Troubleshooting Using Logs (CentOS 7)

Using log files is critical to monitoring the Operating System and troubleshooting any problems. CentOS 7 has built in syslog that is used to build your log files.

 

What Logs Does Syslog Generate?

 

  • /var/log  is the directory that you can find any logs generated by the syslog in this directory
  • /var/log/messages  stores all of the syslog messages other than the ones mentioned below.
  • /var/log/secure  stores authentication and security related messages and errors. This also keeps track of authentication requests.
  • /var/log/maillog  is where you can find mail related messages. This also keeps track of email error messages.
  • /var/log/cron  contains files that are kept for automated tasks
  • /var/log/boot.log  has system startup logfiles

 

What Should I Monitor Logs?

 

If something goes wrong with your VPS, the first place you will want to look is /var/log/messages  to determine if there are any critical errors. 

It is always wise to check /var/log/secure  to ensure that logins are being monitored. Having a piece of mind that you have not been brute force attacked, a username and password has been compromised or finding any failed login attempts are highly suggested to consistently monitor. This should be the first place to look if you find any malicious files or suspicous files on your server so you can identify right away that only trusted users have authenticated to your server.

/var/log/secure  can be used to review any ssh login activity and errors logged by the system security daemon. 

If there are problems with your server being shutdown, or if you are having an issue booting up your server, /var/log/boot.log  can help you determine the duration of unplanned downtime.

Automation is used frequently and to ensure your system is able to continue automation, checking the /var/log/cron  can confirm that any planned execution is going as scheduled. 

Mail being sent from your server is important to monitor and can be investigated further by monitoring /var/log/maillog  frequently. 

Sometimes, just knowing where to look is half the battle, and this guide is intended to lead you in the right direction to monitor your logs frequently and actively. 

 

Related Articles

 


Related Resources

 

  • Nagios – Utilize a monitoring service such as Nagios to be alerted of messages from your logs.

 


Share:

Leave a Reply