An Introduction to Logs for Newbies Pt.. 2
Posted 05-10-2013 at 02:11 PM by Nbiser
In An Introduction to Logs for Newbies: Pt. 1, I took a look at basic log accessing and monitoring.In this one we will take a look at some more advanced logging, but don't worry, you don't need a chainsaw!
First, we will take a look at searching logs using grep. If you want to look for an entry for, say, eth0, you would type:
This will show you all log entries relating to eth0, which will look somewhat like this:
Most of the time such searches can be quite overwhelming; indeed, you can't even read all of it in you terminal window! To get around this problem, you merely need to export your search to a text file like this:
This will export the output of grep to a .txt file for reading in a text editor such as nano.
To examine just the start of a file you can use the head command like this:
To view just the end of a log you can type:
If a log is stored in an out of the way place so that you can't find it you type:
or
(log was here used as an example.)
The most important logs that you can monitor are the security and system logs. Security logs give you updates on the security status on you system, thus giving you advance warning if hackers break into your system. The system log, on the other hand, gives you a break when it comes to finding problems with your system.
You should keep a careful eye on your logs to ensure that they don't consume the entire disk space......but that is a subject for the blog post entitled "Blogs for the Average Linux User." (just kidding)
First, we will take a look at searching logs using grep. If you want to look for an entry for, say, eth0, you would type:
Code:
grep eth0 /var/log/*
Code:
/var/log/warn:Apr 16 20:20:48 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 16 20:35:51 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 16 20:50:52 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 16 21:05:56 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 08:19:25 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 08:34:28 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 08:49:29 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 09:04:31 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 09:19:32 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 09:34:33 linux-vqbm dhcpcd[12907]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 09:49:30 linux-vqbm ifplugd(eth0)[6906]: client: eth0 device: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) /var/log/warn:Apr 17 09:49:36 linux-vqbm ifplugd(eth0)[6906]: client: eth0 device: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) /var/log/warn:Apr 17 09:49:52 linux-vqbm dhcpcd[21540]: eth0: Failed to lookup hostname via DNS: Temporary failure in name resolution /var/log/warn:Apr 17 11:54:02 linux-vqbm ifplugd(eth0)[6906]: client: eth0 device: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) /var/log/warn:Apr 17 11:54:16 linux-vqbm dhcpcd[32393]: eth0: Failed to lookup hostname via DNS: Temporary failure in name resolution /var/log/warn:Apr 17 11:54:24 linux-vqbm ifplugd(eth0)[6906]: client: Starting DHCP4+DHCP6 client on eth0. . . . . . . . /var/log/warn:Apr 17 11:54:24 linux-vqbm ifplugd(eth0)[6906]: client: eth0 IP address: 192.168.119.161/24 /var/log/warn:Apr 17 11:54:24 linux-vqbm ifplugd(eth0)[6906]: client: eth0 DHCP6 continues in background /var/log/warn:Apr 17 12:00:10 linux-vqbm ifplugd(eth0)[6906]: client: eth0 device: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) /var/log/warn:Apr 17 12:00:15 linux-vqbm ifplugd(eth0)[6906]: client: eth0 device: Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] (rev 10) /var/log/warn:Apr 17 12:00:21 linux-vqbm dhcpcd[2088]: eth0: Failed to lookup hostname via DNS: Name or service not known /var/log/warn:Apr 17 12:00:38 linux-vqbm ifplugd(eth0)[6906]: client: Starting DHCP4+DHCP6 client on eth0. . . . . . .
Code:
grep eth0 /var/log/* > log.txt
To examine just the start of a file you can use the head command like this:
Code:
head /var/log/messages
Code:
tail /var/log/messages
Code:
wheris log
Code:
find log
The most important logs that you can monitor are the security and system logs. Security logs give you updates on the security status on you system, thus giving you advance warning if hackers break into your system. The system log, on the other hand, gives you a break when it comes to finding problems with your system.
You should keep a careful eye on your logs to ensure that they don't consume the entire disk space......but that is a subject for the blog post entitled "Blogs for the Average Linux User." (just kidding)
Total Comments 0