| + | 7432 apache | ||
| + | 7622 apache | ||
| + | 7433 apache | ||
| + | 7900 apache | ||
| + | 6381 gdm 9 -11 545148 | ||
| + | 5742 root 20 | ||
| + | 6452 gdm | ||
| + | 6640 colord | ||
| + | 5851 gdm | ||
| + | 9365 trainee | ||
| + | 6454 gdm | ||
| + | 6477 gdm | ||
| + | 6599 gdm | ||
| + | 629 root 20 | ||
| + | 5787 root 20 | ||
| + | 6436 gdm | ||
| + | 5704 root 20 | ||
| + | 6482 gdm | ||
| + | 7429 root 20 | ||
| + | 7618 root 20 | ||
| + | 6377 gdm 9 -11 326096 | ||
| + | 5671 root 20 | ||
| + | 7896 root 20 | ||
| + | 9357 root 20 | ||
| + | 5736 root 20 | ||
| + | 614 root 20 | ||
| + | 5765 root 20 | ||
| + | ... | ||
| + | </ | ||
| - | La **Priorité** permet d' | + | Pour ne pas visualiser les processus zombies ou les processus en attente, appuyez sur la touche i : |
| - | ^ Niveau ^ Priorité ^ Description ^ | + | < |
| - | | 0 | emerg/panic | Système inutilisable | | + | [root@redhat9 ~]# top |
| - | | 1 | alert | Action immédiate requise | | + | top - 14:44:10 up 2 days, 1:59, 1 user, load average: 0.00, 0.00, 0.00 |
| - | | 2 | crit | Condition critique atteinte | | + | Tasks: 199 total, |
| - | | 3 | err/error | Erreurs rencontrées | | + | %Cpu(s): |
| - | | 4 | warning/ | + | MiB Mem : |
| - | | 5 | notice | Condition normale - message important | | + | MiB Swap: |
| - | | 6 | info | Condition normale - message simple | | + | |
| - | | 7 | debug | Condition normale - message de débogage | | + | |
| - | ====2.2 - Sous-systèmes applicatifs==== | + | PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND |
| + | 6049 gdm | ||
| + | 10744 root 20 | ||
| + | </ | ||
| - | Le **Sous-système applicatif**, aussi appelé | + | Pour quitter top, appuyez sur la touche |
| - | ^ Fonction ^ Description ^ | + | Les options |
| - | | auth/ | + | |
| - | | cron | Message de cron ou at | | + | |
| - | | daemon | Message d'un daemon | | + | |
| - | | kern | Message du noyau | | + | |
| - | | lpr | Message du système d' | + | |
| - | | mail | Message du système de mail | | + | |
| - | | news | Message du système de news | | + | |
| - | | syslog | Message interne de rsyslogd | | + | |
| - | | user | Message utilisateur | | + | |
| - | | uucp | Message du système UUCP | | + | |
| - | | local0 - local7 | Réservés pour des utilisations locales | | + | |
| - | + | ||
| - | + | ||
| - | ====2.3 - / | + | |
| - | + | ||
| - | rsyslog est configuré par le fichier **/ | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | # rsyslog configuration file | + | top: inappropriate ' |
| - | + | Usage: | |
| - | # For more information see / | + | |
| - | # or latest version online at http:// | + | |
| - | # If you experience problems, see http:// | + | |
| - | + | ||
| - | #### MODULES #### | + | |
| - | + | ||
| - | module(load=" | + | |
| - | | + | |
| - | # local messages are retrieved through imjournal now. | + | |
| - | module(load=" | + | |
| - | | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Provides UDP syslog reception | + | |
| - | # for parameters see http:// | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Provides TCP syslog reception | + | |
| - | # for parameters see http:// | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | #### GLOBAL DIRECTIVES #### | + | |
| - | + | ||
| - | # Where to place auxiliary files | + | |
| - | global(workDirectory="/ | + | |
| - | + | ||
| - | # Use default timestamp format | + | |
| - | module(load=" | + | |
| - | + | ||
| - | # Include all config files in / | + | |
| - | include(file="/ | + | |
| - | + | ||
| - | #### RULES #### | + | |
| - | + | ||
| - | # Log all kernel messages to the console. | + | |
| - | # Logging much else clutters up the screen. | + | |
| - | # | + | |
| - | + | ||
| - | # Log anything (except mail) of level info or higher. | + | |
| - | # Don't log private authentication messages! | + | |
| - | *.info; | + | |
| - | + | ||
| - | # The authpriv file has restricted access. | + | |
| - | authpriv.* | + | |
| - | + | ||
| - | # Log all the mail messages in one place. | + | |
| - | mail.* | + | |
| - | + | ||
| - | + | ||
| - | # Log cron stuff | + | |
| - | cron.* | + | |
| - | + | ||
| - | # Everybody gets emergency messages | + | |
| - | *.emerg | + | |
| - | + | ||
| - | # Save news errors of level crit and higher in a special file. | + | |
| - | uucp, | + | |
| - | + | ||
| - | # Save boot messages also to boot.log | + | |
| - | local7.* | + | |
| - | + | ||
| - | + | ||
| - | # ### sample forwarding rule ### | + | |
| - | # | + | |
| - | # An on-disk queue is created for this action. If the remote host is | + | |
| - | # down, messages are spooled to disk and sent when it is up again. | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # Remote Logging (we use TCP for reliable delivery) | + | |
| - | # remote_host is: name/ip, e.g. 192.168.0.1, | + | |
| - | # | + | |
| </ | </ | ||
| - | Ce fichier est divisé en 3 parties : | + | ====1.5 - Les Commandes fg, bg et jobs==== |
| - | * **Modules**, | + | Normalement les commandes s’exécutent en avant plan. Vous pouvez également lancer |
| - | * Section traitant le chargement | + | |
| - | * **Directives Globales** | + | |
| - | * Section traitant les options | + | |
| - | * **Règles** (//Rules//), | + | |
| - | * Section traitant les règles de configuration des journaux. Les règles au format syslogd gardent le même format. Les nouvelles règles, compatibles seulement avec rsyslog commencent par **module**. | + | |
| - | + | ||
| - | ===Modules=== | + | |
| - | + | ||
| - | Depuis la version 3 de rsyslog, la réception des données par ce dernier appelée les **inputs** est gérée par l' | + | |
| - | + | ||
| - | ^ Module ^ Fonction ^ | + | |
| - | | module(load=" | + | |
| - | | module(load=" | + | |
| - | | module(load=" | + | |
| - | | module(load=" | + | |
| - | | module(load=" | + | |
| - | | module(load=" | + | |
| - | + | ||
| - | Dans le fichier **/ | + | |
| < | < | ||
| - | ... | + | # sleep 9999 & |
| - | #### MODULES #### | + | |
| - | + | ||
| - | module(load=" | + | |
| - | | + | |
| - | # local messages are retrieved through imjournal now. | + | |
| - | module(load=" | + | |
| - | | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Provides UDP syslog reception | + | |
| - | # for parameters see http:// | + | |
| - | # | + | |
| - | # | + | |
| - | + | ||
| - | # Provides TCP syslog reception | + | |
| - | # for parameters see http:// | + | |
| - | # | + | |
| - | # | + | |
| - | ... | + | |
| </ | </ | ||
| - | Pour activer la réception de messages à partir de serveurs rsyslog distants | + | <WRAP center round important> |
| + | Notez qu’un processus | ||
| + | </ | ||
| - | < | + | Linux numérote tous les processus qui sont placés en tâches de fond. On parle donc d’un **numéro de tâche**. |
| - | ... | + | |
| - | # Provides UDP syslog reception | + | |
| - | # for parameters see http:// | + | |
| - | module(load=" | + | |
| - | input(type=" | + | |
| - | # Provides TCP syslog reception | + | La commande **jobs** permet de se renseigner sur les processus en arrière plan : |
| - | # for parameters see http:// | + | |
| - | module(load=" | + | |
| - | input(type=" | + | |
| - | ... | + | |
| - | </ | + | |
| - | <WRAP center round important 60%> | + | <code> |
| - | **Important** : Les deux directives **module(load=" | + | [root@redhat9 ~]# sleep 9999 & |
| - | </ | + | [1] 10749 |
| - | Pour envoyer l' | + | [root@redhat9 ~]# jobs -l |
| - | + | [1]+ 10749 Running | |
| - | < | + | </code> |
| - | ... | + | |
| - | # ### sample forwarding rule ### | + | |
| - | # | + | |
| - | # An on-disk queue is created for this action. If the remote host is | + | |
| - | # down, messages are spooled to disk and sent when it is up again. | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # Remote Logging (we use TCP for reliable delivery) | + | |
| - | # remote_host is: name/ip, e.g. 192.168.0.1, | + | |
| - | Target=" | + | |
| - | ... | + | |
| - | </file> | + | |
| - | <WRAP center round important | + | <WRAP center round important> |
| - | **Important** | + | **Important** |
| </ | </ | ||
| - | ===Directives Globales=== | + | Si on souhaite envoyer un processus en arrière plan de façon à libérer le shell pour d’autres commandes, il faut d’abord suspendre le processus en question. Normalement on suspend un processus en utilisant la combinaison de touches < |
| - | Les directives dans cette section servent à configurer le comportement de rsyslog. | + | Par exemple : |
| - | <file> | + | <code> |
| - | module(load=" | + | [root@redhat9 ~]# sleep 1234 |
| - | </file> | + | ^Z |
| + | [2]+ Stopped | ||
| + | </code> | ||
| - | Cette directive stipule que le format des entrées dans les fichiers de journalisation | + | Un fois suspendu, on utilise la commande |
| - | ===Règles=== | + | < |
| + | [root@redhat9 ~]# bg %2 | ||
| + | [2]+ sleep 1234 & | ||
| - | Chaque règle prend la forme suivante : | + | [root@redhat9 ~]# jobs -l |
| + | [1]- 10749 Running | ||
| + | [2]+ 10750 Running | ||
| + | </ | ||
| - | <file> | + | <WRAP center round important> |
| - | Sélecteur[; ...] [-] Action | + | **Important** - Notez que lors du passage en arrière plan, le processus reprend son exécution normalement. Le caractère **-** qui suit le numéro de tâche |
| - | </file> | + | </WRAP> |
| - | Un Sélecteur est défini d'une des façons suivantes : | + | Pour ramener le processus en avant plan, il faut de nouveau interrompre le processus concerné. Or cette fois-ci, nous ne pouvons pas utiliser la commande < |
| - | ==Sous-système applicatif.Priorité== | + | < |
| + | [root@redhat9 ~]# kill -s stop %2 | ||
| - | Dans ce cas on ne tient compte que des messages de priorité égale ou supérieure à la Priorité indiquée. | + | [2]+ Stopped |
| + | </ | ||
| - | ==Sous-système applicatif!Priorité== | + | Pour ramener le processus en avant plan, on utilise la commande fg : |
| - | Dans ce cas on ne tient compte que des messages de priorité inférieure à la Priorité indiquée. | + | < |
| + | [root@redhat9 ~]# fg %2 | ||
| + | sleep 1234 | ||
| + | ^C | ||
| + | </ | ||
| - | ==Sous-système applicatif=Priorité== | + | <WRAP center round important> |
| + | **Important** | ||
| + | </ | ||
| - | Dans ce cas on ne tient compte que des messages | + | Les options |
| - | ==L'utilisation du caractère spécial *== | + | < |
| + | [root@redhat9 ~]# help jobs | ||
| + | jobs: jobs [-lnprs] [jobspec ...] or jobs -x command [args] | ||
| + | Display status of jobs. | ||
| + | |||
| + | Lists the active jobs. JOBSPEC restricts output to that job. | ||
| + | Without options, the status of all active jobs is displayed. | ||
| + | |||
| + | Options: | ||
| + | -l lists process IDs in addition to the normal information | ||
| + | -n lists only processes that have changed status since the last | ||
| + | notification | ||
| + | -p lists process IDs only | ||
| + | -r restrict output to running jobs | ||
| + | -s restrict output to stopped jobs | ||
| + | |||
| + | If -x is supplied, COMMAND is run after all job specifications that | ||
| + | appear in ARGS have been replaced with the process ID of that job's | ||
| + | process group leader. | ||
| + | |||
| + | Exit Status: | ||
| + | Returns success unless an invalid option is given or an error occurs. | ||
| + | If -x is used, returns the exit status of COMMAND. | ||
| + | </ | ||
| - | La valeur du Sous-système applicatif et/ou de la Priorité peut également être *****. Dans ce cas, toutes les valeurs possibles du **Sous-système applicatif** et/ou de la **Priorité** sont concernées, | + | ====1.6 - La Commande wait==== |
| - | ==n Sous-systèmes avec la même priorité== | + | Cette commande permet de doter un processus asynchrone du comportement d'un processus synchrone. Elle est utilisée pour attendre jusqu’à ce qu'un processus en tâche de fond soit terminé : |
| - | Plusieurs Sous-systèmes applicatifs peuvent être stipulés pour la même Priorité en les séparant avec un **virgule**. Par exemple : **uucp, | + | < |
| + | [root@redhat9 ~]# jobs -l | ||
| + | [1]+ 10749 Running | ||
| - | ==n Sélecteurs avec la même Action== | + | [root@redhat9 ~]# wait %1 |
| - | + | ^C | |
| - | Une Action peut s' | + | |
| + | [root@redhat9 ~]# jobs -l | ||
| + | [1]+ 10749 Running | ||
| + | </ | ||
| - | <WRAP center round important | + | <WRAP center round important> |
| - | **Important** : Une Action précédée par le signe **-** est entreprise d'une manière | + | **Important** - Notez que l'utilisation des touches < |
| </ | </ | ||
| - | =====LAB #3 - La Commande | + | ====1.7 - La Commande |
| - | La commande | + | Cette commande |
| - | La syntaxe de la commande est : | + | < |
| + | [root@redhat9 ~]# nice -n -20 sleep 1234 | ||
| + | ^Z | ||
| + | [2]+ Stopped | ||
| - | < | + | [root@redhat9 ~]# ps lx | grep sleep |
| - | logger -p Sous-système applicatif.Priorité message | + | 0 |
| - | </file> | + | 4 |
| + | 0 | ||
| - | Par exemple saisissez la commande suivante : | + | [root@redhat9 ~]# nice -n 19 sleep 5678 |
| + | ^Z | ||
| + | [3]+ Stopped | ||
| - | < | + | [root@redhat9 |
| - | [root@centos8 | + | 0 |
| + | 4 | ||
| + | 0 | ||
| + | 0 | ||
| </ | </ | ||
| - | Consultez | + | Comme vous pouvez constater |
| - | <code> | + | <WRAP center round important> |
| - | [root@centos8 ~]# tail / | + | **Important** - Notez que seul root peut lancer des processus avec une valeur négative. |
| - | Jun 3 12:55:01 centos8 systemd[1]: session-237.scope: | + | </WRAP> |
| - | Jun 3 12:56:01 centos8 systemd[1]: Started Session 238 of user trainee. | + | |
| - | Jun 3 12:56:01 centos8 systemd[1]: session-238.scope: | + | |
| - | Jun 3 12:57:01 centos8 systemd[1]: Started Session 239 of user trainee. | + | |
| - | Jun 3 12:57:01 centos8 systemd[1]: session-239.scope: | + | |
| - | Jun 3 12:58:01 centos8 systemd[1]: Started Session 240 of user trainee. | + | |
| - | Jun 3 12:58:01 centos8 systemd[1]: session-240.scope: | + | |
| - | Jun 3 12:58:55 centos8 trainee[5139]: | + | |
| - | Jun 3 12:59:01 centos8 systemd[1]: Started Session 241 of user trainee. | + | |
| - | Jun 3 12:59:01 centos8 systemd[1]: session-241.scope: | + | |
| - | </code> | + | |
| - | Les options de la commande | + | Les options de cette commande sont : |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| + | Usage: nice [OPTION] [COMMAND [ARG]...] | ||
| + | Run COMMAND with an adjusted niceness, which affects process scheduling. | ||
| + | With no COMMAND, print the current niceness. | ||
| + | -20 (most favorable to the process) to 19 (least favorable to the process). | ||
| - | Usage: | + | Mandatory arguments to long options |
| - | | + | -n, --adjustment=N |
| - | + | --help | |
| - | Enter messages into the system log. | + | --version |
| - | + | ||
| - | Options: | + | |
| - | | + | |
| - | | + | |
| - | -f, --file < | + | |
| - | -e, --skip-empty | + | |
| - | | + | |
| - | -p, --priority < | + | |
| - | | + | |
| - | | + | |
| - | -s, --stderr | + | |
| - | -S, --size < | + | |
| - | -t, --tag < | + | |
| - | -n, --server < | + | |
| - | -P, --port < | + | |
| - | -T, --tcp use TCP only | + | |
| - | -d, --udp use UDP only | + | |
| - | | + | |
| - | | + | |
| - | < | + | |
| - | --sd-id < | + | |
| - | | + | |
| - | --msgid < | + | |
| - | -u, --socket < | + | |
| - | | + | |
| - | print connection errors when using Unix sockets | + | |
| - | | + | |
| - | -h, --help | + | NOTE: your shell may have its own version of nice, which usually supersedes |
| - | -V, --version | + | the version |
| + | for details about the options it supports. | ||
| - | For more details see logger(1). | + | GNU coreutils online help: < |
| + | Full documentation < | ||
| + | or available locally via: info '(coreutils) nice invocation' | ||
| </ | </ | ||
| - | =====LAB #4 - La Commande | + | ====1.8 - La Commande |
| - | Les fichiers journaux grossissent régulièrement. Le programme **/ | + | Cette commande modifie la priorité d’un processus déjà en cours. La valeur |
| - | + | ||
| - | Visualisez | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | # see "man logrotate" | + | [1] 10749 Running |
| - | # rotate log files weekly | + | [2]- 10775 Stopped |
| - | weekly | + | [3]+ 10778 Stopped |
| - | # keep 4 weeks worth of backlogs | + | [root@redhat9 ~]# bg %2 |
| - | rotate 4 | + | [2]- nice -n -20 sleep 1234 & |
| - | # create new (empty) log files after rotating old ones | + | [root@redhat9 ~]# bg %3 |
| - | create | + | [3]+ nice -n 19 sleep 5678 & |
| - | # use date as a suffix of the rotated file | + | [root@redhat9 ~]# jobs -l |
| - | dateext | + | [1] 10749 Running |
| + | [2]- 10775 Running | ||
| + | [3]+ 10778 Running | ||
| - | # uncomment this if you want your log files compressed | + | [root@redhat9 ~]# renice +5 10775 |
| - | #compress | + | 10775 (process ID) old priority -20, new priority 5 |
| - | # RPM packages drop log rotation information into this directory | + | [root@redhat9 ~]# renice -5 10778 |
| - | include / | + | 10778 (process ID) old priority 19, new priority -5 |
| - | # system-specific logs may be also be configured here. | + | [root@redhat9 ~]# ps lx | grep sleep |
| + | 0 | ||
| + | 4 | ||
| + | 0 | ||
| + | 0 | ||
| </ | </ | ||
| - | Dans la première partie de ce fichier on trouve des directives pour : | + | <WRAP center round important> |
| - | + | **Important** | |
| - | * remplacer les fichiers journaux chaque semaine | + | |
| - | * garder 4 archives des fichiers journaux | + | |
| - | * créer un nouveau fichier log une fois le précédent archivé | + | |
| - | * comprimer les archives créées. | + | |
| - | + | ||
| - | La directive **include / | + | |
| - | + | ||
| - | La deuxième partie du fichier concerne des configurations spécifiques pour certains fichiers journaux. | + | |
| - | + | ||
| - | <WRAP center round important | + | |
| - | **Important** | + | |
| </ | </ | ||
| - | Les options de la commande | + | Les options de cette commande sont : |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | Usage: logrotate [OPTION...] < | + | |
| - | -d, --debug | + | |
| - | messages | + | |
| - | -f, --force | + | |
| - | -m, --mail=command | + | |
| - | -s, --state=statefile | + | |
| - | -v, --verbose | + | |
| - | -l, --log=logfile | + | |
| - | --version | + | |
| - | Help options: | + | Usage: |
| - | -?, --help Show this help message | + | renice [-n] < |
| - | --usage | + | renice [-n] < |
| - | </code> | + | renice [-n] < |
| - | =====LAB #5 - La Journalisation avec journald===== | + | Alter the priority of running processes. |
| - | Sous RHEL/CentOS 8, les fichiers de Syslog sont gardés pour une question de compatibilité. Cependant, tous les journaux sont d' | + | Options: |
| + | -n, --priority < | ||
| + | -p, --pid interpret arguments as process ID (default) | ||
| + | -g, --pgrp | ||
| + | -u, --user | ||
| - | < | + | -h, --help |
| - | [root@centos8 ~]# ls -l / | + | -V, --version |
| - | total 0 | + | |
| - | drwxr-s---+ 2 root systemd-journal 60 Jun 3 09:01 de79af4f226d480fa7d3fec4cabbf97a | + | |
| - | </ | + | |
| - | A l' | + | For more details see renice(1). |
| - | + | ||
| - | Pour rendre les journaux permenants, il faut créer le répertoire **/ | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# mkdir / | + | |
| - | [root@centos8 ~]# ls -l / | + | |
| - | total 0 | + | |
| - | [root@centos8 ~]# systemctl restart systemd-journald | + | |
| - | [root@centos8 ~]# ls -l / | + | |
| - | ls: cannot access '/ | + | |
| - | [root@centos8 ~]# ls -l / | + | |
| - | total 0 | + | |
| - | drwxr-xr-x. 2 root root 28 Jun 3 13:03 de79af4f226d480fa7d3fec4cabbf97a | + | |
| </ | </ | ||
| - | Journald ne peut pas envoyer les traces à un autre ordinateur. Pour utiliser un serveur de journalisation distant il faut donc inclure la directive **ForwardToSyslog=yes** dans le fichier de configuration de journald, **/ | + | ====1.9 - La Commande nohup==== |
| - | < | + | Cette commande permet à un processus de poursuivre son exécution après la déconnexion. Un processus enfant meurt quand le processus parent meure ou se termine. Comme une connexion est un processus, quand vous vous déconnectez, |
| - | [root@centos8 ~]# cat / | + | |
| - | # This file is part of systemd. | + | |
| - | # | + | |
| - | # systemd is free software; you can redistribute it and/or modify it | + | |
| - | # under the terms of the GNU Lesser General Public License as published by | + | |
| - | # the Free Software Foundation; either version 2.1 of the License, or | + | |
| - | # (at your option) any later version. | + | |
| - | # | + | |
| - | # Entries in this file show the compile time defaults. | + | |
| - | # You can change settings by editing this file. | + | |
| - | # Defaults can be restored by simply deleting this file. | + | |
| - | # | + | |
| - | # See journald.conf(5) for details. | + | |
| - | [Journal] | + | < |
| - | # | + | nohup lp ventes.txt & |
| - | # | + | </file> |
| - | #Seal=yes | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | ForwardToSyslog=yes | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | # | + | |
| - | </code> | + | |
| - | ====5.1 - Consultation des Journaux==== | + | Les options |
| - | + | ||
| - | L' | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:08:01 EDT. -- | + | Usage: nohup COMMAND |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Linux version 4.18.0-240.22.1.el8_3.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021 | + | or: |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0, | + | Run COMMAND, ignoring hangup signals. |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: xstate_offset[2]: 576, xstate_sizes[2]: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using ' | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-provided physical RAM map: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: NX (Execute Disable) protection: active | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: SMBIOS 2.5 present. | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: DMI: innotek GmbH VirtualBox/ | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Hypervisor detected: KVM | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: cpu 0, msr 114801001, primary cpu clock | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: using sched offset of 5675771878 cycles | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: clocksource: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: tsc: Detected 1190.400 MHz processor | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: remove [mem 0x000a0000-0x000fffff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: last_pfn = 0x120000 max_arch_pfn = 0x400000000 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: MTRR default type: uncachable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: MTRR variable ranges disabled: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Disabled | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/PAT: MTRRs disabled, skipping PAT initialization too. | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: CPU MTRRs all blank - virtualized system. | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/PAT: Configuration [0-7]: WB WT UC- UC WB WT UC- UC | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: last_pfn = 0xdfff0 max_arch_pfn = 0x400000000 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: found SMP MP-table at [mem 0x0009fff0-0x0009ffff] | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kexec: Reserving the low 1M of memory for crashkernel | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a01000, 0x114a01fff] PGTABLE | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a02000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a03000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a04000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a05000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a06000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a07000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a08000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a09000, | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: RAMDISK: [mem 0x34e00000-0x366f7fff] | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: Early table checksum verification disabled | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: RSDP 0x00000000000E0000 000024 (v02 VBOX ) | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: XSDT 0x00000000DFFF0030 00003C (v01 VBOX | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACP 0x00000000DFFF00F0 0000F4 (v04 VBOX | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: DSDT 0x00000000DFFF0480 002325 (v02 VBOX | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACS 0x00000000DFFF0200 000040 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACS 0x00000000DFFF0200 000040 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: APIC 0x00000000DFFF0240 00006C (v02 VBOX | + | |
| - | lines 1-57 | + | |
| - | </ | + | |
| - | <WRAP center round important 60%> | + | --help |
| - | **Important** : Notez que les messages importants sont en gras, par exemple les messages de niveaux **notice** ou **warning** et que les messages graves sont en rouge. | + | |
| - | </ | + | |
| - | ====5.2 - Consultation des Journaux d'une Application Spécifique==== | + | If standard input is a terminal, redirect it from an unreadable file. |
| + | If standard output is a terminal, append output to 'nohup.out' | ||
| + | ' | ||
| + | If standard error is a terminal, redirect it to standard output. | ||
| + | To save output to FILE, use 'nohup COMMAND > FILE'. | ||
| - | Pour consulter les entrées concernant une application spécifique, il suffit de passer l'exécutable, | + | NOTE: your shell may have its own version of nohup, which usually supersedes |
| + | the version described here. Please refer to your shell's documentation | ||
| + | for details about the options it supports. | ||
| - | <code> | + | GNU coreutils online help: <https://www.gnu.org/ |
| - | [root@centos8 ~]# journalctl | + | Full documentation <https://www.gnu.org/ |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:10:01 EDT. -- | + | or available locally via: info '(coreutils) nohup invocation' |
| - | Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: | + | |
| - | Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: | + | |
| - | Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: | + | |
| - | Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: | + | |
| - | Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: | + | |
| - | Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: | + | |
| </ | </ | ||
| - | <WRAP center round important 60%> | + | ====1.10 - La Commande kill==== |
| - | **Important** : Rappelez-vous que sous RHEL/CentOS 8 le répertoire **/sbin** est un lien symbolique vers **/ | + | |
| - | </ | + | |
| - | + | ||
| - | ====5.3 - Consultation des Journaux depuis le Dernier Démarrage==== | + | |
| - | Pour consulter les entrées depuis le dernier démarrage, il suffit d' | + | La commande kill envoie des signaux aux processus. La liste des signaux possibles peut être afficher avec l' |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:11:01 EDT. -- | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Linux version 4.18.0-240.22.1.el8_3.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version | + | 6) SIGABRT |
| - | 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021 | + | 11) SIGSEGV |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0, | + | 16) SIGSTKFLT |
| - | c-0d59-45be-bd73-d292b80be33c ro crashkernel=auto resume=UUID=c8bb3f47-d67f-4b21-b781-766899dc83d4 rhgb quiet | + | 21) SIGTTIN |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' | + | 26) SIGVTALRM |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' | + | 31) SIGSYS |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers' | + | 38) SIGRTMIN+4 |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: xstate_offset[2]: | + | 43) SIGRTMIN+9 |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using ' | + | 48) SIGRTMIN+14 49) SIGRTMIN+15 50) SIGRTMAX-14 51) SIGRTMAX-13 52) SIGRTMAX-12 |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-provided physical RAM map: | + | 53) SIGRTMAX-11 54) SIGRTMAX-10 55) SIGRTMAX-9 56) SIGRTMAX-8 57) SIGRTMAX-7 |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable | + | 58) SIGRTMAX-6 59) SIGRTMAX-5 60) SIGRTMAX-4 61) SIGRTMAX-3 62) SIGRTMAX-2 |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved | + | 63) SIGRTMAX-1 64) SIGRTMAX |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: NX (Execute Disable) protection: active | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: SMBIOS 2.5 present. | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: DMI: innotek GmbH VirtualBox/ | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: Hypervisor detected: KVM | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00 | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: cpu 0, msr 114801001, primary cpu clock | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: using sched offset of 5675771878 cycles | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: clocksource: | + | |
| - | 590591483 ns | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: tsc: Detected 1190.400 MHz processor | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved | + | |
| - | --More-- | + | |
| </ | </ | ||
| - | <WRAP center round important | + | <WRAP center round important> |
| - | **Important** | + | **Important** |
| </ | </ | ||
| - | ====5.4 - Consultation des Journaux d'une Priorité Spécifique==== | + | Parmi les numéros de signaux les plus utiles on trouve : |
| - | Pour consulter les entrées | + | ^ Numéro ^ Description ^ |
| + | | -1 | Le signal Hang Up est envoyé | ||
| + | | -2 | Interruption du processus - équivalent à < | ||
| + | | -3 | La même chose que -2 mais avec la génération | ||
| + | | -9 | Le signal qui tue un processus brutalement | | ||
| + | | -15 | Le signal envoyé par défaut par la commande | ||
| - | < | + | Les options |
| - | [root@centos8 ~]# journalctl -p warning | + | |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:12:01 EDT. -- | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: | + | |
| - | Jun 03 09:01:10 centos8.ittraining.loc kernel: acpi PNP0A03:00: fail to add MMCONFIG information, | + | |
| - | Jun 03 09:01:12 centos8.ittraining.loc kernel: e1000: E1000 MODULE IS NOT SUPPORTED | + | |
| - | Jun 03 09:01:12 centos8.ittraining.loc kernel: [drm: | + | |
| - | Jun 03 09:01:12 centos8.ittraining.loc kernel: [drm: | + | |
| - | Jun 03 09:01:18 centos8.ittraining.loc kernel: printk: systemd: 19 output lines suppressed due to ratelimiting | + | |
| - | Jun 03 09:01:20 centos8.ittraining.loc firewalld[874]: | + | |
| - | Jun 03 09:01:21 centos8.ittraining.loc systemd[1]: iscsi.service: | + | |
| - | Jun 03 09:01:24 centos8.ittraining.loc systemd[1]: iscsi.service: | + | |
| - | Jun 03 09:01:24 centos8.ittraining.loc systemd[1]: iscsi.service: | + | |
| - | Jun 03 09:01:26 centos8.ittraining.loc chronyd[850]: | + | |
| - | Jun 03 09:01:28 centos8.ittraining.loc chronyd[850]: | + | |
| - | Jun 03 12:46:31 centos8.ittraining.loc chronyd[850]: | + | |
| - | lines 1-15/15 (END) | + | |
| - | </ | + | |
| - | + | ||
| - | Les priorités reconnues par Journald sont : | + | |
| - | + | ||
| - | ^ Niveau ^ Priorité ^ Description ^ | + | |
| - | | 0 | emerg | Système inutilisable | | + | |
| - | | 1 | alert | Action immédiate requise | | + | |
| - | | 2 | crit | Condition critique atteinte | | + | |
| - | | 3 | err | Erreurs rencontrées | | + | |
| - | | 4 | warning | Avertissements présentés | | + | |
| - | | 5 | notice | Condition normale - message important | | + | |
| - | | 6 | info | Condition normale - message simple | | + | |
| - | | 7 | debug | Condition normale - message | + | |
| - | + | ||
| - | ====5.5 - Consultation des Journaux d'une Plage de Dates ou d' | + | |
| - | + | ||
| - | Pour consulter les entrées d'une plage de dates ou d' | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:14:01 EDT. -- | + | kill: kill [-s sigspec | -n signum | -sigspec] pid | jobspec |
| - | Jun 03 12:00:01 centos8.ittraining.loc systemd[1]: Started Session 181 of user trainee. | + | Send a signal to a job. |
| - | Jun 03 12:00:01 centos8.ittraining.loc CROND[4238]: | + | |
| - | Jun 03 12:00:01 centos8.ittraining.loc systemd[1]: session-181.scope: Succeeded. | + | Send the processes identified by PID or JOBSPEC the signal named by |
| - | Jun 03 12:01:01 centos8.ittraining.loc CROND[4251]: (root) CMD (run-parts / | + | |
| - | Jun 03 12:01:01 centos8.ittraining.loc systemd[1]: Started Session 182 of user trainee. | + | |
| - | Jun 03 12:01:01 centos8.ittraining.loc run-parts[4255]: | + | |
| - | Jun 03 12:01:01 centos8.ittraining.loc CROND[4260]: | + | |
| - | Jun 03 12:01:01 centos8.ittraining.loc run-parts[4262]: | + | -s sig SIG is a signal name |
| - | Jun 03 12:01:01 centos8.ittraining.loc systemd[1]: session-182.scope: | + | -n sig SIG is a signal number |
| - | Jun 03 12:02:01 centos8.ittraining.loc systemd[1]: Started Session 183 of user trainee. | + | -l list the signal names; if arguments follow `-l' they are |
| - | Jun 03 12:02:01 centos8.ittraining.loc CROND[4275]: | + | |
| - | Jun 03 12:02:01 centos8.ittraining.loc systemd[1]: session-183.scope: Succeeded. | + | -L synonym for -l |
| - | Jun 03 12:03:01 centos8.ittraining.loc systemd[1]: Started Session 184 of user trainee. | + | |
| - | Jun 03 12:03:01 centos8.ittraining.loc CROND[4289]: | + | Kill is a shell builtin for two reasons: it allows job IDs to be used |
| - | Jun 03 12:03:01 centos8.ittraining.loc systemd[1]: session-184.scope: Succeeded. | + | |
| - | Jun 03 12:04:01 centos8.ittraining.loc systemd[1]: Started Session 185 of user trainee. | + | on processes that you can create is reached. |
| - | Jun 03 12:04:01 centos8.ittraining.loc CROND[4303]: | + | |
| - | Jun 03 12:04:01 centos8.ittraining.loc systemd[1]: session-185.scope: Succeeded. | + | Exit Status: |
| - | Jun 03 12:05:01 centos8.ittraining.loc systemd[1]: Started Session 186 of user trainee. | + | |
| - | Jun 03 12:05:01 centos8.ittraining.loc CROND[4319]: | + | |
| - | Jun 03 12:05:01 centos8.ittraining.loc systemd[1]: session-186.scope: Succeeded. | + | |
| - | Jun 03 12:06:02 centos8.ittraining.loc systemd[1]: Started Session 187 of user trainee. | + | |
| - | Jun 03 12:06:02 centos8.ittraining.loc CROND[4332]: | + | |
| - | Jun 03 12:06:02 centos8.ittraining.loc systemd[1]: session-187.scope: | + | |
| - | Jun 03 12:07:01 centos8.ittraining.loc systemd[1]: Started Session 188 of user trainee. | + | |
| - | Jun 03 12:07:01 centos8.ittraining.loc CROND[4346]: | + | |
| - | Jun 03 12:07:01 centos8.ittraining.loc systemd[1]: session-188.scope: | + | |
| - | Jun 03 12:08:01 centos8.ittraining.loc systemd[1]: Started Session 189 of user trainee. | + | |
| - | Jun 03 12:08:01 centos8.ittraining.loc CROND[4360]: | + | |
| - | Jun 03 12:08:01 centos8.ittraining.loc systemd[1]: session-189.scope: | + | |
| - | lines 1-31 | + | |
| </ | </ | ||
| - | <WRAP center round important 60%> | + | ====1.11 - La Commande pkill==== |
| - | **Important** : Il est possible d' | + | |
| - | </ | + | |
| - | ====5.6 - Consultation des Journaux en Live==== | + | La commande pkill permet |
| - | + | ||
| - | Pour consulter les journaux en live, il suffit | + | |
| < | < | ||
| - | [root@centos8 | + | [root@redhat9 |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT. -- | + | |
| - | Jun 03 13:13:08 centos8.ittraining.loc systemd[1]: Started dnf makecache. | + | |
| - | Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: Started Session 256 of user trainee. | + | |
| - | Jun 03 13:14:01 centos8.ittraining.loc CROND[5391]: | + | |
| - | Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: session-256.scope: | + | |
| - | Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: Started Session 257 of user trainee. | + | |
| - | Jun 03 13:15:01 centos8.ittraining.loc CROND[5407]: | + | |
| - | Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: session-257.scope: | + | |
| - | Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: Started Session 258 of user trainee. | + | |
| - | Jun 03 13:16:02 centos8.ittraining.loc CROND[5420]: | + | |
| - | Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: session-258.scope: | + | |
| - | ^C | + | |
| </ | </ | ||
| - | Ouvrez un deuxième terminal et saisissez la commande | + | Les options de cette commande |
| < | < | ||
| - | [trainee@centos8 | + | [root@redhat9 |
| - | </ | + | |
| - | Retournez consulter le premier terminal | + | Usage: |
| + | pkill [options] < | ||
| - | <code> | + | Options: |
| - | [root@centos8 ~]# journalctl | + | -<sig>, --signal < |
| - | -- Logs begin at Thu 2021-06-03 09:01:10 EDT. -- | + | -q, --queue < |
| - | Jun 03 13:13:08 centos8.ittraining.loc systemd[1]: Started dnf makecache. | + | -e, --echo display what is killed |
| - | Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: Started Session 256 of user trainee. | + | -c, --count count of matching processes |
| - | Jun 03 13:14:01 centos8.ittraining.loc CROND[5391]: | + | -f, --full |
| - | Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: session-256.scope: Succeeded. | + | -g, --pgroup <PGID,...> match listed process group IDs |
| - | Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: Started Session 257 of user trainee. | + | -G, --group <GID,...> |
| - | Jun 03 13:15:01 centos8.ittraining.loc CROND[5407]: | + | -i, --ignore-case |
| - | Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: session-257.scope: Succeeded. | + | -n, --newest |
| - | Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: Started Session 258 of user trainee. | + | -o, --oldest |
| - | Jun 03 13:16:02 centos8.ittraining.loc CROND[5420]: | + | -O, --older <seconds> select where older than seconds |
| - | Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: session-258.scope: | + | -P, --parent <PPID,...> match only child processes |
| - | Jun 03 13:17:01 centos8.ittraining.loc systemd[1]: Started Session 259 of user trainee. | + | -s, --session <SID,...> |
| - | Jun 03 13:17:01 centos8.ittraining.loc CROND[5436]: | + | -t, --terminal <tty,...> match by controlling terminal |
| - | Jun 03 13:17:01 centos8.ittraining.loc systemd[1]: session-259.scope: Succeeded. | + | -u, --euid <ID,...> match by effective IDs |
| - | Jun 03 13:17:19 centos8.ittraining.loc sshd[5439]: Accepted password for trainee | + | -U, --uid <ID,...> |
| - | Jun 03 13:17:19 centos8.ittraining.loc systemd-logind[880]: | + | -x, --exact |
| - | Jun 03 13:17:19 centos8.ittraining.loc systemd[1]: Started Session 260 of user trainee. | + | -F, --pidfile < |
| - | Jun 03 13:17:19 centos8.ittraining.loc sshd[5439]: pam_unix(sshd: | + | -L, --logpidfile |
| - | Jun 03 13:17:34 centos8.ittraining.loc trainee[5470]: | + | -r, --runstates < |
| - | Jun 03 13:17:34 centos8.ittraining.loc rsyslogd[1113]: | + | --ns < |
| - | Jun 03 13:18:01 centos8.ittraining.loc systemd[1]: Started Session 261 of user trainee. | + | namespace as < |
| - | Jun 03 13:18:01 centos8.ittraining.loc CROND[5481]: | + | |
| - | Jun 03 13:18:01 centos8.ittraining.loc systemd[1]: session-261.scope: | + | the --ns option. |
| - | ^C | + | Available namespaces: ipc, mnt, net, pid, user, uts |
| - | </ | + | |
| - | <WRAP center round important 60%> | + | -h, --help |
| - | **Important** : Notez la présence de la ligne **Jun 03 13:17:34 centos8.ittraining.loc trainee[5470]: | + | -V, --version |
| - | </ | + | |
| - | ====5.7 - Consultation des Journaux avec des Mots Clefs=== | + | For more details see pgrep(1). |
| - | + | ||
| - | Pour consulter les mots clefs compris par Journald, tapez la commande **journalctl** puis appuyer **deux** fois sur la touche < | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# journalctl [tab] [tab] | + | |
| - | _AUDIT_LOGINUID= | + | |
| - | _AUDIT_SESSION= | + | |
| - | AVAILABLE= | + | |
| - | AVAILABLE_PRETTY= | + | |
| - | _BOOT_ID= | + | |
| - | _CAP_EFFECTIVE= | + | |
| - | _CMDLINE= | + | |
| - | CODE_FILE= | + | |
| - | CODE_FUNC= | + | |
| - | CODE_LINE= | + | |
| - | _COMM= | + | |
| - | CURRENT_USE= | + | |
| - | CURRENT_USE_PRETTY= | + | |
| - | DISK_AVAILABLE= | + | |
| - | DISK_AVAILABLE_PRETTY= | + | |
| - | DISK_KEEP_FREE= | + | |
| - | DISK_KEEP_FREE_PRETTY= | + | |
| - | _EXE= | + | |
| - | _GID= | + | |
| - | </ | + | |
| - | + | ||
| - | Pour voir la liste des processus dont les traces sont inclus dans les journaux du mots clefs, tapez la commande journalctl suivi par le nom d'un mot clef puis appuyer deux fois sur la touche < | + | |
| - | + | ||
| - | < | + | |
| - | [root@centos8 ~]# journalctl _UID= | + | |
| - | 0 | + | |
| - | [root@centos8 ~]# journalctl _COMM= | + | |
| - | anacron | + | |
| - | auditd | + | |
| - | augenrules | + | |
| - | chronyd | + | |
| - | crond firewalld | + | |
| </ | </ | ||
| ----- | ----- | ||
| Copyright © 2024 Hugh Norris. | Copyright © 2024 Hugh Norris. | ||
