Step 1: Run the command su command with no usernme specified to try and switch to root. Purposely get the password wrong a few times. Do not actually switch your user, stay as yourname Step 2: Change directories to the /var/log/ directory and run the command sudo tail -n 10 secure. This will output the last 10 entries in the /var/log/secure log file. Paste a screenshot of the output you receive below. Question 1: Find one of the logs from your failed authentication attempts. Explain to the best of your knowledge what each component of the log means. Question 2: You will also see log messages for the command you ran in Step 2. Why was this command logged in the /var/log/secure file? Step 3: Logging is done through a service called rsyslogd. This service monitors the logs generated on, and sent to the system, and decides which file to place them in the /var/log/ directory. View the rsyslogd config file and see where these rules are listed. Navigate to the /etc/ directory and view the rsyslog.conf using less. Search to find the RULES section of the configuration file. Search in less is case sensitive. Take a screenshot when you find this section and paste it below. Step 4: Quit out of the file. Now use the command logger to manually send log messages to our log files. This command would be useful if you were to change any of the default locations of the log files that we saw in Step 3, wanted to test the functionality. We will add a log file entry that says Testing log message for yourname We will place this message in the boot.log file that is located in /var/log/boot.log To put this command in place enter logger -p local7.notice "Testing log message for yourname" Step 5: Use tail to see the last 5 lines of the boot.log file, and paste of screenshot showing the log message that you sent in Step 4. Step 6: The service rsyslogd stores very small bits of information about an incident to save space and to make it easy to spot issues. To see more information about these issues we need to use the systemd journal. The journal can be found in /run/log but is cleared upon restart by default. Look at the system journal using the command sudo journalctl. Step 7: As you probably noticed, viewing the entire system journal is not very friendly to read. You can sort through entries in the system journal by message type using the option -p on the journalci command. Use the man page for journalctl to figure out how to filter for errors using -p, and how to limit the number of messages you see to 3. Paste a screenshot below showing the command you ran and the output. Step 9: Accurate time is very important for log analysis. Logs with incorrect time stamps can make it extremely difficult to diagnose a problem, or figure out when an issue occured. To get information on your system and its time configuration run the command timedatecti Paste a screenshot of the output below. Step 10: If you needed to switch time zones after moving a server to a different office location you can check to see the available time zones using the command timedatect list-timezones Find the time zone for Chicago on this list. Use grep to find Chicago in the output. Make note of the name of this timezone, we will use it in the next step. Step 1: Run the command su command with no usernme specified to try and switch to root. Purposely get the password wrong a few times. Do not actually switch your user, stay as yourname Step 2: Change directories to the /var/log/ directory and run the command sudo tail -n 10 secure. This will output the last 10 entries in the /var/log/secure log file. Paste a screenshot of the output you receive below. Question 1: Find one of the logs from your failed authentication attempts. Explain to the best of your knowledge what each component of the log means. Question 2: You will also see log messages for the command you ran in Step 2. Why was this command logged in the /var/log/secure file? Step 3: Logging is done through a service called rsyslogd. This service monitors the logs generated on, and sent to the system, and decides which file to place them in the /var/log/ directory. View the rsyslogd config file and see where these rules are listed. Navigate to the /etc/ directory and view the rsyslog.conf using less. Search to find the RULES section of the configuration file. Search in less is case sensitive. Take a screenshot when you find this section and paste it below. Step 4: Quit out of the file. Now use the command logger to manually send log messages to our log files. This command would be useful if you were to change any of the default locations of the log files that we saw in Step 3, wanted to test the functionality. We will add a log file entry that says Testing log message for yourname We will place this message in the boot.log file that is located in /var/log/boot.log To put this command in place enter logger -p local7.notice "Testing log message for yourname" Step 5: Use tail to see the last 5 lines of the boot.log file, and paste of screenshot showing the log message that you sent in Step 4. Step 6: The service rsyslogd stores very small bits of information about an incident to save space and to make it easy to spot issues. To see more information about these issues we need to use the systemd journal. The journal can be found in /run/log but is cleared upon restart by default. Look at the system journal using the command sudo journalctl. Step 7: As you probably noticed, viewing the entire system journal is not very friendly to read. You can sort through entries in the system journal by message type using the option -p on the journalci command. Use the man page for journalctl to figure out how to filter for errors using -p, and how to limit the number of messages you see to 3. Paste a screenshot below showing the command you ran and the output. Step 9: Accurate time is very important for log analysis. Logs with incorrect time stamps can make it extremely difficult to diagnose a problem, or figure out when an issue occured. To get information on your system and its time configuration run the command timedatecti Paste a screenshot of the output below. Step 10: If you needed to switch time zones after moving a server to a different office location you can check to see the available time zones using the command timedatect list-timezones Find the time zone for Chicago on this list. Use grep to find Chicago in the output. Make note of the name of this timezone, we will use it in the next step