Vous êtes ici : Formations en Ligne Gratuites » Catalogue » workbooks » Red Hat » RH12400 - Préparation à la Certification RH124 » RH12411 - Gestion de la Journalisation

Différences

Ci-dessous, les différences entre deux révisions de la page.

Lien vers cette vue comparative

--- elearning:workbooks:redhat:rh124:l110 [2024/09/26 11:51] – created admin
+++ elearning:workbooks:redhat:rh124:l110 [2024/11/28 08:58] (Version actuelle) – admin
@@ Ligne 50: / Ligne 50: @@
       * 5.6 - Consultation des Journaux en Live
       * 5.7 - Consultation des Journaux avec des Mots Clefs
+    * LAB #6 - Le Serveur d'Horloge
+      * 6.1 - Introduction
+      * 6.2 - Le Service chronyd
+      * 6.2 - Le Fichier /etc/chrony.conf
 =====Présentation=====
@@ Ligne 64: / Ligne 68: @@
 <code>
-[root@centos8 ~]# dmesg | more
+[root@redhat9 ~]# dmesg | more
-[    0.000000] Linux version 4.18.0-240.22.1.el8_3.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.3.1 20191121 (Red Hat 8.3.1-5) (G
+[    0.000000] Linux version 5.14.0-427.37.1.el9_4.x86_64 (mockbuild@x86-64-02.build.eng.rdu2.redhat.com) (gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3), GNU ld version 2.35.2-43.el9) #1 SMP PREEMPT_DYNAMIC Fri
-CC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021
+Sep 13 12:41:50 EDT 2024
-[    0.000000] Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=4c0cc28c-0d59-45be-bd73-d292b80be33c ro cra
+[    0.000000] The list of certified hardware and cloud instances for Red Hat Enterprise Linux 9 can be viewed at the Red Hat Ecosystem Catalog, https://catalog.redhat.com.
-shkernel=auto resume=UUID=c8bb3f47-d67f-4b21-b781-766899dc83d4 rhgb quiet
+[    0.000000] Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.14.0-427.37.1.el9_4.x86_64 root=/dev/mapper/rhel-root ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/r
+oot rd.lvm.lv=rhel/swap rhgb quiet
 [    0.000000] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
 [    0.000000] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
@@ Ligne 74: / Ligne 79: @@
 [    0.000000] x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
 [    0.000000] x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
+[    0.000000] signal: max sigframe size: 1776
 [    0.000000] BIOS-provided physical RAM map:
 [    0.000000] BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
 [    0.000000] BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
 [    0.000000] BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
-[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
+[    0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000bffd9fff] usable
-[    0.000000] BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
+[    0.000000] BIOS-e820: [mem 0x00000000bffda000-0x00000000bfffffff] reserved
-[    0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
+[    0.000000] BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
-[    0.000000] BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
 [    0.000000] BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
-[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable
+[    0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] usable
 [    0.000000] NX (Execute Disable) protection: active
-[    0.000000] SMBIOS 2.5 present.
+[    0.000000] SMBIOS 2.8 present.
-[    0.000000] DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+[    0.000000] DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
 [    0.000000] Hypervisor detected: KVM
+[    0.000000] kvm-clock: Using msrs 4b564d01 and 4b564d00
+[    0.000001] kvm-clock: using sched offset of 11342917026 cycles
+[    0.000003] clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
+[    0.000010] tsc: Detected 2099.998 MHz processor
+[    0.001013] e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
+[    0.001016] e820: remove [mem 0x000a0000-0x000fffff] usable
+[    0.001021] last_pfn = 0x240000 max_arch_pfn = 0x400000000
+[    0.001058] MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
+[    0.001061] x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
+[    0.001103] last_pfn = 0xbffda max_arch_pfn = 0x400000000
+[    0.009594] found SMP MP-table at [mem 0x000f5bc0-0x000f5bcf]
+[    0.009621] Using GB pages for direct mapping
+[    0.009825] RAMDISK: [mem 0x3149c000-0x34a45fff]
+[    0.009836] ACPI: Early table checksum verification disabled
+[    0.009849] ACPI: RSDP 0x00000000000F5980 000014 (v00 BOCHS )
+[    0.009857] ACPI: RSDT 0x00000000BFFE300C 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009870] ACPI: FACP 0x00000000BFFE2DDE 000074 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009876] ACPI: DSDT 0x00000000BFFDF040 003D9E (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009881] ACPI: FACS 0x00000000BFFDF000 000040
+[    0.009885] ACPI: APIC 0x00000000BFFE2E52 000090 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009889] ACPI: SSDT 0x00000000BFFE2EE2 0000CA (v01 BOCHS  VMGENID  00000001 BXPC 00000001)
+[    0.009893] ACPI: HPET 0x00000000BFFE2FAC 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009898] ACPI: WAET 0x00000000BFFE2FE4 000028 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+[    0.009901] ACPI: Reserving FACP table memory at [mem 0xbffe2dde-0xbffe2e51]
+[    0.009902] ACPI: Reserving DSDT table memory at [mem 0xbffdf040-0xbffe2ddd]
+[    0.009903] ACPI: Reserving FACS table memory at [mem 0xbffdf000-0xbffdf03f]
+[    0.009904] ACPI: Reserving APIC table memory at [mem 0xbffe2e52-0xbffe2ee1]
+[    0.009905] ACPI: Reserving SSDT table memory at [mem 0xbffe2ee2-0xbffe2fab]
+[    0.009906] ACPI: Reserving HPET table memory at [mem 0xbffe2fac-0xbffe2fe3]
+[    0.009906] ACPI: Reserving WAET table memory at [mem 0xbffe2fe4-0xbffe300b]
+[    0.010241] No NUMA configuration found
 --More--
+[q]
 </code>
@@ Ligne 94: / Ligne 131: @@
 <code>
-[root@centos8 ~]# dmesg --help
+[root@redhat9 ~]# dmesg --help
 Usage:
@@ Ligne 117: / Ligne 154: @@
  -p, --force-prefix          force timestamp output on each line of multi-line messages
  -r, --raw                   print the raw message buffer
+     --noescape              don't escape unprintable character
  -S, --syslog                force to use syslog(2) rather than /dev/kmsg
  -s, --buffer-size <size>    buffer size to query the kernel ring buffer
  -u, --userspace             display userspace messages
  -w, --follow                wait for new messages
+ -W, --follow-new            wait and print only new messages
  -x, --decode                decode facility and level to readable string
  -d, --show-delta            show time delta between printed messages
@@ Ligne 129: / Ligne 168: @@
                                [delta|reltime|ctime|notime|iso]
 Suspending/resume will make ctime and iso timestamps inaccurate.
+     --since <time>          display the lines since the specified time
+     --until <time>          display the lines until the specified time
  -h, --help                  display this help
@@ Ligne 163: / Ligne 204: @@
 <code>
-[root@centos8 ~]# last
+[root@redhat9 ~]# last
-trainee  pts/0        10.0.2.2         Thu Jun  3 09:01   still logged in
+trainee  pts/1        10.0.2.1         Sat Sep 28 08:43   still logged in
-reboot   system boot  4.18.0-240.22.1. Thu Jun  3 09:01   still running
+trainee  pts/0        10.0.2.1         Sat Sep 28 08:09   still logged in
-trainee  pts/0        10.0.2.2         Wed Jun  2 12:07 - crash  (20:54)
+trainee  pts/0        10.0.2.1         Fri Sep 27 08:02 - 17:23  (09:20)
-trainee  pts/0        10.0.2.2         Wed Jun  2 11:16 - 12:06  (00:50)
+trainee  pts/0        10.0.2.1         Fri Sep 27 07:49 - 08:02  (00:13)
-reboot   system boot  4.18.0-240.22.1. Wed Jun  2 11:12   still running
+trainee  pts/0        10.0.2.1         Thu Sep 26 12:20 - 15:44  (03:23)
-trainee  pts/0        10.0.2.2         Wed Jun  2 11:13 - 11:14  (00:01)
+trainee  pts/0        10.0.2.1         Wed Sep 25 12:47 - 17:31  (04:44)
-reboot   system boot  4.18.0-240.22.1. Wed Jun  2 11:10 - 11:14  (00:04)
+reboot   system boot  5.14.0-427.37.1. Wed Sep 25 12:44   still running
-trainee  pts/0        10.0.2.2         Wed Jun  2 11:08 - 11:12  (00:04)
+reboot   system boot  5.14.0-427.37.1. Wed Sep 25 12:29   still running
-reboot   system boot  4.18.0-240.22.1. Wed Jun  2 11:04 - 11:12  (00:07)
+trainee  pts/0        10.0.2.1         Wed Sep 25 11:35 - 12:29  (00:54)
-trainee  pts/0        10.0.2.2         Wed Jun  2 06:40 - 11:06  (04:26)
+trainee  pts/0        10.0.2.1         Wed Sep 25 10:14 - 10:50  (00:35)
-trainee  pts/0        10.0.2.2         Wed Jun  2 06:39 - 06:39  (00:00)
+reboot   system boot  5.14.0-284.11.1. Wed Sep 25 10:14 - 12:29  (02:15)
-reboot   system boot  4.18.0-240.22.1. Wed Jun  2 06:07 - 11:07  (04:59)
+trainee  pts/1        10.0.2.99        Thu Oct 19 18:35 - 18:35  (00:00)
-trainee  pts/1        10.0.2.2         Wed May 26 16:51 - crash (6+13:15)
+trainee  tty2         tty2             Thu Oct 19 18:28 - crash (341+15:45)
-trainee  pts/0        10.0.2.2         Wed May 26 10:37 - 18:50  (08:13)
+trainee  seat0        login screen     Thu Oct 19 18:28 - crash (341+15:45)
-trainee  pts/0        10.0.2.2         Wed May 26 08:48 - 10:36  (01:48)
+reboot   system boot  5.14.0-284.11.1. Thu Oct 19 18:27 - 12:29 (341+18:02)
-trainee  tty1                          Wed May 26 08:47 - crash (6+21:19)
-reboot   system boot  4.18.0-240.22.1. Wed May 26 08:44 - 11:07 (7+02:22)
-trainee  pts/0        10.0.2.2         Wed Apr 21 07:23 - 19:14  (11:51)
-trainee  pts/0        10.0.2.2         Tue Apr 20 23:13 - 07:22  (08:08)
-trainee  pts/1                         Tue Apr 20 10:59 - 11:00  (00:00)
-trainee  pts/0        10.0.2.2         Tue Apr 20 09:59 - 23:13  (13:13)
-trainee  pts/1        10.0.2.2         Tue Apr 20 04:10 - 04:29  (00:19)
-trainee  pts/0        10.0.2.2         Tue Apr 20 02:21 - 09:57  (07:36)
-trainee  tty1                          Tue Apr 20 02:17 - crash (36+06:26)
-trainee  pts/0        10.0.2.2         Mon Apr 19 13:55 - 02:17  (12:22)
-trainee  pts/0        10.0.2.2         Mon Apr 19 12:05 - 13:47  (01:42)
-reboot   system boot  4.18.0-240.22.1. Mon Apr 19 12:05 - 11:07 (43+23:01)
-trainee  pts/0        10.0.2.2         Mon Apr 19 11:40 - crash  (00:24)
-reboot   system boot  4.18.0-147.8.1.e Mon Apr 19 11:37 - 11:07 (43+23:29)
-trainee  pts/0        10.0.2.2         Tue Sep  1 09:59 - 11:10  (01:10)
-reboot   system boot  4.18.0-147.8.1.e Tue Sep  1 09:58 - 11:10  (01:11)
-reboot   system boot  4.18.0-147.8.1.e Fri May  8 08:13 - 11:10 (116+02:56)
-wtmp begins Fri May  8 08:13:49 2020
+wtmp begins Thu Oct 19 18:27:17 2023
 </code>
@@ Ligne 203: / Ligne 227: @@
 <code>
-[root@centos8 ~]# last --help
+[root@redhat9 ~]# last --help
 Usage:
@@ Ligne 238: / Ligne 262: @@
 <code>
-[root@centos8 ~]# lastlog
+[root@redhat9 ~]# lastlog
-Username         Port     From             Latest
+Username         Port     From                                       Latest
-root             pts/0                     Thu Jun  3 09:01:46 -0400 2021
+root             pts/1                                              Sat Sep 28 08:43:22 +0200 2024
-bin                                        **Never logged in**
+bin                                                                 **Never logged in**
-daemon                                     **Never logged in**
+daemon                                                              **Never logged in**
-adm                                        **Never logged in**
+adm                                                                 **Never logged in**
-lp                                         **Never logged in**
+lp                                                                  **Never logged in**
-sync                                       **Never logged in**
+sync                                                                **Never logged in**
-shutdown                                   **Never logged in**
+shutdown                                                            **Never logged in**
-halt                                       **Never logged in**
+halt                                                                **Never logged in**
-mail                                       **Never logged in**
+mail                                                                **Never logged in**
-operator                                   **Never logged in**
+operator                                                            **Never logged in**
-games                                      **Never logged in**
+games                                                               **Never logged in**
-ftp                                        **Never logged in**
+ftp                                                                 **Never logged in**
-nobody                                     **Never logged in**
+nobody                                                              **Never logged in**
-dbus                                       **Never logged in**
+systemd-coredump                                                    **Never logged in**
-systemd-coredump                           **Never logged in**
+dbus                                                                **Never logged in**
-systemd-resolve                            **Never logged in**
+polkitd                                                             **Never logged in**
-tss                                        **Never logged in**
+avahi                                                               **Never logged in**
-polkitd                                    **Never logged in**
+tss                                                                 **Never logged in**
-unbound                                    **Never logged in**
+colord                                                              **Never logged in**
-libstoragemgmt                             **Never logged in**
+clevis                                                              **Never logged in**
-cockpit-ws                                 **Never logged in**
+rtkit                                                               **Never logged in**
-sssd                                       **Never logged in**
+sssd                                                                **Never logged in**
-setroubleshoot                             **Never logged in**
+geoclue                                                             **Never logged in**
-sshd                                       **Never logged in**
+libstoragemgmt                                                      **Never logged in**
-chrony                                     **Never logged in**
+systemd-oom                                                         **Never logged in**
-tcpdump                                    **Never logged in**
+setroubleshoot                                                      **Never logged in**
-trainee          pts/0    10.0.2.2         Thu Jun  3 09:01:39 -0400 2021
+pipewire                                                            **Never logged in**
-cockpit-wsinstance                           **Never logged in**
+flatpak                                                             **Never logged in**
-rngd                                       **Never logged in**
+gdm              tty1                                               Thu Sep 26 14:55:01 +0200 2024
-gluster                                    **Never logged in**
+cockpit-ws                                                          **Never logged in**
-qemu                                       **Never logged in**
+cockpit-wsinstance                                                    **Never logged in**
-rpc                                        **Never logged in**
+gnome-initial-setup                                                    **Never logged in**
-rpcuser                                    **Never logged in**
+sshd                                                                **Never logged in**
-saslauth                                   **Never logged in**
+chrony                                                              **Never logged in**
-radvd                                      **Never logged in**
+dnsmasq                                                             **Never logged in**
-dnsmasq                                    **Never logged in**
+tcpdump                                                             **Never logged in**
-fenestros2       pts/0                     Tue Apr 20 15:20:26 -0400 2021
+trainee          pts/1    10.0.2.1                                  Sat Sep 28 08:43:17 +0200 2024
-fenestros1                                 **Never logged in**
+apache                                                              **Never logged in**
-apache                                     **Never logged in**
+fenestros2       pts/0                                              Fri Sep 27 14:22:01 +0200 2024
+fenestros1                                                          **Never logged in**
 </code>
@@ Ligne 284: / Ligne 309: @@
 <code>
-[root@centos8 ~]# lastlog --help
+[root@redhat9 ~]# lastlog --help
 Usage: lastlog [options]
@@ Ligne 302: / Ligne 327: @@
 <code>
-[root@centos8 ~]# lastb
+[root@redhat9 ~]# lastb
-trainee  tty1                          Thu Jun  3 09:51 - 09:51  (00:00)
+root     pts/0                         Wed Sep 25 11:41 - 11:41  (00:00)
-trainee  tty1                          Thu Jun  3 09:51 - 09:51  (00:00)
+root     pts/0                         Thu Oct 19 18:29 - 18:29  (00:00)
-trqinee  tty1                          Thu Jun  3 09:51 - 09:51  (00:00)
-btmp begins Thu Jun  3 09:51:07 2021
+btmp begins Thu Oct 19 18:29:22 2023
 </code>
@@ Ligne 313: / Ligne 337: @@
 <code>
-[root@centos8 ~]# lastb --help
+[root@redhat9 ~]# lastb --help
 Usage:
@@ Ligne 345: / Ligne 369: @@
 ====1.4 - Le Fichier /var/log/secure====
-Sous RHEL/CentOS ce fichier contient la journalisation des opérations de gestion des authentifications :
+Sous RHEL 9 ce fichier contient la journalisation des opérations de gestion des authentifications :
 <code>
-[root@centos8 ~]# tail -n 15 /var/log/secure
+[root@redhat9 ~]# tail -n 15 /var/log/secure
-Jun  3 09:01:20 centos8 sshd[905]: Server listening on :: port 22.
+Sep 27 14:08:31 redhat9 passwd[10515]: gkr-pam: couldn't update the login keyring password: no old password was entered
-Jun  3 09:01:39 centos8 sshd[1585]: Accepted password for trainee from 10.0.2.2 port 52734 ssh2
+Sep 27 14:21:40 redhat9 su[10537]: pam_unix(su:session): session opened for user fenestros2(uid=1001) by trainee(uid=0)
-Jun  3 09:01:39 centos8 systemd[1590]: pam_unix(systemd-user:session): session opened for user trainee by (uid=0)
+Sep 27 14:21:50 redhat9 su[10537]: pam_unix(su:session): session closed for user fenestros2
-Jun  3 09:01:39 centos8 sshd[1585]: pam_unix(sshd:session): session opened for user trainee by (uid=0)
+Sep 27 14:22:01 redhat9 su[10561]: pam_unix(su-l:session): session opened for user fenestros2(uid=1001) by trainee(uid=0)
-Jun  3 09:01:46 centos8 su[1627]: pam_systemd(su-l:session): Cannot create session: Already running in a session or user slice
+Sep 27 14:23:49 redhat9 su[10561]: pam_unix(su-l:session): session closed for user fenestros2
-Jun  3 09:01:46 centos8 su[1627]: pam_unix(su-l:session): session opened for user root by trainee(uid=1000)
+Sep 27 17:23:32 redhat9 sshd[9392]: Received disconnect from 10.0.2.1 port 37560:11: disconnected by user
-Jun  3 09:51:05 centos8 login[1158]: pam_unix(login:auth): check pass; user unknown
+Sep 27 17:23:32 redhat9 sshd[9392]: Disconnected from user trainee 10.0.2.1 port 37560
-Jun  3 09:51:05 centos8 login[1158]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
+Sep 27 17:23:32 redhat9 sshd[9357]: pam_unix(sshd:session): session closed for user trainee
-Jun  3 09:51:07 centos8 login[1158]: FAILED LOGIN 1 FROM tty1 FOR trqinee, Authentication failure
+Sep 27 17:23:32 redhat9 su[10062]: pam_unix(su-l:session): session closed for user root
-Jun  3 09:51:18 centos8 unix_chkpwd[2400]: password check failed for user (trainee)
+Sep 28 08:09:13 redhat9 sshd[11965]: Accepted password for trainee from 10.0.2.1 port 42238 ssh2
-Jun  3 09:51:18 centos8 login[1158]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=  user=trainee
+Sep 28 08:09:13 redhat9 systemd[11972]: pam_unix(systemd-user:session): session opened for user trainee(uid=1000) by trainee(uid=0)
-Jun  3 09:51:20 centos8 login[1158]: FAILED LOGIN 2 FROM tty1 FOR trainee, Authentication failure
+Sep 28 08:09:13 redhat9 sshd[11965]: pam_unix(sshd:session): session opened for user trainee(uid=1000) by trainee(uid=0)
-Jun  3 09:51:45 centos8 login[1158]: pam_unix(login:auth): check pass; user unknown
+Sep 28 08:43:17 redhat9 sshd[12053]: Accepted password for trainee from 10.0.2.1 port 33994 ssh2
-Jun  3 09:51:45 centos8 login[1158]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty1 ruser= rhost=
+Sep 28 08:43:17 redhat9 sshd[12053]: pam_unix(sshd:session): session opened for user trainee(uid=1000) by trainee(uid=0)
-Jun  3 09:51:47 centos8 login[1158]: FAILED LOGIN SESSION FROM tty1 FOR trainee  , Authentication failure
+Sep 28 08:43:22 redhat9 su[12102]: pam_unix(su-l:session): session opened for user root(uid=0) by trainee(uid=1000)
 </code>
@@ Ligne 370: / Ligne 394: @@
 ===Le fichier /var/log/audit/audit.log===
-Ce fichier contient les messages du système d'audit, appelés des **événements**. Le système audit est installé par défaut dans RHEL/CentOS par le paquet **audit**. Le système audit collectionne des informations telles :
+Ce fichier contient les messages du système d'audit, appelés des **événements**. Le système audit est installé par défaut dans RHEL 9 par le paquet **audit**. Le système audit collectionne des informations telles :
   * des appels système,
@@ Ligne 379: / Ligne 403: @@
 <code>
-[root@centos8 ~]# tail -n 15 /var/log/audit/audit.log
+[root@redhat9 ~]# tail -n 15 /var/log/audit/audit.log
-type=PROCTITLE msg=audit(1622728321.894:455): proctitle=2F7573722F7362696E2F63726F6E64002D6E
+type=CRYPTO_KEY_USER msg=audit(1727528067.947:1046): pid=12618 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:f7:28:a0:3a:d4:ca:78:e9:ac:1a:21:98:58:c9:77:6d:88:8b:6c:65:09:71:5d:4c:7b:7f:1c:05:e9:0c:4e direction=? spid=12618 suid=0  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="trainee" SUID="root"
-type=USER_START msg=audit(1622728321.901:456): pid=2420 uid=0 auid=1000 ses=53 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=CRED_ACQ msg=audit(1727528067.948:1047): pid=12618 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/sshd" hostname=10.0.2.1 addr=10.0.2.1 terminal=ssh res=success'UID="root" AUID="trainee"
-type=CRED_REFR msg=audit(1622728321.902:457): pid=2420 uid=0 auid=1000 ses=53 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=USER_LOGIN msg=audit(1727528067.994:1048): pid=12613 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.2.1 terminal=/dev/pts/1 res=success'UID="root" AUID="trainee" ID="trainee"
-type=CRED_DISP msg=audit(1622728321.908:458): pid=2420 uid=0 auid=1000 ses=53 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=USER_START msg=audit(1727528067.994:1049): pid=12613 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=10.0.2.1 terminal=/dev/pts/1 res=success'UID="root" AUID="trainee" ID="trainee"
-type=USER_END msg=audit(1622728321.910:459): pid=2420 uid=0 auid=1000 ses=53 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=CRYPTO_KEY_USER msg=audit(1727528067.996:1050): pid=12613 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:93:f7:28:a0:3a:d4:ca:78:e9:ac:1a:21:98:58:c9:77:6d:88:8b:6c:65:09:71:5d:4c:7b:7f:1c:05:e9:0c:4e direction=? spid=12628 suid=1000  exe="/usr/sbin/sshd" hostname=? addr=? terminal=? res=success'UID="root" AUID="trainee" SUID="trainee"
-type=SERVICE_STOP msg=audit(1622728330.965:460): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=fprintd comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
+type=BPF msg=audit(1727528068.011:1051): prog-id=189 op=LOAD
-type=USER_ACCT msg=audit(1622728381.954:461): pid=2439 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localuser acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=BPF msg=audit(1727528068.011:1052): prog-id=190 op=LOAD
-type=CRED_ACQ msg=audit(1622728381.954:462): pid=2439 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="unset"
+type=SERVICE_START msg=audit(1727528068.076:1053): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=LOGIN msg=audit(1622728381.954:463): pid=2439 uid=0 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 old-auid=4294967295 auid=1000 tty=(none) old-ses=4294967295 ses=54 res=1UID="root" OLD-AUID="unset" AUID="trainee"
+type=USER_AUTH msg=audit(1727528075.273:1054): pid=12662 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="trainee" AUID="trainee"
-type=SYSCALL msg=audit(1622728381.954:463): arch=c000003e syscall=1 success=yes exit=4 a0=7 a1=7ffdcd7a6d50 a2=4 a3=0 items=0 ppid=1126 pid=2439 auid=1000 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=(none) ses=54 comm="crond" exe="/usr/sbin/crond" subj=system_u:system_r:crond_t:s0-s0:c0.c1023 key=(null)ARCH=x86_64 SYSCALL=write AUID="trainee" UID="root" GID="root" EUID="root" SUID="root" FSUID="root" EGID="root" SGID="root" FSGID="root"
+type=USER_ACCT msg=audit(1727528075.276:1055): pid=12662 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="trainee" AUID="trainee"
-type=PROCTITLE msg=audit(1622728381.954:463): proctitle=2F7573722F7362696E2F63726F6E64002D6E
+type=CRED_ACQ msg=audit(1727528075.277:1056): pid=12662 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="trainee" AUID="trainee"
-type=USER_START msg=audit(1622728381.960:464): pid=2439 uid=0 auid=1000 ses=54 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=USER_START msg=audit(1727528075.281:1057): pid=12662 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'UID="trainee" AUID="trainee"
-type=CRED_REFR msg=audit(1622728381.962:465): pid=2439 uid=0 auid=1000 ses=54 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=SERVICE_STOP msg=audit(1727528105.326:1058): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='unit=systemd-hostnamed comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'UID="root" AUID="unset"
-type=CRED_DISP msg=audit(1622728381.966:466): pid=2439 uid=0 auid=1000 ses=54 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_localuser,pam_unix acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=BPF msg=audit(1727528105.369:1059): prog-id=190 op=UNLOAD
-type=USER_END msg=audit(1622728381.968:467): pid=2439 uid=0 auid=1000 ses=54 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_keyinit,pam_limits,pam_systemd acct="trainee" exe="/usr/sbin/crond" hostname=? addr=? terminal=cron res=success'UID="root" AUID="trainee"
+type=BPF msg=audit(1727528105.369:1060): prog-id=189 op=UNLOAD
 </code>
@@ Ligne 404: / Ligne 428: @@
 <code>
-[root@centos8 ~]# cat /etc/audit/auditd.conf
+[root@redhat9 ~]# cat /etc/audit/auditd.conf
 #
 # This file controls the configuration of the audit daemon
@@ Ligne 440: / Ligne 464: @@
 ##krb5_key_file = /etc/audit/audit.key
 distribute_network = no
-q_depth = 400
+q_depth = 2000
 overflow_action = SYSLOG
 max_restarts = 10
 plugin_dir = /etc/audit/plugins.d
+end_of_event_timeout = 2
 </code>
@@ Ligne 449: / Ligne 474: @@
 <code>
-[root@centos8 ~]# auditd --help
+[root@redhat9 ~]# auditd --help
 auditd: unrecognized option '--help'
 Usage: auditd [-f] [-l] [-n] [-s disable|enable|nochange] [-c <config_file>]
@@ Ligne 459: / Ligne 484: @@
 <code>
-[root@centos8 ~]# cat /etc/audit/audit.rules
+[root@redhat9 ~]# cat /etc/audit/audit.rules
 ## This file is automatically generated from /etc/audit/rules.d
 -D
@@ Ligne 465: / Ligne 490: @@
 -f 1
 --backlog_wait_time 60000
+[root@redhat9 ~]# ls -l /etc/audit/rules.d
+total 4
+-rw-------. 1 root root 244 Oct 19  2023 audit.rules
+[root@redhat9 ~]# cat /etc/audit/rules.d/audit.rules
+## First rule - delete all
+-D
+## Increase the buffers to survive stress events.
+## Make this bigger for busy systems
+-b 8192
+## This determine how long to wait in burst of events
+--backlog_wait_time 60000
+## Set failure mode to syslog
+-f 1
 </code>
@@ Ligne 471: / Ligne 514: @@
 <code>
-[root@centos8 ~]# auditctl --help
+[root@redhat9 ~]# auditctl -h
 usage: auditctl [options]
-    -a <l,a>            Append rule to end of <l>ist with <a>ction
+    -a <l,a>                          Append rule to end of <l>ist with <a>ction
-    -A <l,a>            Add rule at beginning of <l>ist with <a>ction
+    -A <l,a>                          Add rule at beginning of <l>ist with <a>ction
-    -b <backlog>        Set max number of outstanding audit buffers
+    -b <backlog>                      Set max number of outstanding audit buffers
-                        allowed Default=64
+                                      allowed Default=64
-    -c                  Continue through errors in rules
+    -c                                Continue through errors in rules
-    -C f=f              Compare collected fields if available:
+    -C f=f                            Compare collected fields if available:
-                        Field name, operator(=,!=), field name
+                                      Field name, operator(=,!=), field name
-    -d <l,a>            Delete rule from <l>ist with <a>ction
+    -d <l,a>                          Delete rule from <l>ist with <a>ction
-                        l=task,exit,user,exclude
+                                      l=task,exit,user,exclude,filesystem
-                        a=never,always
+                                      a=never,always
-    -D                  Delete all rules and watches
+    -D                                Delete all rules and watches
-    -e [0..2]           Set enabled flag
+    -e [0..2]                         Set enabled flag
-    -f [0..2]           Set failure flag
+    -f [0..2]                         Set failure flag
 =silent 1=printk 2=panic
-    -F f=v              Build rule: field name, operator(=,!=,<,>,<=,
+    -F f=v                            Build rule: field name, operator(=,!=,<,>,<=,
-                        >=,&,&=) value
+                                      >=,&,&=) value
-    -h                  Help
+    -h                                Help
-    -i                  Ignore errors when reading rules from file
+    -i                                Ignore errors when reading rules from file
-    -k <key>            Set filter key on audit rule
+    -k <key>                          Set filter key on audit rule
-    -l                  List rules
+    -l                                List rules
-    -m text             Send a user-space message
+    -m text                           Send a user-space message
-    -p [r|w|x|a]        Set permissions filter on watch
+    -p [r|w|x|a]                      Set permissions filter on watch
-                        r=read, w=write, x=execute, a=attribute
+                                      r=read, w=write, x=execute, a=attribute
-    -q <mount,subtree>  make subtree part of mount point's dir watches
+    -q <mount,subtree>                make subtree part of mount point's dir watches
-    -r <rate>           Set limit in messages/sec (0=none)
+    -r <rate>                         Set limit in messages/sec (0=none)
-    -R <file>           read rules from file
+    -R <file>                         read rules from file
-    -s                  Report status
+    -s                                Report status
-    -S syscall          Build rule: syscall name or number
+    -S syscall                        Build rule: syscall name or number
-    -t                  Trim directory watches
+    --signal <signal>                 Send the specified signal to the daemon
-    -v                  Version
+    -t                                Trim directory watches
-    -w <path>           Insert watch at <path>
+    -v                                Version
-    -W <path>           Remove watch at <path>
+    -w <path>                         Insert watch at <path>
-    --loginuid-immutable  Make loginuids unchangeable once set
+    -W <path>                         Remove watch at <path>
-    --backlog_wait_time  Set the kernel backlog_wait_time
+    --loginuid-immutable              Make loginuids unchangeable once set
-    --reset-lost         Reset the lost record counter
+    --backlog_wait_time               Set the kernel backlog_wait_time
+    --reset-lost                      Reset the lost record counter
+    --reset_backlog_wait_time_actual  Reset the actual backlog wait time counter
+There was an error while processing parameters
 </code>
@@ Ligne 519: / Ligne 565: @@
 <code>
-[root@centos8 ~]# aureport
+[root@redhat9 ~]# aureport
 Summary Report
 ======================
-Range of time in logs: 05/08/2020 08:13:52.320 - 06/03/2021 10:20:02.028
+Range of time in logs: 10/19/2023 18:27:19.140 - 09/28/2024 14:57:20.231
-Selected time for report: 05/08/2020 08:13:52 - 06/03/2021 10:20:02.028
+Selected time for report: 10/19/2023 18:27:19 - 09/28/2024 14:57:20.231
-Number of changes in configuration: 46
+Number of changes in configuration: 72
-Number of changes to accounts, groups, or roles: 56
+Number of changes to accounts, groups, or roles: 30
-Number of logins: 21
+Number of logins: 12
-Number of failed logins: 5
+Number of failed logins: 0
-Number of authentications: 50
+Number of authentications: 43
-Number of failed authentications: 8
+Number of failed authentications: 11
-Number of users: 3
+Number of users: 4
-Number of terminals: 10
+Number of terminals: 9
 Number of host names: 4
-Number of executables: 22
+Number of executables: 21
 Number of commands: 11
 Number of files: 0
 Number of AVC's: 0
-Number of MAC events: 35
+Number of MAC events: 41
 Number of failed syscalls: 0
-Number of anomaly events: 7
+Number of anomaly events: 0
 Number of responses to anomaly events: 0
-Number of crypto events: 287
+Number of crypto events: 104
 Number of integrity events: 0
 Number of virt events: 0
 Number of keys: 0
-Number of process IDs: 616
+Number of process IDs: 158
-Number of events: 6030
+Number of events: 2567
 </code>
@@ Ligne 553: / Ligne 599: @@
 <code>
-[root@centos8 ~]# aureport --help
+[root@redhat9 ~]# aureport --help
 usage: aureport [options]
-	-a,--avc			Avc report
+        -a,--avc                        Avc report
-	-au,--auth			Authentication report
+        -au,--auth                      Authentication report
-	--comm				Commands run report
+        --comm                          Commands run report
-	-c,--config			Config change report
+        -c,--config                     Config change report
-	-cr,--crypto			Crypto report
+        -cr,--crypto                    Crypto report
-	-e,--event			Event report
+        --debug                         Write malformed events that are skipped to stderr
-	-f,--file			File name report
+        --eoe-timeout secs              End of Event Timeout
-	--failed			only failed events in report
+        -e,--event                      Event report
-	-h,--host			Remote Host name report
+        --escape option                 Escape output
-	--help				help
+        -f,--file                       File name report
-	-i,--interpret			Interpretive mode
+        --failed                        only failed events in report
-	-if,--input <Input File name>	use this file as input
+        -h,--host                       Remote Host name report
-	--input-logs			Use the logs even if stdin is a pipe
+        --help                          help
-	--integrity			Integrity event report
+        -i,--interpret                  Interpretive mode
-	-l,--login			Login report
+        -if,--input <Input File name>   use this file as input
-	-k,--key			Key report
+        --input-logs                    Use the logs even if stdin is a pipe
-	-m,--mods			Modification to accounts report
+        --integrity                     Integrity event report
-	-ma,--mac			Mandatory Access Control (MAC) report
+        -k,--key                        Key report
-	-n,--anomaly			aNomaly report
+        -l,--login                      Login report
-	-nc,--no-config			Don't include config events
+        -m,--mods                       Modification to accounts report
-	--node <node name>		Only events from a specific node
+        -ma,--mac                       Mandatory Access Control (MAC) report
-	-p,--pid			Pid report
+        -n,--anomaly                    aNomaly report
-	-r,--response			Response to anomaly report
+        -nc,--no-config                 Don't include config events
-	-s,--syscall			Syscall report
+        --node <node name>              Only events from a specific node
-	--success			only success events in report
+        -p,--pid                        Pid report
-	--summary			sorted totals for main object in report
+        -r,--response                   Response to anomaly report
-	-t,--log			Log time range report
+        -s,--syscall                    Syscall report
-	-te,--end [end date] [end time]	ending date & time for reports
+        --success                       only success events in report
-	-tm,--terminal			TerMinal name report
+        --summary                       sorted totals for main object in report
-	-ts,--start [start date] [start time]	starting data & time for reports
+        -t,--log                        Log time range report
-	--tty				Report about tty keystrokes
+        -te,--end [end date] [end time] ending date & time for reports
-	-u,--user			User name report
+        -tm,--terminal                  TerMinal name report
-	-v,--version			Version
+        -ts,--start [start date] [start time]   starting data & time for reports
-	--virt				Virtualization report
+        --tty                           Report about tty keystrokes
-	-x,--executable			eXecutable name report
+        -u,--user                       User name report
-	If no report is given, the summary report will be displayed
+        -v,--version                    Version
+        --virt                          Virtualization report
+        -x,--executable                 eXecutable name report
+        If no report is given, the summary report will be displayed
 </code>
@@ Ligne 598: / Ligne 647: @@
 <code>
-[root@centos8 ~]# ausearch -ui 1000 | more
+[root@redhat9 ~]# ausearch -ui 1000 | more
-----
-time->Tue Sep  1 11:05:28 2020
-type=USER_AUTH msg=audit(1598972728.209:77): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=localhost.locald
-omain addr=? terminal=pts/0 res=success'
 ----
-time->Tue Sep  1 11:05:28 2020
+time->Thu Oct 19 18:29:20 2023
-type=USER_ACCT msg=audit(1598972728.214:78): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/su" hostname=localh
+type=USER_AUTH msg=audit(1697732960.285:140): pid=6261 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/bin/su" hos
-ost.localdomain addr=? terminal=pts/0 res=success'
+tname=? addr=? terminal=/dev/pts/0 res=failed'
 ----
-time->Tue Sep  1 11:05:28 2020
+time->Thu Oct 19 18:29:31 2023
-type=CRED_ACQ msg=audit(1598972728.218:79): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=localhost.localdomain ad
+type=USER_AUTH msg=audit(1697732971.707:144): pid=6294 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/
-dr=? terminal=pts/0 res=success'
+su" hostname=? addr=? terminal=/dev/pts/0 res=success'
 ----
-time->Tue Sep  1 11:05:28 2020
+time->Thu Oct 19 18:29:31 2023
-type=USER_START msg=audit(1598972728.223:80): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask
+type=USER_ACCT msg=audit(1697732971.746:145): pid=6294 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe=
-,pam_xauth acct="root" exe="/usr/bin/su" hostname=localhost.localdomain addr=? terminal=pts/0 res=success'
+"/usr/bin/su" hostname=? addr=? terminal=/dev/pts/0 res=success'
 ----
-time->Tue Sep  1 11:10:13 2020
+time->Thu Oct 19 18:29:31 2023
-type=USER_END msg=audit(1598973013.687:87): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask,
+type=CRED_ACQ msg=audit(1697732971.747:146): pid=6294 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" host
-pam_xauth acct="root" exe="/usr/bin/su" hostname=localhost.localdomain addr=? terminal=pts/0 res=success'
+name=? addr=? terminal=/dev/pts/0 res=success'
 ----
-time->Tue Sep  1 11:10:13 2020
+time->Thu Oct 19 18:29:31 2023
-type=CRED_DISP msg=audit(1598973013.687:88): pid=1633 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=localhost.localdomain a
+type=USER_START msg=audit(1697732971.835:147): pid=6294 uid=1000 auid=1000 ses=3 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,p
-ddr=? terminal=pts/0 res=success'
+am_systemd,pam_unix,pam_umask,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/0 res=success'
 ----
-time->Mon Apr 19 11:48:01 2021
+time->Thu Oct 19 18:35:21 2023
-type=USER_AUTH msg=audit(1618847281.847:77): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=centos8.ittraini
+type=USER_AUTH msg=audit(1697733321.865:218): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/
-ng.loc addr=? terminal=pts/0 res=success'
+su" hostname=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 11:48:01 2021
+time->Thu Oct 19 18:35:21 2023
-type=USER_ACCT msg=audit(1618847281.847:78): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe="/usr/bin/su" hostname=centos
+type=USER_ACCT msg=audit(1697733321.905:219): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe=
-.ittraining.loc addr=? terminal=pts/0 res=success'
+"/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 11:48:01 2021
+time->Thu Oct 19 18:35:21 2023
-type=CRED_ACQ msg=audit(1618847281.847:79): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=centos8.ittraining.loc a
+type=CRED_ACQ msg=audit(1697733321.905:220): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" host
-ddr=? terminal=pts/0 res=success'
+name=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 11:48:01 2021
+time->Thu Oct 19 18:35:21 2023
-type=USER_START msg=audit(1618847281.883:80): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask
+type=USER_START msg=audit(1697733321.909:221): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,p
-,pam_xauth acct="root" exe="/usr/bin/su" hostname=centos8.ittraining.loc addr=? terminal=pts/0 res=success'
+am_systemd,pam_unix,pam_umask,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 12:04:39 2021
+time->Thu Oct 19 18:35:40 2023
-type=USER_END msg=audit(1618848279.544:541): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_umask
+type=USER_END msg=audit(1697733340.703:222): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pa
-,pam_xauth acct="root" exe="/usr/bin/su" hostname=centos8.ittraining.loc addr=? terminal=pts/0 res=success'
+m_systemd,pam_unix,pam_umask,pam_xauth acct="root" exe="/usr/bin/su" hostname=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 12:04:39 2021
+time->Thu Oct 19 18:35:40 2023
-type=CRED_DISP msg=audit(1618848279.544:542): pid=1768 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=centos8.ittraining.loc
+type=CRED_DISP msg=audit(1697733340.704:223): pid=6500 uid=1000 auid=1000 ses=6 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" hos
- addr=? terminal=pts/0 res=success'
+tname=? addr=? terminal=/dev/pts/1 res=success'
 ----
-time->Mon Apr 19 12:05:57 2021
+time->Wed Sep 25 10:15:06 2024
-type=USER_AUTH msg=audit(1618848357.204:69): pid=4892 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/bin/su" hostname=centos8.ittraining.loc
+type=USER_AUTH msg=audit(1727252106.538:115): pid=1963 uid=1000 auid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/
-addr=? terminal=pts/0 res=failed'
+su" hostname=? addr=? terminal=/dev/pts/0 res=success'
 ----
-time->Mon Apr 19 12:06:03 2021
+time->Wed Sep 25 10:15:06 2024
-type=USER_AUTH msg=audit(1618848363.134:70): pid=4901 uid=1000 auid=1000 ses=1 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="root" exe="/usr/bin/su" hostname=centos8.ittraini
+type=USER_ACCT msg=audit(1727252106.579:116): pid=1963 uid=1000 auid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix,pam_localuser acct="root" exe=
-ng.loc addr=? terminal=pts/0 res=success'
+"/usr/bin/su" hostname=? addr=? terminal=/dev/pts/0 res=success'
 ----
+time->Wed Sep 25 10:15:06 2024
+type=CRED_ACQ msg=audit(1727252106.579:117): pid=1963 uid=1000 auid=1000 ses=2 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/su" host
 --More--
+[q]
 </code>
@@ Ligne 662: / Ligne 710: @@
 <code>
-[root@centos8 ~]# ausearch --help
+[root@redhat9 ~]# ausearch --help
 usage: ausearch [options]
-	-a,--event <Audit event id>	search based on audit event id
+        -a,--event <Audit event id>     search based on audit event id
-	--arch <CPU>			search based on the CPU architecture
+        --arch <CPU>                    search based on the CPU architecture
-	-c,--comm  <Comm name>		search based on command line name
+        -c,--comm  <Comm name>          search based on command line name
-	--checkpoint <checkpoint file>	search from last complete event
+        --checkpoint <checkpoint file>  search from last complete event
-	--debug			Write malformed events that are skipped to stderr
+        --debug                 Write malformed events that are skipped to stderr
-	-e,--exit  <Exit code or errno>	search based on syscall exit code
+        -e,--exit  <Exit code or errno> search based on syscall exit code
-	-f,--file  <File name>		search based on file name
+        -escape <option>                escape output
-	--format [raw|default|interpret|csv|text] results format options
+        --eoe-timeout secs              End of Event timeout
-	-ga,--gid-all <all Group id>	search based on All group ids
+        --extra-keys                    add a final column with key information
-	-ge,--gid-effective <effective Group id>  search based on Effective
+        --extra-labels                  add columns of information about subject and object labels
-					group id
+        --extra-obj2                    add columns of information about a second object
-	-gi,--gid <Group Id>		search based on group id
+        --extra-time                    add columns of information about broken down time
-	-h,--help			help
+        -f,--file  <File name>          search based on file name
-	-hn,--host <Host Name>		search based on remote host name
+        --format [raw|default|interpret|csv|text] results format options
-	-i,--interpret			Interpret results to be human readable
+        -ga,--gid-all <all Group id>    search based on All group ids
-	-if,--input <Input File name>	use this file instead of current logs
+        -ge,--gid-effective <effective Group id>  search based on Effective
-	--input-logs			Use the logs even if stdin is a pipe
+                                        group id
-	--just-one			Emit just one event
+        -gi,--gid <Group Id>            search based on group id
-	-k,--key  <key string>		search based on key field
+        -h,--help                       help
-	-l, --line-buffered		Flush output on every line
+        -hn,--host <Host Name>          search based on remote host name
-	-m,--message  <Message type>	search based on message type
+        -i,--interpret                  Interpret results to be human readable
-	-n,--node  <Node name>		search based on machine's name
+        -if,--input <Input File name>   use this file instead of current logs
-	-o,--object  <SE Linux Object context> search based on context of object
+        --input-logs                    Use the logs even if stdin is a pipe
-	-p,--pid  <Process id>		search based on process id
+        --just-one                      Emit just one event
-	-pp,--ppid <Parent Process id>	search based on parent process id
+        -k,--key  <key string>          search based on key field
-	-r,--raw			output is completely unformatted
+        -l, --line-buffered             Flush output on every line
-	-sc,--syscall <SysCall name>	search based on syscall name or number
+        -m,--message  <Message type>    search based on message type
-	-se,--context <SE Linux context> search based on either subject or
+        -n,--node  <Node name>          search based on machine's name
-					 object
+        -o,--object  <SE Linux Object context> search based on context of object
-	--session <login session id>	search based on login session id
+        -p,--pid  <Process id>          search based on process id
-	-su,--subject <SE Linux context> search based on context of the Subject
+        -pp,--ppid <Parent Process id>  search based on parent process id
-	-sv,--success <Success Value>	search based on syscall or event
+        -r,--raw                        output is completely unformatted
-					success value
+        -sc,--syscall <SysCall name>    search based on syscall name or number
-	-te,--end [end date] [end time]	ending date & time for search
+        -se,--context <SE Linux context> search based on either subject or
-	-ts,--start [start date] [start time]	starting data & time for search
+                                         object
-	-tm,--terminal <TerMinal>	search based on terminal
+        --session <login session id>    search based on login session id
-	-ua,--uid-all <all User id>	search based on All user id's
+        -su,--subject <SE Linux context> search based on context of the Subject
-	-ue,--uid-effective <effective User id>  search based on Effective
+        -sv,--success <Success Value>   search based on syscall or event
-					user id
+                                        success value
-	-ui,--uid <User Id>		search based on user id
+        -te,--end [end date] [end time] ending date & time for search
-	-ul,--loginuid <login id>	search based on the User's Login id
+        -ts,--start [start date] [start time]   starting date & time for search
-	-uu,--uuid <guest UUID>		search for events related to the virtual
+        -tm,--terminal <TerMinal>       search based on terminal
-					machine with the given UUID.
+        -ua,--uid-all <all User id>     search based on All user id's
-	-v,--version			version
+        -ue,--uid-effective <effective User id>  search based on Effective
-	-vm,--vm-name <guest name>	search for events related to the virtual
+                                        user id
-					machine with the name.
+        -ui,--uid <User Id>             search based on user id
-	-w,--word			string matches are whole word
+        -ul,--loginuid <login id>       search based on the User's Login id
-	-x,--executable <executable name>  search based on executable name
+        -uu,--uuid <guest UUID>         search for events related to the virtual
+                                        machine with the given UUID.
+        -v,--version                    version
+        -vm,--vm-name <guest name>      search for events related to the virtual
+                                        machine with the name.
+        -w,--word                       string matches are whole word
+        -x,--executable <executable name>  search based on executable name
 </code>
@@ Ligne 723: / Ligne 777: @@
 <code>
-[root@centos8 ~]# tail -n 15 /var/log/messages
+[root@redhat9 ~]# tail -n 15 /var/log/messages
-Jun  3 10:15:01 centos8 systemd[1]: session-76.scope: Succeeded.
+Sep 28 13:33:57 redhat9 systemd[1]: dnf-makecache.service: Consumed 1.476s CPU time.
-Jun  3 10:16:01 centos8 systemd[1]: Started Session 77 of user trainee.
+Sep 28 13:35:04 redhat9 cupsd[5736]: REQUEST localhost - - "POST / HTTP/1.1" 200 182 Renew-Subscription successful-ok
-Jun  3 10:16:01 centos8 systemd[1]: session-77.scope: Succeeded.
+Sep 28 14:33:24 redhat9 cupsd[5736]: REQUEST localhost - - "POST / HTTP/1.1" 200 182 Renew-Subscription successful-ok
-Jun  3 10:17:01 centos8 systemd[1]: Started Session 78 of user trainee.
+Sep 28 14:54:27 redhat9 systemd-logind[5671]: New session 14 of user trainee.
-Jun  3 10:17:01 centos8 systemd[1]: session-78.scope: Succeeded.
+Sep 28 14:54:27 redhat9 systemd[1]: Started Session 14 of User trainee.
-Jun  3 10:18:01 centos8 systemd[1]: Started Session 79 of user trainee.
+Sep 28 14:54:28 redhat9 systemd[1]: Starting Hostname Service...
-Jun  3 10:18:01 centos8 systemd[1]: session-79.scope: Succeeded.
+Sep 28 14:54:28 redhat9 systemd[1]: Started Hostname Service.
-Jun  3 10:19:01 centos8 systemd[1]: Started Session 80 of user trainee.
+Sep 28 14:54:35 redhat9 su[12662]: (to root) trainee on pts/1
-Jun  3 10:19:01 centos8 systemd[1]: session-80.scope: Succeeded.
+Sep 28 14:55:05 redhat9 systemd[1]: systemd-hostnamed.service: Deactivated successfully.
-Jun  3 10:20:02 centos8 systemd[1]: Started Session 81 of user trainee.
+Sep 28 14:57:20 redhat9 systemd[1]: Starting Cleanup of Temporary Directories...
-Jun  3 10:20:02 centos8 systemd[1]: session-81.scope: Succeeded.
+Sep 28 14:57:20 redhat9 systemd[1]: systemd-tmpfiles-clean.service: Deactivated successfully.
-Jun  3 10:21:01 centos8 systemd[1]: Started Session 82 of user trainee.
+Sep 28 14:57:20 redhat9 systemd[1]: Finished Cleanup of Temporary Directories.
-Jun  3 10:21:01 centos8 systemd[1]: session-82.scope: Succeeded.
+Sep 28 14:57:20 redhat9 systemd[1]: run-credentials-systemd\x2dtmpfiles\x2dclean.service.mount: Deactivated successfully.
-Jun  3 10:22:01 centos8 systemd[1]: Started Session 83 of user trainee.
+Sep 28 15:02:37 redhat9 systemd[5851]: Starting Cleanup of User's Temporary Files and Directories...
-Jun  3 10:22:01 centos8 systemd[1]: session-83.scope: Succeeded.
+Sep 28 15:02:37 redhat9 systemd[5851]: Finished Cleanup of User's Temporary Files and Directories.
 </code>
@@ Ligne 751: / Ligne 805: @@
 <code>
-[root@centos8 ~]# ls -l /var/log
+[root@redhat9 ~]# ls -l /var/log
-total 2448
+total 1952
-drwxr-xr-x. 2 root   root      280 May  8  2020 anaconda
+drwxr-xr-x. 2 root   root     4096 Oct 19  2023 anaconda
-drwx------. 2 root   root       23 Apr 23  2020 audit
+drwx------. 2 root   root       23 Nov  8  2023 audit
--rw-------. 1 root   root        0 Jun  3 10:16 boot.log
+-rw-------. 1 root   root        0 Sep 26 00:00 boot.log
--rw-------. 1 root   root    19710 Apr 19 13:44 boot.log-20210419
+-rw-------. 1 root   root    68528 Sep 26 00:00 boot.log-20240926
--rw-------. 1 root   root     9548 May 26 09:35 boot.log-20210526
+-rw-rw----. 1 root   utmp      768 Sep 25 11:41 btmp
--rw-------. 1 root   root     9491 Jun  2 07:40 boot.log-20210602
+drwxr-x---. 2 chrony chrony      6 Jan 23  2024 chrony
--rw-------. 1 root   root    38555 Jun  3 10:16 boot.log-20210603
+-rw-------. 1 root   root    31832 Sep 28 15:01 cron
--rw-rw----. 1 root   utmp     1152 Jun  3 09:51 btmp
+drwxr-xr-x. 2 lp     sys        57 Jun 19 11:00 cups
--rw-rw----. 1 root   utmp      384 May 26 10:37 btmp-20210602
+-rw-r--r--. 1 root   root   150441 Sep 28 13:33 dnf.librepo.log
-drwxr-xr-x. 2 chrony chrony      6 Nov 19  2019 chrony
+-rw-r--r--. 1 root   root   672698 Sep 28 13:33 dnf.log
--rw-------. 1 root   root    35397 Jun  3 10:22 cron
+-rw-r--r--. 1 root   root    96613 Sep 28 13:33 dnf.rpm.log
--rw-------. 1 root   root     5652 Apr 19 13:01 cron-20210419
+-rw-r-----. 1 root   root        0 Oct 19  2023 firewalld
--rw-------. 1 root   root    16279 May 26 09:01 cron-20210526
+drwx--x--x. 2 root   gdm         6 Jan 18  2024 gdm
--rw-------. 1 root   root     5117 Jun  2 07:01 cron-20210602
+-rw-r--r--. 1 root   root     4440 Sep 28 14:39 hawkey.log
--rw-------. 1 root   root    13577 Jun  3 10:12 dnf.librepo.log
+drwx------. 2 root   root       41 Sep 26 15:01 httpd
--rw-r--r--. 1 root   root    43871 Apr 19 13:15 dnf.librepo.log-20210419
+drwx------. 2 root   root        6 Feb 15  2024 insights-client
--rw-------. 1 root   root    89109 May 26 08:54 dnf.librepo.log-20210526
+-rw-------. 1 root   root     3942 Sep 26 14:55 kdump.log
--rw-------. 1 root   root    17737 Jun  2 07:18 dnf.librepo.log-20210602
+-rw-rw-r--. 1 root   utmp   293168 Sep 28 14:54 lastlog
--rw-r--r--. 1 root   root   749350 Jun  3 10:12 dnf.log
+-rw-------. 1 root   root        0 Oct 19  2023 maillog
--rw-r--r--. 1 root   root   138497 Jun  3 10:12 dnf.rpm.log
+-rw-------. 1 root   root   875426 Sep 28 15:02 messages
--rw-r-----. 1 root   root     3808 Jun  3 09:01 firewalld
+drwx------. 2 root   root        6 Oct 19  2023 private
-drwxr-xr-x. 2 root   root        6 Nov  3  2020 glusterfs
+drwxr-xr-x. 2 root   root        6 Aug 15 09:40 qemu-ga
--rw-------. 1 root   root      510 Jun  3 09:58 hawkey.log
+lrwxrwxrwx. 1 root   root       39 Oct 19  2023 README -> ../../usr/share/doc/systemd/README.logs
--rw-r--r--. 1 root   root      561 Apr 19 12:13 hawkey.log-20210419
+drwxr-xr-x. 2 root   root       43 Jan 18  2024 rhsm
--rw-------. 1 root   root     3927 May 26 08:54 hawkey.log-20210526
+drwx------. 3 root   root       17 May  1 21:13 samba
--rw-------. 1 root   root      306 Jun  2 06:17 hawkey.log-20210602
+-rw-------. 1 root   root    28327 Sep 28 14:54 secure
--rw-rw-r--. 1 root   utmp   293168 Jun  3 09:01 lastlog
+drwx------. 2 root   root        6 Aug 11  2021 speech-dispatcher
-drwx------. 3 root   root       18 Apr 19 12:07 libvirt
+-rw-------. 1 root   root        0 Oct 19  2023 spooler
--rw-------. 1 root   root        0 Jun  2 07:40 maillog
+drwxr-x---. 2 sssd   sssd       26 May 17 03:59 sssd
--rw-------. 1 root   root        0 May  8  2020 maillog-20210419
+-rw-------. 1 root   root        0 Oct 19  2023 tallylog
--rw-------. 1 root   root        0 Apr 19 13:44 maillog-20210526
+drwxr-xr-x. 2 root   root       23 Feb 22  2024 tuned
--rw-------. 1 root   root        0 May 26 09:35 maillog-20210602
+-rw-rw-r--. 1 root   utmp    12288 Sep 28 14:54 wtmp
--rw-------. 1 root   root   452404 Jun  3 10:22 messages
--rw-------. 1 root   root   397916 Apr 19 13:15 messages-20210419
--rw-------. 1 root   root   173289 May 26 09:19 messages-20210526
--rw-------. 1 root   root   123100 Jun  2 07:38 messages-20210602
-drwx------. 2 root   root        6 May  8  2020 private
-drwx------. 3 root   root       17 Aug 17  2020 samba
--rw-------. 1 root   root     6554 Jun  3 09:51 secure
--rw-------. 1 root   root    10835 Apr 19 12:07 secure-20210419
--rw-------. 1 root   root    11884 May 26 08:49 secure-20210526
--rw-------. 1 root   root     3633 Jun  2 06:40 secure-20210602
--rw-------. 1 root   root        0 Jun  2 07:40 spooler
--rw-------. 1 root   root        0 May  8  2020 spooler-20210419
--rw-------. 1 root   root        0 Apr 19 13:44 spooler-20210526
--rw-------. 1 root   root        0 May 26 09:35 spooler-20210602
-drwxr-x---. 2 sssd   sssd      270 Jun  3 10:16 sssd
-drwxr-xr-x. 3 root   root       21 Apr 19 12:07 swtpm
-drwxr-xr-x. 2 root   root       23 Jan  4 11:24 tuned
--rw-rw-r--. 1 root   utmp    34176 Jun  3 09:51 wtmp
 </code>
@@ Ligne 826: / Ligne 862: @@
   * transmettre les informations à une application liée à rsyslog via un tube (par exemple, **|logrotate**).
-Sous RHEL/CentOS, le daemon rsyslog est configuré par l'édition du fichier **/etc/sysconfig/rsyslog** :
+Sous RHEL 9, le daemon rsyslog est configuré par l'édition du fichier **/etc/sysconfig/rsyslog** :
 <code>
-[root@centos8 ~]# cat /etc/sysconfig/rsyslog
+[root@redhat9 ~]# cat /etc/sysconfig/rsyslog
 # Options for rsyslogd
 # Syslogd options are deprecated since rsyslog v3.
@@ Ligne 881: / Ligne 917: @@
 <code>
-[root@centos8 ~]# cat /etc/rsyslog.conf
+[root@redhat9 ~]# cat /etc/rsyslog.conf
 # rsyslog configuration file
@@ Ligne 887: / Ligne 923: @@
 # or latest version online at http://www.rsyslog.com/doc/rsyslog_conf.html
 # If you experience problems, see http://www.rsyslog.com/doc/troubleshoot.html
+#### GLOBAL DIRECTIVES ####
+# Where to place auxiliary files
+global(workDirectory="/var/lib/rsyslog")
+# Use default timestamp format
+module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
 #### MODULES ####
-module(load="imuxsock" 	  # provides support for local system logging (e.g. via logger command)
+module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
        SysSock.Use="off") # Turn off message reception via local log socket;
-			  # local messages are retrieved through imjournal now.
+                          # local messages are retrieved through imjournal now.
-module(load="imjournal" 	    # provides access to the systemd journal
+module(load="imjournal"             # provides access to the systemd journal
+       UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
+       FileCreateMode="0644" # Set the access permissions for the state file
        StateFile="imjournal.state") # File to store the position in the journal
 #module(load="imklog") # reads kernel messages (the same are read from journald)
 #module(load="immark") # provides --MARK-- message capability
+# Include all config files in /etc/rsyslog.d/
+include(file="/etc/rsyslog.d/*.conf" mode="optional")
 # Provides UDP syslog reception
@@ Ligne 907: / Ligne 956: @@
 #module(load="imtcp") # needs to be done just once
 #input(type="imtcp" port="514")
-#### GLOBAL DIRECTIVES ####
-# Where to place auxiliary files
-global(workDirectory="/var/lib/rsyslog")
-# Use default timestamp format
-module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")
-# Include all config files in /etc/rsyslog.d/
-include(file="/etc/rsyslog.d/*.conf" mode="optional")
 #### RULES ####
@@ Ligne 951: / Ligne 989: @@
 # ### sample forwarding rule ###
 #action(type="omfwd"
-# An on-disk queue is created for this action. If the remote host is
+# # An on-disk queue is created for this action. If the remote host is
-# down, messages are spooled to disk and sent when it is up again.
+# # down, messages are spooled to disk and sent when it is up again.
 #queue.filename="fwdRule1"       # unique name prefix for spool files
 #queue.maxdiskspace="1g"         # 1gb space limit (use as much as possible)
@@ Ligne 958: / Ligne 996: @@
 #queue.type="LinkedList"         # run asynchronously
 #action.resumeRetryCount="-1"    # infinite retries if host is down
-# Remote Logging (we use TCP for reliable delivery)
+# # Remote Logging (we use TCP for reliable delivery)
-# remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
+# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
 #Target="remote_host" Port="XXX" Protocol="tcp")
 </code>
@@ Ligne 984: / Ligne 1022: @@
 | module(load="imtcp") | Active la réception de messages en utilisant le protocole **TCP** |
-Dans le fichier **/etc/rsyslog.conf** nous pouvons constater que les inputs **module(load="imuxsock" SysSock.Use="off")** et **module(load="imjournal" StateFile="imjournal.state")** sont activés :
+Dans le fichier **/etc/rsyslog.conf** nous pouvons constater que les inputs **module(load="imuxsock"** et **module(load="imjournal"** sont activés :
 <file>
@@ Ligne 990: / Ligne 1028: @@
 #### MODULES ####
-module(load="imuxsock" 	  # provides support for local system logging (e.g. via logger command)
+module(load="imuxsock"    # provides support for local system logging (e.g. via logger command)
        SysSock.Use="off") # Turn off message reception via local log socket;
-			  # local messages are retrieved through imjournal now.
+                          # local messages are retrieved through imjournal now.
-module(load="imjournal" 	    # provides access to the systemd journal
+module(load="imjournal"             # provides access to the systemd journal
+       UsePid="system" # PID nummber is retrieved as the ID of the process the journal entry originates from
+       FileCreateMode="0644" # Set the access permissions for the state file
        StateFile="imjournal.state") # File to store the position in the journal
 #module(load="imklog") # reads kernel messages (the same are read from journald)
 #module(load="immark") # provides --MARK-- message capability
-# Provides UDP syslog reception
-# for parameters see http://www.rsyslog.com/doc/imudp.html
-#module(load="imudp") # needs to be done just once
-#input(type="imudp" port="514")
-# Provides TCP syslog reception
-# for parameters see http://www.rsyslog.com/doc/imtcp.html
-#module(load="imtcp") # needs to be done just once
-#input(type="imtcp" port="514")
 ...
 </file>
@@ Ligne 1016: / Ligne 1046: @@
 # Provides UDP syslog reception
 # for parameters see http://www.rsyslog.com/doc/imudp.html
-module(load="imudp") # needs to be done just once
+#module(load="imudp") # needs to be done just once
-input(type="imudp" port="514")
+#input(type="imudp" port="514")
 # Provides TCP syslog reception
 # for parameters see http://www.rsyslog.com/doc/imtcp.html
-module(load="imtcp") # needs to be done just once
+#module(load="imtcp") # needs to be done just once
-input(type="imtcp" port="514")
+#input(type="imtcp" port="514")
 ...
 </file>
@@ Ligne 1030: / Ligne 1060: @@
 </WRAP>
-Pour envoyer l'ensemble des traces de journalisation vers un serveur rsyslog distant, il convient de décommenter et modifier une ligne dans la section suivante du fichier **/etc/rsyslog.conf** :
+Pour envoyer l'ensemble des traces de journalisation vers un serveur rsyslog distant, il convient de décommenter et modifier la ligne **Target** dans la section suivante du fichier **/etc/rsyslog.conf** :
 <file>
@@ Ligne 1036: / Ligne 1066: @@
 # ### sample forwarding rule ###
 #action(type="omfwd"
-# An on-disk queue is created for this action. If the remote host is
+# # An on-disk queue is created for this action. If the remote host is
-# down, messages are spooled to disk and sent when it is up again.
+# # down, messages are spooled to disk and sent when it is up again.
 #queue.filename="fwdRule1"       # unique name prefix for spool files
 #queue.maxdiskspace="1g"         # 1gb space limit (use as much as possible)
@@ Ligne 1043: / Ligne 1073: @@
 #queue.type="LinkedList"         # run asynchronously
 #action.resumeRetryCount="-1"    # infinite retries if host is down
-# Remote Logging (we use TCP for reliable delivery)
+# # Remote Logging (we use TCP for reliable delivery)
-# remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
+# # remote_host is: name/ip, e.g. 192.168.0.1, port optional e.g. 10514
-Target="remote_host" Port="514" Protocol="tcp")
+#Target="remote_host" Port="XXX" Protocol="tcp")
 ...
 </file>
@@ Ligne 1115: / Ligne 1145: @@
 <code>
-[root@centos8 ~]# logger -p user.info Linux est super
+[root@redhat9 ~]# logger -p user.info Linux est super
 </code>
@@ Ligne 1121: / Ligne 1151: @@
 <code>
-[root@centos8 ~]# tail /var/log/messages
+[root@redhat9 ~]# tail /var/log/messages
-Jun  3 12:55:01 centos8 systemd[1]: session-237.scope: Succeeded.
+Sep 28 15:05:26 redhat9 dnf[12735]: Extra Packages for Enterprise Linux 9 openh264  6.9 kB/s | 993  B     00:00
-Jun  3 12:56:01 centos8 systemd[1]: Started Session 238 of user trainee.
+Sep 28 15:05:26 redhat9 dnf[12735]: Extra Packages for Enterprise Linux 9 - Next -  199 kB/s |  26 kB     00:00
-Jun  3 12:56:01 centos8 systemd[1]: session-238.scope: Succeeded.
+Sep 28 15:05:27 redhat9 dnf[12735]: Red Hat Enterprise Linux 9 for x86_64 - AppStre  12 kB/s | 4.5 kB     00:00
-Jun  3 12:57:01 centos8 systemd[1]: Started Session 239 of user trainee.
+Sep 28 15:05:27 redhat9 dnf[12735]: Red Hat Enterprise Linux 9 for x86_64 - BaseOS  7.4 kB/s | 4.1 kB     00:00
-Jun  3 12:57:01 centos8 systemd[1]: session-239.scope: Succeeded.
+Sep 28 15:05:28 redhat9 dnf[12735]: Red Hat CodeReady Linux Builder for RHEL 9 x86_  34 kB/s | 4.5 kB     00:00
-Jun  3 12:58:01 centos8 systemd[1]: Started Session 240 of user trainee.
+Sep 28 15:05:28 redhat9 dnf[12735]: Metadata cache created.
-Jun  3 12:58:01 centos8 systemd[1]: session-240.scope: Succeeded.
+Sep 28 15:05:28 redhat9 systemd[1]: dnf-makecache.service: Deactivated successfully.
-Jun  3 12:58:55 centos8 trainee[5139]: Linux est super
+Sep 28 15:05:28 redhat9 systemd[1]: Finished dnf makecache.
-Jun  3 12:59:01 centos8 systemd[1]: Started Session 241 of user trainee.
+Sep 28 15:05:28 redhat9 systemd[1]: dnf-makecache.service: Consumed 2.948s CPU time.
-Jun  3 12:59:01 centos8 systemd[1]: session-241.scope: Succeeded.
+Sep 28 15:15:29 redhat9 root[12751]: Linux est super
 </code>
@@ Ligne 1137: / Ligne 1167: @@
 <code>
-[root@centos8 ~]# logger --help
+[root@redhat9 ~]# logger --help
 Usage:
@@ Ligne 1184: / Ligne 1214: @@
 <code>
-[root@centos8 ~]# cat /etc/logrotate.conf
+[root@redhat9 ~]# cat /etc/logrotate.conf
 # see "man logrotate" for details
+# global options do not affect preceding include directives
 # rotate log files weekly
 weekly
@@ Ligne 1201: / Ligne 1234: @@
 #compress
-# RPM packages drop log rotation information into this directory
+# packages drop log rotation information into this directory
 include /etc/logrotate.d
@@ Ligne 1225: / Ligne 1258: @@
 <code>
-[root@centos8 ~]# logrotate --help
+[root@redhat9 ~]# logrotate --help
 Usage: logrotate [OPTION...] <configfile>
-  -d, --debug               Don't do anything, just test and print debug
+  -d, --debug               Don't do anything, just test and print debug messages
-                            messages
   -f, --force               Force file rotation
   -m, --mail=command        Command to send mail (instead of `/bin/mail')
   -s, --state=statefile     Path of state file
+      --skip-state-lock     Do not lock the state file
   -v, --verbose             Display messages during rotation
   -l, --log=logfile         Log file or 'syslog' to log to syslog
@@ Ligne 1243: / Ligne 1276: @@
 =====LAB #5 - La Journalisation avec journald=====
-Sous RHEL/CentOS 8, les fichiers de Syslog sont gardés pour une question de compatibilité. Cependant, tous les journaux sont d'abord collectés par **Journald** pour ensuite être redistribués vers les fichiers classiques se trouvant dans le répertoire /var/log. Les journaux de journald sont stockés dans un seul et unique fichier dynamique dans le répertoire **/run/log/journal** :
+Sous RHEL 9, les fichiers de Syslog sont gardés pour une question de compatibilité. Cependant, tous les journaux sont d'abord collectés par **Journald** pour ensuite être redistribués vers les fichiers classiques se trouvant dans le répertoire /var/log. Les journaux de journald sont stockés dans un seul et unique fichier dynamique dans le répertoire **/run/log/journal** :
 <code>
-[root@centos8 ~]# ls -l /run/log/journal/
+[root@redhat9 ~]# ls -l /run/log/journal/
 total 0
-drwxr-s---+ 2 root systemd-journal 60 Jun  3 09:01 de79af4f226d480fa7d3fec4cabbf97a
+drwxr-s---+ 2 root systemd-journal 60 Sep 25 12:44 5a35a3eb625c45cea1d33535723e791f
 </code>
 A l'extinction de la machine les journaux sont **effacés**.
-Pour rendre les journaux permenants, il faut créer le répertoire **/var/log/journal** :
+La configuration de ce comportement se trouve dans le fichier **/etc/systemd/journald.conf** et est défini par la valeur de la variable **Storage** :
 <code>
-[root@centos8 ~]# mkdir /var/log/journal
+[root@redhat9 ~]# cat /etc/systemd/journald.conf
-[root@centos8 ~]# ls -l /var/log/journal/
+#  This file is part of systemd.
-total 0
+#
-[root@centos8 ~]# systemctl restart systemd-journald
+#  systemd is free software; you can redistribute it and/or modify it under the
-[root@centos8 ~]# ls -l /run/log/journal/
+#  terms of the GNU Lesser General Public License as published by the Free
-ls: cannot access '/run/log/journal/': No such file or directory
+#  Software Foundation; either version 2.1 of the License, or (at your option)
-[root@centos8 ~]# ls -l /var/log/journal/
+#  any later version.
-total 0
+#
-drwxr-xr-x. 2 root root 28 Jun  3 13:03 de79af4f226d480fa7d3fec4cabbf97a
+# Entries in this file show the compile time defaults. Local configuration
+# should be created by either modifying this file, or by creating "drop-ins" in
+# the journald.conf.d/ subdirectory. The latter is generally recommended.
+# Defaults can be restored by simply deleting this file and all drop-ins.
+#
+# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config.
+#
+# See journald.conf(5) for details.
+[Journal]
+#Storage=auto
+#Compress=yes
+#Seal=yes
+#SplitMode=uid
+#SyncIntervalSec=5m
+#RateLimitIntervalSec=30s
+#RateLimitBurst=10000
+#SystemMaxUse=
+#SystemKeepFree=
+#SystemMaxFileSize=
+#SystemMaxFiles=100
+#RuntimeMaxUse=
+#RuntimeKeepFree=
+#RuntimeMaxFileSize=
+#RuntimeMaxFiles=100
+#MaxRetentionSec=
+#MaxFileSec=1month
+#ForwardToSyslog=no
+#ForwardToKMsg=no
+#ForwardToConsole=no
+#ForwardToWall=yes
+#TTYPath=/dev/console
+#MaxLevelStore=debug
+#MaxLevelSyslog=debug
+#MaxLevelKMsg=notice
+#MaxLevelConsole=info
+#MaxLevelWall=emerg
+#LineMax=48K
+#ReadKMsg=yes
+Audit=
 </code>
-Journald ne peut pas envoyer les traces à un autre ordinateur. Pour utiliser un serveur de journalisation distant il faut donc inclure la directive **ForwardToSyslog=yes** dans le fichier de configuration de journald, **/etc/systemd/journald.conf**, puis configurer Rsyslog à envoyer les traces au serveur distant :
+La valeur de la variable peut être :
+  * **auto** - si le répertoire **/var/log/journal** existe, le journal devient persistant,
+  * **persistent** - le journal est persistant et est stocké dans le répertoire **/var/log/journal**,
+  * **volatile** - le journal est stocké dans un fichier dynamique dans le répertoire **/run/log/journal**.
+Pour rendre le journal permenant, modifiez le fichier **/etc/systemd/journald.conf** et décommentez la directive **Storage** :
 <code>
-[root@centos8 ~]# cat /etc/systemd/journald.conf
+[root@redhat9 ~]# vi /etc/systemd/journald.conf
+[root@redhat9 ~]# cat /etc/systemd/journald.conf
 #  This file is part of systemd.
 #
-#  systemd is free software; you can redistribute it and/or modify it
+#  systemd is free software; you can redistribute it and/or modify it under the
-#  under the terms of the GNU Lesser General Public License as published by
+#  terms of the GNU Lesser General Public License as published by the Free
-#  the Free Software Foundation; either version 2.1 of the License, or
+#  Software Foundation; either version 2.1 of the License, or (at your option)
-#  (at your option) any later version.
+#  any later version.
 #
-# Entries in this file show the compile time defaults.
+# Entries in this file show the compile time defaults. Local configuration
-# You can change settings by editing this file.
+# should be created by either modifying this file, or by creating "drop-ins" in
-# Defaults can be restored by simply deleting this file.
+# the journald.conf.d/ subdirectory. The latter is generally recommended.
+# Defaults can be restored by simply deleting this file and all drop-ins.
+#
+# Use 'systemd-analyze cat-config systemd/journald.conf' to display the full config.
 #
 # See journald.conf(5) for details.
 [Journal]
-#Storage=auto
+Storage=auto
 #Compress=yes
 #Seal=yes
@@ Ligne 1303: / Ligne 1385: @@
 #MaxFileSec=1month
 #ForwardToSyslog=no
-ForwardToSyslog=yes
 #ForwardToKMsg=no
 #ForwardToConsole=no
@@ Ligne 1314: / Ligne 1395: @@
 #MaxLevelWall=emerg
 #LineMax=48K
+#ReadKMsg=yes
+Audit=
 </code>
+Créez le répertoire **/var/log/journal** :
+<code>
+[root@redhat9 ~]# mkdir /var/log/journal
+[root@redhat9 ~]# ls -l /var/log/journal/
+total 0
+</code>
+Redémarrez votre VM :
+<code>
+[root@redhat9 ~]# reboot
+[root@redhat9 ~]# Connection to 10.0.2.101 closed by remote host.
+Connection to 10.0.2.101 closed.
+</code>
+Reconnectez-vous à votre VM :
+<code>
+[trainee@redhat9 ~]$ su -
+Password: fenestros
+[root@redhat9 ~]# ls -l /run/log/journal/
+total 0
+[root@redhat9 ~]# ls -l /var/log/journal/
+total 0
+drwxr-sr-x+ 2 root systemd-journal 53 Sep 28 15:39 5a35a3eb625c45cea1d33535723e791f
+</code>
+Journald ne peut pas envoyer de traces à un autre ordinateur. Pour utiliser un serveur de journalisation distant il faut donc ajouter la directive **ForwardToSyslog=yes** au fichier de configuration de journald, **/etc/systemd/journald.conf**, puis configurer Rsyslog à envoyer les traces au serveur distant.
 ====5.1 - Consultation des Journaux====
@@ Ligne 1321: / Ligne 1436: @@
 <code>
-[root@centos8 ~]# journalctl
+[root@redhat9 ~]# journalctl
--- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:08:01 EDT. --
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Linux version 5.14.0-427.37.1.el9_4.x86_64 (mockbuild@x86-64-02.build.eng.rdu2.redhat.com) (gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3), GNU ld version 2.35.2-43>
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Linux version 4.18.0-240.22.1.el8_3.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version 8.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: The list of certified hardware and cloud instances for Red Hat Enterprise Linux 9 can be viewed at the Red Hat Ecosystem Catalog, https://catalog.redhat.com.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=4c0cc28c-0d59-45be-bd73-d292b80be33c ro crashkernel=auto resume=UUID=c8bb3f47-d67f-4b21-b781-766899dc83d4>
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.14.0-427.37.1.el9_4.x86_64 root=/dev/mapper/rhel-root ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/>
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-provided physical RAM map:
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: signal: max sigframe size: 1776
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-provided physical RAM map:
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000bffd9fff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000bffda000-0x00000000bfffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: NX (Execute Disable) protection: active
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: NX (Execute Disable) protection: active
-Jun 03 09:01:10 centos8.ittraining.loc kernel: SMBIOS 2.5 present.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: SMBIOS 2.8 present.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Hypervisor detected: KVM
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Hypervisor detected: KVM
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: cpu 0, msr 114801001, primary cpu clock
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: using sched offset of 269552729537899 cycles
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: using sched offset of 5675771878 cycles
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
-Jun 03 09:01:10 centos8.ittraining.loc kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: tsc: Detected 2099.998 MHz processor
-Jun 03 09:01:10 centos8.ittraining.loc kernel: tsc: Detected 1190.400 MHz processor
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0x240000 max_arch_pfn = 0x400000000
-Jun 03 09:01:10 centos8.ittraining.loc kernel: last_pfn = 0x120000 max_arch_pfn = 0x400000000
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
-Jun 03 09:01:10 centos8.ittraining.loc kernel: MTRR default type: uncachable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
-Jun 03 09:01:10 centos8.ittraining.loc kernel: MTRR variable ranges disabled:
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0xbffda max_arch_pfn = 0x400000000
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Disabled
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: found SMP MP-table at [mem 0x000f5bc0-0x000f5bcf]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/PAT: MTRRs disabled, skipping PAT initialization too.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Using GB pages for direct mapping
-Jun 03 09:01:10 centos8.ittraining.loc kernel: CPU MTRRs all blank - virtualized system.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: RAMDISK: [mem 0x3149c000-0x34a45fff]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/PAT: Configuration [0-7]: WB  WT  UC- UC  WB  WT  UC- UC
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Early table checksum verification disabled
-Jun 03 09:01:10 centos8.ittraining.loc kernel: last_pfn = 0xdfff0 max_arch_pfn = 0x400000000
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDP 0x00000000000F5980 000014 (v00 BOCHS )
-Jun 03 09:01:10 centos8.ittraining.loc kernel: found SMP MP-table at [mem 0x0009fff0-0x0009ffff]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDT 0x00000000BFFE300C 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kexec: Reserving the low 1M of memory for crashkernel
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACP 0x00000000BFFE2DDE 000074 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a01000, 0x114a01fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: DSDT 0x00000000BFFDF040 003D9E (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a02000, 0x114a02fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACS 0x00000000BFFDF000 000040
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a03000, 0x114a03fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: APIC 0x00000000BFFE2E52 000090 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a04000, 0x114a04fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: SSDT 0x00000000BFFE2EE2 0000CA (v01 BOCHS  VMGENID  00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a05000, 0x114a05fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: HPET 0x00000000BFFE2FAC 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a06000, 0x114a06fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: WAET 0x00000000BFFE2FE4 000028 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a07000, 0x114a07fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACP table memory at [mem 0xbffe2dde-0xbffe2e51]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a08000, 0x114a08fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving DSDT table memory at [mem 0xbffdf040-0xbffe2ddd]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BRK [0x114a09000, 0x114a09fff] PGTABLE
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACS table memory at [mem 0xbffdf000-0xbffdf03f]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: RAMDISK: [mem 0x34e00000-0x366f7fff]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving APIC table memory at [mem 0xbffe2e52-0xbffe2ee1]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: Early table checksum verification disabled
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving SSDT table memory at [mem 0xbffe2ee2-0xbffe2fab]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: RSDP 0x00000000000E0000 000024 (v02 VBOX  )
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving HPET table memory at [mem 0xbffe2fac-0xbffe2fe3]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: XSDT 0x00000000DFFF0030 00003C (v01 VBOX   VBOXXSDT 00000001 ASL  00000061)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving WAET table memory at [mem 0xbffe2fe4-0xbffe300b]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACP 0x00000000DFFF00F0 0000F4 (v04 VBOX   VBOXFACP 00000001 ASL  00000061)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: No NUMA configuration found
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: DSDT 0x00000000DFFF0480 002325 (v02 VBOX   VBOXBIOS 00000002 INTL 20190509)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Faking a node at [mem 0x0000000000000000-0x000000023fffffff]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACS 0x00000000DFFF0200 000040
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: NODE_DATA(0) allocated [mem 0x23ffd5000-0x23fffffff]
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: FACS 0x00000000DFFF0200 000040
+lines 1-55
-Jun 03 09:01:10 centos8.ittraining.loc kernel: ACPI: APIC 0x00000000DFFF0240 00006C (v02 VBOX   VBOXAPIC 00000001 ASL  00000061)
-lines 1-57
 </code>
@@ Ligne 1391: / Ligne 1504: @@
 <code>
-[root@centos8 ~]# journalctl /sbin/anacron
+[root@redhat9 ~]# journalctl /sbin/crond
--- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:10:01 EDT. --
+Sep 28 15:37:18 redhat9.ittraining.loc crond[1138]: (CRON) STARTUP (1.5.7)
-Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: Anacron started on 2021-06-03
+Sep 28 15:37:18 redhat9.ittraining.loc crond[1138]: (CRON) INFO (Syslog will be used instead of sendmail.)
-Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: Will run job `cron.daily' in 15 min.
+Sep 28 15:37:18 redhat9.ittraining.loc crond[1138]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 65% if used.)
-Jun 03 10:01:01 centos8.ittraining.loc anacron[2575]: Jobs will be executed sequentially
+Sep 28 15:37:18 redhat9.ittraining.loc crond[1138]: (CRON) INFO (running with inotify support)
-Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: Job `cron.daily' started
-Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: Job `cron.daily' terminated
-Jun 03 10:16:01 centos8.ittraining.loc anacron[2575]: Normal exit (1 job run)
 </code>
 <WRAP center round important 60%>
-**Important** : Rappelez-vous que sous RHEL/CentOS 8 le répertoire **/sbin** est un lien symbolique vers **/usr/sbin**.
+**Important** : Rappelez-vous que sous RHEL9 le répertoire **/sbin** est un lien symbolique vers **/usr/sbin**.
 </WRAP>
@@ Ligne 1410: / Ligne 1520: @@
 <code>
-[root@centos8 ~]# journalctl -b | more
+[root@redhat9 ~]# journalctl -b | more
--- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:11:01 EDT. --
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Linux version 5.14.0-427.37.1.el9_4.x86_64 (mockbuild@x86-64-02.build.eng.rdu2.redhat.com) (gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3), GNU ld version 2.35.2-43.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Linux version 4.18.0-240.22.1.el8_3.x86_64 (mockbuild@kbuilder.bsys.centos.org) (gcc version
+el9) #1 SMP PREEMPT_DYNAMIC Fri Sep 13 12:41:50 EDT 2024
-.3.1 20191121 (Red Hat 8.3.1-5) (GCC)) #1 SMP Thu Apr 8 19:01:30 UTC 2021
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: The list of certified hardware and cloud instances for Red Hat Enterprise Linux 9 can be viewed at the Red Hat Ecosystem Catalog, https://catalog.redhat.com.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-4.18.0-240.22.1.el8_3.x86_64 root=UUID=4c0cc28
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.14.0-427.37.1.el9_4.x86_64 root=/dev/mapper/rhel-root ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/m
-c-0d59-45be-bd73-d292b80be33c ro crashkernel=auto resume=UUID=c8bb3f47-d67f-4b21-b781-766899dc83d4 rhgb quiet
+apper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
-Jun 03 09:01:10 centos8.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-provided physical RAM map:
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: signal: max sigframe size: 1776
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-provided physical RAM map:
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000dffeffff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000dfff0000-0x00000000dfffffff] ACPI data
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000bffd9fff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000bffda000-0x00000000bfffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000011fffffff] usable
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: NX (Execute Disable) protection: active
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: NX (Execute Disable) protection: active
-Jun 03 09:01:10 centos8.ittraining.loc kernel: SMBIOS 2.5 present.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: SMBIOS 2.8 present.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: DMI: innotek GmbH VirtualBox/VirtualBox, BIOS VirtualBox 12/01/2006
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
-Jun 03 09:01:10 centos8.ittraining.loc kernel: Hypervisor detected: KVM
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Hypervisor detected: KVM
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: cpu 0, msr 114801001, primary cpu clock
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: using sched offset of 269552729537899 cycles
-Jun 03 09:01:10 centos8.ittraining.loc kernel: kvm-clock: using sched offset of 5675771878 cycles
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
-Jun 03 09:01:10 centos8.ittraining.loc kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: tsc: Detected 2099.998 MHz processor
-590591483 ns
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
-Jun 03 09:01:10 centos8.ittraining.loc kernel: tsc: Detected 1190.400 MHz processor
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
-Jun 03 09:01:10 centos8.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0x240000 max_arch_pfn = 0x400000000
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0xbffda max_arch_pfn = 0x400000000
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: found SMP MP-table at [mem 0x000f5bc0-0x000f5bcf]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Using GB pages for direct mapping
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: RAMDISK: [mem 0x3149c000-0x34a45fff]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Early table checksum verification disabled
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDP 0x00000000000F5980 000014 (v00 BOCHS )
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDT 0x00000000BFFE300C 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACP 0x00000000BFFE2DDE 000074 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: DSDT 0x00000000BFFDF040 003D9E (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACS 0x00000000BFFDF000 000040
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: APIC 0x00000000BFFE2E52 000090 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: SSDT 0x00000000BFFE2EE2 0000CA (v01 BOCHS  VMGENID  00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: HPET 0x00000000BFFE2FAC 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: WAET 0x00000000BFFE2FE4 000028 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACP table memory at [mem 0xbffe2dde-0xbffe2e51]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving DSDT table memory at [mem 0xbffdf040-0xbffe2ddd]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACS table memory at [mem 0xbffdf000-0xbffdf03f]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving APIC table memory at [mem 0xbffe2e52-0xbffe2ee1]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving SSDT table memory at [mem 0xbffe2ee2-0xbffe2fab]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving HPET table memory at [mem 0xbffe2fac-0xbffe2fe3]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving WAET table memory at [mem 0xbffe2fe4-0xbffe300b]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: No NUMA configuration found
 --More--
+[q]
 </code>
@@ Ligne 1454: / Ligne 1589: @@
 <code>
-[root@centos8 ~]# journalctl -p warning
+[root@redhat9 ~]# journalctl -p warning
--- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:12:01 EDT. --
+Sep 28 15:36:59 redhat9.ittraining.loc kernel:  #3
-Jun 03 09:01:10 centos8.ittraining.loc kernel:  #2
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended configuration space under this bridge
-Jun 03 09:01:10 centos8.ittraining.loc kernel:  #3
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log.
-Jun 03 09:01:10 centos8.ittraining.loc kernel: acpi PNP0A03:00: fail to add MMCONFIG information, can't access extended PCI configuration >
+Sep 28 15:37:00 redhat9.ittraining.loc systemd[1]: sys-module-fuse.device: Failed to enqueue SYSTEMD_WANTS= job, ignoring: Unit sys-fs-fuse-connections.mount not found.
-Jun 03 09:01:12 centos8.ittraining.loc kernel: e1000: E1000 MODULE IS NOT SUPPORTED
+Sep 28 15:37:00 redhat9.ittraining.loc kernel: sd 0:0:0:0: Power-on or device reset occurred
-Jun 03 09:01:12 centos8.ittraining.loc kernel: [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
+Sep 28 15:37:10 redhat9.ittraining.loc lvm[696]: PV /dev/sda2 online, VG rhel is complete.
-Jun 03 09:01:12 centos8.ittraining.loc kernel: [drm:vmw_host_log [vmwgfx]] *ERROR* Failed to send host log message.
+Sep 28 15:37:12 redhat9.ittraining.loc avahi-daemon[752]: WARNING: No NSS support for mDNS detected, consider installing nss-mdns!
-Jun 03 09:01:18 centos8.ittraining.loc kernel: printk: systemd: 19 output lines suppressed due to ratelimiting
+Sep 28 15:37:16 redhat9.ittraining.loc kernel: Warning: Unmaintained driver is detected: ip_set
-Jun 03 09:01:20 centos8.ittraining.loc firewalld[874]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration>
+Sep 28 15:37:20 redhat9.ittraining.loc kernel: block dm-0: the capability attribute has been deprecated.
-Jun 03 09:01:21 centos8.ittraining.loc systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: Cannot change IRQ 28 affinity: Input/output error
-Jun 03 09:01:24 centos8.ittraining.loc systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: IRQ 28 affinity is now unmanaged
-Jun 03 09:01:24 centos8.ittraining.loc systemd[1]: iscsi.service: Unit cannot be reloaded because it is inactive.
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: Cannot change IRQ 30 affinity: Input/output error
-Jun 03 09:01:26 centos8.ittraining.loc chronyd[850]: System clock wrong by 1.753498 seconds, adjustment started
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: IRQ 30 affinity is now unmanaged
-Jun 03 09:01:28 centos8.ittraining.loc chronyd[850]: System clock was stepped by 1.753498 seconds
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: Cannot change IRQ 29 affinity: Input/output error
-Jun 03 12:46:31 centos8.ittraining.loc chronyd[850]: System clock wrong by 47255.336542 seconds, adjustment started
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: IRQ 29 affinity is now unmanaged
-lines 1-15/15 (END)
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: Cannot change IRQ 0 affinity: Input/output error
+Sep 28 15:37:23 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: IRQ 0 affinity is now unmanaged
+Sep 28 15:37:23 redhat9.ittraining.loc org.gnome.Shell.desktop[1802]: pci id for fd 13: 1234:1111, driver (null)
+Sep 28 15:37:23 redhat9.ittraining.loc org.gnome.Shell.desktop[1802]: MESA-LOADER: failed to open bochs-drm: /usr/lib64/dri/bochs-drm_dri.so: cannot open shared object file: No such file or directory (search p>
+Sep 28 15:37:25 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.a11y.Bus' requested by ':1.4' (uid=42 pid=1802 comm="/us>
+Sep 28 15:37:25 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.a11y.Bus'
+Sep 28 15:37:27 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.freedesktop.portal.IBus' requested by ':1.6' (uid=42 pid>
+Sep 28 15:37:27 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.freedesktop.portal.IBus'
+Sep 28 15:37:27 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.freedesktop.impl.portal.PermissionStore' requested by ':>
+Sep 28 15:37:27 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.freedesktop.impl.portal.PermissionStore'
+Sep 28 15:37:28 redhat9.ittraining.loc wireplumber[1859]: Failed to set scheduler settings: Operation not permitted
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.gnome.Shell.Notifications' requested by ':1.3' (uid=42 p>
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1825]: dbus-daemon[1825]: Activating service name='org.a11y.atspi.Registry' requested by ':1.0' (uid=42 pid=1802 comm="/usr/bin/gnome-she>
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1825]: dbus-daemon[1825]: Successfully activated service 'org.a11y.atspi.Registry'
+Sep 28 15:37:28 redhat9.ittraining.loc wireplumber[1859]: GetManagedObjects() failed: org.freedesktop.DBus.Error.NameHasNoOwner
+Sep 28 15:37:28 redhat9.ittraining.loc gnome-shell[1802]: Realizing HW cursor failed: drmModeAddFB does not support format 'AR24' (0x34325241)
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.freedesktop.systemd1' requested by ':1.16' (uid=42 pid=1>
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.gnome.Shell.Notifications'
+Sep 28 15:37:28 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activated service 'org.freedesktop.systemd1' failed: Process org.freedesktop.systemd1>
+Sep 28 15:37:28 redhat9.ittraining.loc gsd-sharing[1908]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
+Sep 28 15:37:28 redhat9.ittraining.loc gsd-sharing[1908]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
+Sep 28 15:37:28 redhat9.ittraining.loc gsd-sharing[1908]: Failed to StopUnit service: GDBus.Error:org.freedesktop.DBus.Error.Spawn.ChildExited: Process org.freedesktop.systemd1 exited with status 1
+Sep 28 15:37:28 redhat9.ittraining.loc org.gnome.Shell.desktop[1831]: Failed to initialize glamor, falling back to sw
+Sep 28 15:37:28 redhat9.ittraining.loc gnome-shell[1802]: Realizing HW cursor failed: drmModeAddFB does not support format 'AR24' (0x34325241)
+Sep 28 15:37:29 redhat9.ittraining.loc dbus-broker[751]: A security policy denied :1.25 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.33.
+Sep 28 15:37:29 redhat9.ittraining.loc dbus-broker[751]: A security policy denied :1.25 to send method call /org/freedesktop/PackageKit:org.freedesktop.DBus.Properties.GetAll to :1.33.
+Sep 28 15:37:29 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.gnome.Shell.Screencast' requested by ':1.23' (uid=42 pid>
+Sep 28 15:37:30 redhat9.ittraining.loc gnome-shell[1802]: ATK Bridge is disabled but a11y has already been enabled.
+Sep 28 15:37:30 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.freedesktop.portal.IBus' requested by ':1.33' (uid=42 pi>
+Sep 28 15:37:30 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.freedesktop.portal.IBus'
+Sep 28 15:37:30 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Activating service name='org.gnome.ScreenSaver' requested by ':1.25' (uid=42 pid=1928>
+Sep 28 15:37:30 redhat9.ittraining.loc gsd-media-keys[1923]: Failed to grab accelerator for keybinding settings:hibernate
+Sep 28 15:37:30 redhat9.ittraining.loc gsd-media-keys[1923]: Failed to grab accelerator for keybinding settings:playback-repeat
+Sep 28 15:37:30 redhat9.ittraining.loc org.gnome.Shell.desktop[2153]: The XKEYBOARD keymap compiler (xkbcomp) reports:
+Sep 28 15:37:30 redhat9.ittraining.loc org.gnome.Shell.desktop[2153]: > Warning:          Unsupported maximum keycode 708, clipping.
+Sep 28 15:37:30 redhat9.ittraining.loc org.gnome.Shell.desktop[2153]: >                   X11 cannot support keycodes above 255.
+Sep 28 15:37:30 redhat9.ittraining.loc org.gnome.Shell.desktop[2153]: Errors from xkbcomp are not fatal to the X server
+Sep 28 15:37:30 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.gnome.ScreenSaver'
+Sep 28 15:37:30 redhat9.ittraining.loc /usr/libexec/gdm-wayland-session[1793]: dbus-daemon[1793]: [session uid=42 pid=1793] Successfully activated service 'org.gnome.Shell.Screencast'
+Sep 28 15:39:43 redhat9.ittraining.loc /usr/sbin/irqbalance[754]: Cannot change IRQ 27 affinity: Input/output error
+lines 1-55
 </code>
@@ Ligne 1490: / Ligne 1665: @@
 <code>
-[root@centos8 ~]# journalctl --since 12:00 --until now
+[root@redhat9 ~]# journalctl --since 03:45 --until now
--- Logs begin at Thu 2021-06-03 09:01:10 EDT, end at Thu 2021-06-03 13:14:01 EDT. --
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Linux version 5.14.0-427.37.1.el9_4.x86_64 (mockbuild@x86-64-02.build.eng.rdu2.redhat.com) (gcc (GCC) 11.4.1 20231218 (Red Hat 11.4.1-3), GNU ld version 2.35.2-43>
-Jun 03 12:00:01 centos8.ittraining.loc systemd[1]: Started Session 181 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: The list of certified hardware and cloud instances for Red Hat Enterprise Linux 9 can be viewed at the Red Hat Ecosystem Catalog, https://catalog.redhat.com.
-Jun 03 12:00:01 centos8.ittraining.loc CROND[4238]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Command line: BOOT_IMAGE=(hd0,msdos1)/vmlinuz-5.14.0-427.37.1.el9_4.x86_64 root=/dev/mapper/rhel-root ro crashkernel=1G-4G:192M,4G-64G:256M,64G-:512M resume=/dev/>
-Jun 03 12:00:01 centos8.ittraining.loc systemd[1]: session-181.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
-Jun 03 12:01:01 centos8.ittraining.loc CROND[4251]: (root) CMD (run-parts /etc/cron.hourly)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
-Jun 03 12:01:01 centos8.ittraining.loc systemd[1]: Started Session 182 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
-Jun 03 12:01:01 centos8.ittraining.loc run-parts[4255]: (/etc/cron.hourly) starting 0anacron
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
-Jun 03 12:01:01 centos8.ittraining.loc CROND[4260]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
-Jun 03 12:01:01 centos8.ittraining.loc run-parts[4262]: (/etc/cron.hourly) finished 0anacron
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: signal: max sigframe size: 1776
-Jun 03 12:01:01 centos8.ittraining.loc systemd[1]: session-182.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-provided physical RAM map:
-Jun 03 12:02:01 centos8.ittraining.loc systemd[1]: Started Session 183 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009fbff] usable
-Jun 03 12:02:01 centos8.ittraining.loc CROND[4275]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x000000000009fc00-0x000000000009ffff] reserved
-Jun 03 12:02:01 centos8.ittraining.loc systemd[1]: session-183.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000000f0000-0x00000000000fffff] reserved
-Jun 03 12:03:01 centos8.ittraining.loc systemd[1]: Started Session 184 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000bffd9fff] usable
-Jun 03 12:03:01 centos8.ittraining.loc CROND[4289]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000bffda000-0x00000000bfffffff] reserved
-Jun 03 12:03:01 centos8.ittraining.loc systemd[1]: session-184.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000feffc000-0x00000000feffffff] reserved
-Jun 03 12:04:01 centos8.ittraining.loc systemd[1]: Started Session 185 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x00000000fffc0000-0x00000000ffffffff] reserved
-Jun 03 12:04:01 centos8.ittraining.loc CROND[4303]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: BIOS-e820: [mem 0x0000000100000000-0x000000023fffffff] usable
-Jun 03 12:04:01 centos8.ittraining.loc systemd[1]: session-185.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: NX (Execute Disable) protection: active
-Jun 03 12:05:01 centos8.ittraining.loc systemd[1]: Started Session 186 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: SMBIOS 2.8 present.
-Jun 03 12:05:01 centos8.ittraining.loc CROND[4319]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: DMI: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
-Jun 03 12:05:01 centos8.ittraining.loc systemd[1]: session-186.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Hypervisor detected: KVM
-Jun 03 12:06:02 centos8.ittraining.loc systemd[1]: Started Session 187 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
-Jun 03 12:06:02 centos8.ittraining.loc CROND[4332]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: kvm-clock: using sched offset of 269552729537899 cycles
-Jun 03 12:06:02 centos8.ittraining.loc systemd[1]: session-187.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: clocksource: kvm-clock: mask: 0xffffffffffffffff max_cycles: 0x1cd42e4dffb, max_idle_ns: 881590591483 ns
-Jun 03 12:07:01 centos8.ittraining.loc systemd[1]: Started Session 188 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: tsc: Detected 2099.998 MHz processor
-Jun 03 12:07:01 centos8.ittraining.loc CROND[4346]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
-Jun 03 12:07:01 centos8.ittraining.loc systemd[1]: session-188.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: e820: remove [mem 0x000a0000-0x000fffff] usable
-Jun 03 12:08:01 centos8.ittraining.loc systemd[1]: Started Session 189 of user trainee.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0x240000 max_arch_pfn = 0x400000000
-Jun 03 12:08:01 centos8.ittraining.loc CROND[4360]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: MTRR map: 4 entries (3 fixed + 1 variable; max 19), built from 8 variable MTRRs
-Jun 03 12:08:01 centos8.ittraining.loc systemd[1]: session-189.scope: Succeeded.
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT
-lines 1-31
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: last_pfn = 0xbffda max_arch_pfn = 0x400000000
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: found SMP MP-table at [mem 0x000f5bc0-0x000f5bcf]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Using GB pages for direct mapping
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: RAMDISK: [mem 0x3149c000-0x34a45fff]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Early table checksum verification disabled
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDP 0x00000000000F5980 000014 (v00 BOCHS )
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: RSDT 0x00000000BFFE300C 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACP 0x00000000BFFE2DDE 000074 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: DSDT 0x00000000BFFDF040 003D9E (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: FACS 0x00000000BFFDF000 000040
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: APIC 0x00000000BFFE2E52 000090 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: SSDT 0x00000000BFFE2EE2 0000CA (v01 BOCHS  VMGENID  00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: HPET 0x00000000BFFE2FAC 000038 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: WAET 0x00000000BFFE2FE4 000028 (v01 BOCHS  BXPC     00000001 BXPC 00000001)
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACP table memory at [mem 0xbffe2dde-0xbffe2e51]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving DSDT table memory at [mem 0xbffdf040-0xbffe2ddd]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving FACS table memory at [mem 0xbffdf000-0xbffdf03f]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving APIC table memory at [mem 0xbffe2e52-0xbffe2ee1]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving SSDT table memory at [mem 0xbffe2ee2-0xbffe2fab]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving HPET table memory at [mem 0xbffe2fac-0xbffe2fe3]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: ACPI: Reserving WAET table memory at [mem 0xbffe2fe4-0xbffe300b]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: No NUMA configuration found
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: Faking a node at [mem 0x0000000000000000-0x000000023fffffff]
+Sep 28 15:36:59 redhat9.ittraining.loc kernel: NODE_DATA(0) allocated [mem 0x23ffd5000-0x23fffffff]
+lines 1-55
 </code>
@@ Ligne 1534: / Ligne 1733: @@
 <code>
-[root@centos8 ~]# journalctl -f
+[root@redhat9 ~]# journalctl -f
--- Logs begin at Thu 2021-06-03 09:01:10 EDT. --
+Sep 28 15:41:02 redhat9.ittraining.loc systemd[2200]: Starting Mark boot as successful...
-Jun 03 13:13:08 centos8.ittraining.loc systemd[1]: Started dnf makecache.
+Sep 28 15:41:03 redhat9.ittraining.loc systemd[2200]: Finished Mark boot as successful.
-Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: Started Session 256 of user trainee.
+Sep 28 15:42:29 redhat9.ittraining.loc PackageKit[1886]: daemon quit
-Jun 03 13:14:01 centos8.ittraining.loc CROND[5391]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:42:29 redhat9.ittraining.loc systemd[1]: packagekit.service: Deactivated successfully.
-Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: session-256.scope: Succeeded.
+Sep 28 15:43:02 redhat9.ittraining.loc systemd[1340]: Created slice User Background Tasks Slice.
-Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: Started Session 257 of user trainee.
+Sep 28 15:43:02 redhat9.ittraining.loc systemd[1340]: Starting Cleanup of User's Temporary Files and Directories...
-Jun 03 13:15:01 centos8.ittraining.loc CROND[5407]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:43:02 redhat9.ittraining.loc systemd[1340]: Finished Cleanup of User's Temporary Files and Directories.
-Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: session-257.scope: Succeeded.
+Sep 28 15:44:02 redhat9.ittraining.loc systemd[2200]: Created slice User Background Tasks Slice.
-Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: Started Session 258 of user trainee.
+Sep 28 15:44:02 redhat9.ittraining.loc systemd[2200]: Starting Cleanup of User's Temporary Files and Directories...
-Jun 03 13:16:02 centos8.ittraining.loc CROND[5420]: (trainee) CMD (/bin/pwd > pwd.txt)
+Sep 28 15:44:02 redhat9.ittraining.loc systemd[2200]: Finished Cleanup of User's Temporary Files and Directories.
-Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: session-258.scope: Succeeded.
 ^C
 </code>
-Ouvrez un deuxième terminal et saisissez la commande suivante :
+====5.7 - Consultation des Journaux avec des Mots Clefs===
+Pour consulter les mots clefs compris par Journald, tapez la commande **journalctl** puis appuyer **deux** fois sur la touche <key>Tab</key> :
 <code>
-[trainee@centos8 ~]$ logger -p user.info Linux est super
+[root@redhat9 ~]# journalctl
+_AUDIT_LOGINUID=                         DBUS_BROKER_MESSAGE_TYPE=                INVOCATION_ID=                           _PID=                                    _SYSTEMD_UNIT=
+_AUDIT_SESSION=                          DBUS_BROKER_MESSAGE_UNIX_FDS=            JOB_ID=                                  PRIORITY=                                _SYSTEMD_USER_SLICE=
+AVAILABLE=                               DBUS_BROKER_POLICY_TYPE=                 JOB_RESULT=                              REALMD_OPERATION=                        _SYSTEMD_USER_UNIT=
+AVAILABLE_PRETTY=                        DBUS_BROKER_RECEIVER_SECURITY_LABEL=     JOB_TYPE=                                _RUNTIME_SCOPE=                          THREAD_ID=
+_BOOT_ID=                                DBUS_BROKER_RECEIVER_UNIQUE_NAME=        JOURNAL_NAME=                            SEAT_ID=                                 TID=
+_CAP_EFFECTIVE=                          DBUS_BROKER_RECEIVER_WELL_KNOWN_NAME_0=  JOURNAL_PATH=                            _SELINUX_CONTEXT=                        TIMESTAMP_BOOTTIME=
+_CMDLINE=                                DBUS_BROKER_SENDER_SECURITY_LABEL=       _KERNEL_DEVICE=                          SESSION_ID=                              TIMESTAMP_MONOTONIC=
+CODE_FILE=                               DBUS_BROKER_SENDER_UNIQUE_NAME=          _KERNEL_SUBSYSTEM=                       _SOURCE_MONOTONIC_TIMESTAMP=             _TRANSPORT=
+CODE_FUNC=                               DBUS_BROKER_TRANSMIT_ACTION=             KERNEL_USEC=                             _SOURCE_REALTIME_TIMESTAMP=              _UDEV_DEVLINK=
+CODE_LINE=                               DISK_AVAILABLE=                          LEADER=                                  _STREAM_ID=                              _UDEV_DEVNODE=
+_COMM=                                   DISK_AVAILABLE_PRETTY=                   LIMIT=                                   SYSLOG_FACILITY=                         _UDEV_SYSNAME=
+CURRENT_USE=                             DISK_KEEP_FREE=                          LIMIT_PRETTY=                            SYSLOG_IDENTIFIER=                       _UID=
+CURRENT_USE_PRETTY=                      DISK_KEEP_FREE_PRETTY=                   _MACHINE_ID=                             SYSLOG_PID=                              UNIT=
+DBUS_BROKER_LOG_DROPPED=                 ERRNO=                                   MAX_USE=                                 SYSLOG_RAW=                              USER_ID=
+DBUS_BROKER_MESSAGE_DESTINATION=         _EXE=                                    MAX_USE_PRETTY=                          SYSLOG_TIMESTAMP=                        USER_INVOCATION_ID=
+DBUS_BROKER_MESSAGE_INTERFACE=           _GID=                                    MESSAGE=                                 _SYSTEMD_CGROUP=                         USERSPACE_USEC=
+DBUS_BROKER_MESSAGE_MEMBER=              GLIB_DOMAIN=                             MESSAGE_ID=                              _SYSTEMD_INVOCATION_ID=                  USER_UNIT=
+DBUS_BROKER_MESSAGE_PATH=                GLIB_OLD_LOG_API=                        NM_DEVICE=                               _SYSTEMD_OWNER_UID=
+DBUS_BROKER_MESSAGE_SERIAL=              _HOSTNAME=                               NM_LOG_DOMAINS=                          _SYSTEMD_SESSION=
+DBUS_BROKER_MESSAGE_SIGNATURE=           INITRD_USEC=                             NM_LOG_LEVEL=                            _SYSTEMD_SLICE=
 </code>
-Retournez consulter le premier terminal :
+Pour voir la liste des processus dont les traces sont inclus dans les journaux du mots clefs, tapez la commande journalctl suivi par le nom d'un mot clef puis appuyer deux fois sur la touche <key>Tab</key> :
 <code>
-[root@centos8 ~]# journalctl -f
+[root@redhat9 ~]# journalctl _UID=
--- Logs begin at Thu 2021-06-03 09:01:10 EDT. --
+     1000  172   42    70    81    994   998
-Jun 03 13:13:08 centos8.ittraining.loc systemd[1]: Started dnf makecache.
-Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: Started Session 256 of user trainee.
+[root@redhat9 ~]# journalctl _COMM=
-Jun 03 13:14:01 centos8.ittraining.loc CROND[5391]: (trainee) CMD (/bin/pwd > pwd.txt)
+accounts-daemon  avahi-daemon     dbus-broker-lau  geoclue          httpd            lvm_scan         polkitd          sshd             systemd-journal  udisksd
-Jun 03 13:14:01 centos8.ittraining.loc systemd[1]: session-256.scope: Succeeded.
+at-spi2-registr  bootctl          dbus-daemon      gnome-session-b  irqbalance       ModemManager     realmd           su               systemd-logind   wireplumber
-Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: Started Session 257 of user trainee.
+auditctl         crond            dracut-cmdline   gnome-shell      iscsiadm         mtp-probe        rsyslogd         (systemd)        systemd-modules  wpa_supplicant
-Jun 03 13:15:01 centos8.ittraining.loc CROND[5407]: (trainee) CMD (/bin/pwd > pwd.txt)
+auditd           cupsd            fsck.xfs         gsd-media-keys   kdumpctl         NetworkManager   rtkit-daemon     systemd          systemd-udevd    xkbcomp
-Jun 03 13:15:01 centos8.ittraining.loc systemd[1]: session-257.scope: Succeeded.
+augenrules       dbus-broker      gdm-session-wor  gsd-sharing      lvm              packagekitd      spice-vdagent    systemd-hiberna  udevadm          Xwayland
-Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: Started Session 258 of user trainee.
-Jun 03 13:16:02 centos8.ittraining.loc CROND[5420]: (trainee) CMD (/bin/pwd > pwd.txt)
-Jun 03 13:16:02 centos8.ittraining.loc systemd[1]: session-258.scope: Succeeded.
-Jun 03 13:17:01 centos8.ittraining.loc systemd[1]: Started Session 259 of user trainee.
-Jun 03 13:17:01 centos8.ittraining.loc CROND[5436]: (trainee) CMD (/bin/pwd > pwd.txt)
-Jun 03 13:17:01 centos8.ittraining.loc systemd[1]: session-259.scope: Succeeded.
-Jun 03 13:17:19 centos8.ittraining.loc sshd[5439]: Accepted password for trainee from 10.0.2.2 port 39906 ssh2
-Jun 03 13:17:19 centos8.ittraining.loc systemd-logind[880]: New session 260 of user trainee.
-Jun 03 13:17:19 centos8.ittraining.loc systemd[1]: Started Session 260 of user trainee.
-Jun 03 13:17:19 centos8.ittraining.loc sshd[5439]: pam_unix(sshd:session): session opened for user trainee by (uid=0)
-Jun 03 13:17:34 centos8.ittraining.loc trainee[5470]: Linux est super
-Jun 03 13:17:34 centos8.ittraining.loc rsyslogd[1113]: imjournal: journal files changed, reloading...  [v8.1911.0-6.el8 try https://www.rsyslog.com/e/0 ]
-Jun 03 13:18:01 centos8.ittraining.loc systemd[1]: Started Session 261 of user trainee.
-Jun 03 13:18:01 centos8.ittraining.loc CROND[5481]: (trainee) CMD (/bin/pwd > pwd.txt)
-Jun 03 13:18:01 centos8.ittraining.loc systemd[1]: session-261.scope: Succeeded.
-^C
 </code>
-<WRAP center round important 60%>
+=====LAB #6 - Le Serveur d'Horloge=====
-**Important** : Notez la présence de la ligne **Jun 03 13:17:34 centos8.ittraining.loc trainee[5470]: Linux est super**.
+====6.1 - Introduction====
+Dans le cas d'un serveur de réseau, il est souvent important de maintenir l'heure de la machine à l'heure exacte pour des raisons de simplification de synchronisation avec des portables ou bien des systèmes de fichiers externes. Pour accomplir cette tâche, nous utilisons les services de serveurs de temps publics disponibles sur Internet sur lesquels nous synchronisons l'horloge de notre serveur. De même, les machines de notre réseau peuvent se synchroniser ensuite avec l'heure de notre serveur.
+Le protocole utilisé s'appelle **NTP **( **Network Time Protocol **) qui utilise le port **123**. Celui-ci, permet la synchronisation avec plusieurs serveurs publics. Les serveurs de temps de racine s'appellent des serveurs de **Strate 1**. En dessous se trouvent des serveurs de Strate 2, Strate 3 etc..
+<WRAP center round important>
+**Important** - La commande **ntpdate**, utilisée pour synchroniser l'horloge **sans** utiliser le démon **ntpd** est maintenant remplacée par l'option **-q** de la commande **ntp**. Lors de l'utilisation de **ntpdate**, le démon **ntpd** doit être arrêté. Si ntpdate constatait que l'erreur de l'horloge local était supérieur à 0,5 secondes, celle-ci appelait la routine **settimeofday()** tandis que si l'erreur était inférieur à 0,5 secondes, elle appelait la routine **adjtime()**.
 </WRAP>
-====5.7 - Consultation des Journaux avec des Mots Clefs===
+Linux utilise le fuseau d'horaire **UTC** (//Coordinated Universal Time//) en interne. Linux doit donc être capable de traduire entre l'UTC et l'heure locale et vice versa. Linux utilise le fichier **/etc/localtime** pour connaître l'heure locale :
-Pour consulter les mots clefs compris par Journald, tapez la commande **journalctl** puis appuyer **deux** fois sur la touche <key>Tab</key> :
+<code>
+[root@redhat9 ~]# ls -l /etc/localtime
+lrwxrwxrwx. 1 root root 34 Oct 19  2023 /etc/localtime -> ../usr/share/zoneinfo/Europe/Paris
+</code>
+Ce fichier peut être un fichier ordinaire ou bien un lien symbolique pointant vers un de sfichiers dans le répertoire **/usr/share/zoneinfo** :
 <code>
-[root@centos8 ~]# journalctl [tab] [tab]
+[root@redhat9 ~]# ls /usr/share/zoneinfo/
-_AUDIT_LOGINUID=              _HOSTNAME=                    NM_DEVICE=                    _SYSTEMD_SESSION=
+Africa      Asia       Canada   Cuba   EST      Factory  GMT+0      Hongkong  Iran         Japan              Libya   MST7MDT  Pacific   posixrules  ROC        tzdata.zi  UTC           zone.tab
-_AUDIT_SESSION=               INITRD_USEC=                  NM_LOG_DOMAINS=               _SYSTEMD_SLICE=
+America     Atlantic   CET      EET    EST5EDT  GB       GMT-0      HST       iso3166.tab  Kwajalein          MET     Navajo   Poland    PRC         ROK        UCT        WET           Zulu
-AVAILABLE=                    INVOCATION_ID=                NM_LOG_LEVEL=                 _SYSTEMD_UNIT=
+Antarctica  Australia  Chile    Egypt  Etc      GB-Eire  GMT0       Iceland   Israel       leapseconds        Mexico  NZ       Portugal  PST8PDT     Singapore  Universal  W-SU
-AVAILABLE_PRETTY=             JOB_ID=                       N_RESTARTS=                   _SYSTEMD_USER_SLICE=
+Arctic      Brazil     CST6CDT  Eire   Europe   GMT      Greenwich  Indian    Jamaica      leap-seconds.list  MST     NZ-CHAT  posix     right       Turkey     US         zone1970.tab
-_BOOT_ID=                     JOB_RESULT=                   _PID=                         _SYSTEMD_USER_UNIT=
-_CAP_EFFECTIVE=               JOB_TYPE=                     PRIORITY=                     TIMESTAMP_BOOTTIME=
-_CMDLINE=                     JOURNAL_NAME=                 SEAT_ID=                      TIMESTAMP_MONOTONIC=
-CODE_FILE=                    JOURNAL_PATH=                 _SELINUX_CONTEXT=             _TRANSPORT=
-CODE_FUNC=                    _KERNEL_DEVICE=               SESSION_ID=                   _UDEV_DEVNODE=
-CODE_LINE=                    _KERNEL_SUBSYSTEM=            _SOURCE_MONOTONIC_TIMESTAMP=  _UDEV_SYSNAME=
-_COMM=                        KERNEL_USEC=                  _SOURCE_REALTIME_TIMESTAMP=   _UID=
-CURRENT_USE=                  LEADER=                       SSSD_DOMAIN=                  UNIT=
-CURRENT_USE_PRETTY=           LIMIT=                        _STREAM_ID=                   USER_ID=
-DISK_AVAILABLE=               LIMIT_PRETTY=                 SYSLOG_FACILITY=              USER_INVOCATION_ID=
-DISK_AVAILABLE_PRETTY=        _MACHINE_ID=                  SYSLOG_IDENTIFIER=            USERSPACE_USEC=
-DISK_KEEP_FREE=               MAX_USE=                      SYSLOG_PID=                   USER_UNIT=
-DISK_KEEP_FREE_PRETTY=        MAX_USE_PRETTY=               _SYSTEMD_CGROUP=
-_EXE=                         MESSAGE=                      _SYSTEMD_INVOCATION_ID=
-_GID=                         MESSAGE_ID=                   _SYSTEMD_OWNER_UID=
 </code>
-Pour voir la liste des processus dont les traces sont inclus dans les journaux du mots clefs, tapez la commande journalctl suivi par le nom d'un mot clef puis appuyer deux fois sur la touche <key>Tab</key> :
+Pour connaître le fuseau d'horaire local, utilisez la commande **date** :
 <code>
-[root@centos8 ~]# journalctl _UID=
+[root@redhat9 ~]# date
-     1000  81    983   990   992   998
+Sat Sep 28 03:55:32 PM CEST 2024
-[root@centos8 ~]# journalctl _COMM=
-anacron          dbus-daemon      kdumpctl         NetworkManager   smartd           sssd_nss         systemd-hiberna
-auditd           dnf              logger           polkitd          sm-notify        su               systemd-journal
-augenrules       dnsmasq          login            rngd             sshd             (systemd)        systemd-logind
-chronyd          dracut-cmdline   lvm              rsyslogd         sssd             systemd          systemd-udevd
-crond            firewalld        netcf-transacti  sh               sssd_be          systemd-fsck
 </code>
+<WRAP center round important>
+**Important** - Vous pouvez consulter la liste des codes des zones à l'adresse **[[http://www.timeanddate.com/library/abbreviations/timezones/]]**.
+</WRAP>
+Le fuseau d'horaire peut être consulté en usilisant la commande **timedatectl** :
+<code>
+[root@redhat9 ~]# timedatectl
+               Local time: Sat 2024-09-28 15:57:01 CEST
+           Universal time: Sat 2024-09-28 13:57:01 UTC
+                 RTC time: Sat 2024-09-28 13:57:01
+                Time zone: Europe/Paris (CEST, +0200)
+System clock synchronized: no
+              NTP service: inactive
+          RTC in local TZ: no
+</code>
+La commande **timedatectl** peut être utilisée pour modifier le fuseau d'horaire en utilisant l'option **set-timezone** :
+<code>
+[root@redhat9 ~]# timedatectl set-timezone America/Phoenix
+[root@redhat9 ~]# timedatectl
+               Local time: Sat 2024-09-28 07:05:43 MST
+           Universal time: Sat 2024-09-28 14:05:43 UTC
+                 RTC time: Sat 2024-09-28 14:05:43
+                Time zone: America/Phoenix (MST, -0700)
+System clock synchronized: no
+              NTP service: inactive
+          RTC in local TZ: no
+[root@redhat9 ~]# timedatectl set-timezone Europe/Paris
+[root@redhat9 ~]# timedatectl
+               Local time: Sat 2024-09-28 16:06:35 CEST
+           Universal time: Sat 2024-09-28 14:06:35 UTC
+                 RTC time: Sat 2024-09-28 14:06:35
+                Time zone: Europe/Paris (CEST, +0200)
+System clock synchronized: no
+              NTP service: inactive
+          RTC in local TZ: no
+</code>
+L'option **set-time** de la commande **timedatectl** permet de modifier l'heure du système. Le format doit être **AAAA-MM-JJ hh:mm:ss**.
+Vous pouvez aussi modifier le fuseau d'horaire à l'aide de la commande **tzselect** :
+<code>
+[root@redhat9 ~]# tzselect
+Please identify a location so that time zone rules can be set correctly.
+Please select a continent, ocean, "coord", or "TZ".
+) Africa                                                            5) Atlantic Ocean                                                   9) Pacific Ocean
+) Americas                                                          6) Australia                                                       10) coord - I want to use geographical coordinates.
+) Antarctica                                                        7) Europe                                                          11) TZ - I want to specify the timezone using the Posix TZ format.
+) Asia                                                              8) Indian Ocean
+#? ^C
+</code>
+Il est est possible de modifier le fuseau d'horaire uniquement pour la session en cours et dans le shell courant :
+<code>
+[root@redhat9 ~]# date
+Sat Sep 28 03:59:46 PM CEST 2024
+[root@redhat9 ~]# export TZ=:/usr/share/zoneinfo/Europe/London
+[root@redhat9 ~]# date
+Sat Sep 28 02:59:54 PM BST 2024
+[root@redhat9 ~]# export TZ=:/usr/share/zoneinfo/Europe/Paris
+[root@redhat9 ~]# date
+Sat Sep 28 04:00:06 PM CEST 2024
+</code>
+====6.2 - Le Service chronyd====
+Sous RHEL 9, le serveur d'horloge n'est pas activé par défaut :
+<code>
+[root@redhat9 ~]# systemctl status chronyd
+○ chronyd.service - NTP client/server
+     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; disabled; preset: enabled)
+     Active: inactive (dead)
+       Docs: man:chronyd(8)
+             man:chrony.conf(5)
+</code>
+Pour activer ce serveur, utilisez l'option **set-ntp yes** de la commande **timedatectl** :
+<code>
+[root@redhat9 ~]# timedatectl set-ntp yes
+[root@redhat9 ~]# timedatectl
+               Local time: Sat 2024-09-28 16:53:46 CEST
+           Universal time: Sat 2024-09-28 14:53:46 UTC
+                 RTC time: Sat 2024-09-28 14:53:46
+                Time zone: Europe/Paris (CEST, +0200)
+System clock synchronized: yes
+              NTP service: active
+          RTC in local TZ: no
+</code>
+Vérifiez ensuite que le service **chronyd** est démarré :
+<code>
+[root@redhat9 ~]# systemctl status chronyd
+● chronyd.service - NTP client/server
+     Loaded: loaded (/usr/lib/systemd/system/chronyd.service; enabled; preset: enabled)
+     Active: active (running) since Sat 2024-09-28 16:53:41 CEST; 16s ago
+       Docs: man:chronyd(8)
+             man:chrony.conf(5)
+    Process: 2673 ExecStart=/usr/sbin/chronyd $OPTIONS (code=exited, status=0/SUCCESS)
+   Main PID: 2675 (chronyd)
+      Tasks: 1 (limit: 48800)
+     Memory: 1.3M
+        CPU: 45ms
+     CGroup: /system.slice/chronyd.service
+             └─2675 /usr/sbin/chronyd -F 2
+Sep 28 16:53:41 redhat9.ittraining.loc systemd[1]: Starting NTP client/server...
+Sep 28 16:53:41 redhat9.ittraining.loc chronyd[2675]: chronyd version 4.5 starting (+CMDMON +NTP +REFCLOCK +RTC +PRIVDROP +SCFILTER +SIGND +ASYNCDNS +NTS +SECHASH +IPV6 +DEBUG)
+Sep 28 16:53:41 redhat9.ittraining.loc chronyd[2675]: Loaded 0 symmetric keys
+Sep 28 16:53:41 redhat9.ittraining.loc chronyd[2675]: Using right/UTC timezone to obtain leap second data
+Sep 28 16:53:41 redhat9.ittraining.loc chronyd[2675]: Loaded seccomp filter (level 2)
+Sep 28 16:53:41 redhat9.ittraining.loc systemd[1]: Started NTP client/server.
+Sep 28 16:53:46 redhat9.ittraining.loc chronyd[2675]: Selected source 54.39.23.64 (2.rhel.pool.ntp.org)
+Sep 28 16:53:46 redhat9.ittraining.loc chronyd[2675]: System clock TAI offset set to 37 seconds
+</code>
+La commande **chronyc** permet de voir le statut de la synchronisation :
+<code>
+[root@redhat9 ~]# chronyc sources -v
+  .-- Source mode  '^' = server, '=' = peer, '#' = local clock.
+ / .- Source state '*' = current best, '+' = combined, '-' = not combined,
+| /             'x' = may be in error, '~' = too variable, '?' = unusable.
+||                                                 .- xxxx [ yyyy ] +/- zzzz
+||      Reachability register (octal) -.           |  xxxx = adjusted offset,
+||      Log2(Polling interval) --.      |          |  yyyy = measured offset,
+||                                \     |          |  zzzz = estimated error.
+||                                 |    |           \
+MS Name/IP address         Stratum Poll Reach LastRx Last sample
+===============================================================================
+^* 64.ip-54-39-23.net            3   7   377    54    +24us[  +35us] +/- 2831us
+^- rikku.vrillusions.com         4   7   377    55   -197us[ -186us] +/-   17ms
+^- rwhois.dargalsolutions.c>     2   7   377    59  -5891us[-5880us] +/-   68ms
+^- ntp.pawdesigns.ca             3   6   377    55    +38us[  +49us] +/-   74ms
+</code>
+====6.3 - Le Fichier /etc/chrony.conf====
+Le service **chronyd** maintient l'horloge matérielle locale (RTC), généralement inexacte, à la bonne heure en le synchronisant avec les serveurs NTP configurés. Si aucune connectivité réseau n'est disponible, chronyd
+calcule la dérive de l'horloge RTC, qui est enregistrée dans le fichier de dérive spécifié dans le fichier **/etc/chrony.conf**.
+Les serveurs NTP configurés sont : **pool 2.rhel.pool.ntp.org iburst**. L'option **iburst** implique qu'après le démarrage initial du service 4 requêtes sont formulées pour une synchronisation initiale plus exacte.
+Le protocole NTP utilise le port 123. Les serveurs de temps de racine s'appellent des serveurs de **Stratum 0**. En dessous se trouvent des serveurs de Stratum 1, Stratum 2, Stratum 3 etc..
+<code>
+[root@redhat9 ~]# cat /etc/chrony.conf
+# Use public servers from the pool.ntp.org project.
+# Please consider joining the pool (https://www.pool.ntp.org/join.html).
+pool 2.rhel.pool.ntp.org iburst
+# Use NTP servers from DHCP.
+sourcedir /run/chrony-dhcp
+# Record the rate at which the system clock gains/losses time.
+driftfile /var/lib/chrony/drift
+# Allow the system clock to be stepped in the first three updates
+# if its offset is larger than 1 second.
+makestep 1.0 3
+# Enable kernel synchronization of the real-time clock (RTC).
+rtcsync
+# Enable hardware timestamping on all interfaces that support it.
+#hwtimestamp *
+# Increase the minimum number of selectable sources required to adjust
+# the system clock.
+#minsources 2
+# Allow NTP client access from local network.
+#allow 192.168.0.0/16
+# Serve time even if not synchronized to a time source.
+#local stratum 10
+# Require authentication (nts or key option) for all NTP sources.
+#authselectmode require
+# Specify file containing keys for NTP authentication.
+keyfile /etc/chrony.keys
+# Save NTS keys and cookies.
+ntsdumpdir /var/lib/chrony
+# Insert/delete leap seconds by slewing instead of stepping.
+#leapsecmode slew
+# Get TAI-UTC offset and leap seconds from the system tz database.
+leapsectz right/UTC
+# Specify directory for log files.
+logdir /var/log/chrony
+# Select which information is logged.
+#log measurements statistics tracking
+</code>
 -----
 Copyright © 2024 Hugh Norris.

Piste : • DOF100 - Docker : Fondamentaux • LCF200 - CentOS 7 / RHEL 7 / Oracle Linux 7 : Administration Système • LRF400 - Administration de la Sécurité de Serveurs Linux • LDF900 - Présentation de la Formation • Linux (RHEL, Debian, Ubuntu and SLES) : System Administration • LCF600 - CentOS 8 Linux (RHEL 8) : System Administrator • PRO400 - Xamarin • workbook11 • LPI100 - Cursus - Certification LPIC-1 • Cloud Computing avec Denis Gaudare

Différences

Recherche

Imprimer/exporter

Menu