UNIX Sysadmin Boot Camp: Your Logs and You

August 29, 2011

We're a few exercises into UNIX Sysadmin Boot Camp, and if you're keeping up, you've learned about SSH and bash. In those sessions, our focus was to tell the server what we wanted it to do. In this session, we're going to look at the logs of what the server has done.

Logs are like an overbearing mother who sneakily follows her teenage son around and writes down the addresses of each house he visits. When he realizes he lost a really important piece of baseball history at one of those houses, he'll be glad he has that list so he can go desperately search for the soon-to-be-noticed missing bat. Ahem.

MAKE BEST FRIENDS WITH THIS DIRECTORY: /var/log/

When something goes wrong – when there's hitch in the flux capacitor or too many gigawatts in the main reactor – your logs will be there to let you know what's going on, and you can pinpoint the error with educated vengeance. So treat your logs with respect.

One of the best places to start harnessing this logged goodness is /var/log/messages. This log file reports all general errors with network and media, among other things. As you add to and learn your server's command line environment, you'll see specific logs for applications as well, so it's a very good idea to keep a keen eye on these. They just might save your life ... or server.

Some of the most commonly used logs (may vary with different Linux distributions):

  • /var/log/message – General message- and system-related info
  • /var/log/cron.log – Cron job logs
  • /var/log/maillog – Mail server logs
  • /var/log/kern.log – Kernel logs
  • /var/log/httpd/ – Apache access and error logs
  • /var/log/boot.log – System boot logs
  • /var/log/mysqld.log – MySQL database server logs
  • /var/log/secure – SSH authentication logs
  • /var/log/auth.log – Authentication logs
  • /var/log/qmail/ – Qmail log directory (more files inside this directory)
  • /var/log/utmp or /var/log/wtmp – Login records file
  • /var/log/yum.log – Yum log files

There are plenty more in-depth logs – particularly involving raw system components – and others that act similarly to logs but are a bit more active like tcpdumps. Those are a little more advanced to interpret, so I'll save them for another guide and another day.

At this point in our UNIX workout series, you're familiar with the command line, you know the basics of how to tell your server what to do and you just learned how to let the server tell you what it's done. There's still a bit of work to be done before you can call yourself a UNIX ninja, but you're well on your way. In our next installment, we're going to take a step back and talk about p455w0rd5.

Keep learning.

-Ryan

Comments

August 29th, 2011 at 9:32am

Great post - Some useful information there! :)

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.

Comments

August 29th, 2011 at 9:32am

Great post - Some useful information there! :)

Leave a Reply

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • You can enable syntax highlighting of source code with the following tags: <pre>, <blockcode>, <bash>, <c>, <cpp>, <drupal5>, <drupal6>, <java>, <javascript>, <php>, <python>, <ruby>. The supported tag styles are: <foo>, [foo].
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
By submitting this form, you accept the Mollom privacy policy.