Changing Log Files Location In RHEL

Log files often help System Administrators in finding out important information about System related issues.

In RHEL there are a lot of log files under /var/log like messages ,maillog,faillog,cups and cron etc.

Here we will discuss how can we decide the location of log files and forward appropriate messages to these locations.

In RHEL /etc/syslog.conf is the file responsible for deciding log file location.Open this file and you’ll see it. syslogd is the daemon associated with it and after every change you made to this file you need to restart this daemon.

Now you can make entry in this file as we have done in following examples:

mail.err   /var/log/mailerr will redirect mail error messages to /var/log/mailerr.
*.crit    /var/log/critical will redirect all critical messages to /var/log/critical.
kern.* @viny.example.com   will send all kernel messages to a remote host viny.example.com

The first part in this example is known as Facility and the second is called Priority. Following are some important facilities you can use:

authpriv-Security/authorization messages
cron
kern-kernel messages
lpr-Line printer messages
mail-Mail messages
syslog-Syslog internal messages

Lock User Accounts After Failed Login

Open /etc/pam.d/system-auth file.

Now write these lines just above the line stating auth sufficient pam_unix.so:

auth required pam_tally2.so onerr=fail deny=3

account  required   pam_tally2.so reset

Now the account will be locked after three failed login attempts.

There are various other options you can use like:

unlock_time=100 will unlock the account after 100 seconds.

You can use any value for unlock_time field.

If you don’t use this parameter then you’ll have to manually unlock a locked account using
# pam_tally2 -r -u username command.

lock_time=100 will lock the account for 100 seconds after failed attempts to login.

no_magic_root will avoid locking root account.