Using log files is critical to monitoring the Operating System and troubleshooting any problems. CentOS 7 has built in syslog that is used to build your log files.
What Logs Does Syslog Generate?
- /var/log is the directory that you can find any logs generated by the syslog in this directory
- /var/log/messages stores all of the syslog messages other than the ones mentioned below.
- /var/log/secure stores authentication and security related messages and errors. This also keeps track of authentication requests.
- /var/log/maillog is where you can find mail related messages. This also keeps track of email error messages.
- /var/log/cron contains files that are kept for automated tasks
- /var/log/boot.log has system startup logfiles
What Should I Monitor Logs?
If something goes wrong with your VPS, the first place you will want to look is /var/log/messages to determine if there are any critical errors.
It is always wise to check /var/log/secure to ensure that logins are being monitored. Having a piece of mind that you have not been brute force attacked, a username and password has been compromised or finding any failed login attempts are highly suggested to consistently monitor. This should be the first place to look if you find any malicious files or suspicous files on your server so you can identify right away that only trusted users have authenticated to your server.
/var/log/secure can be used to review any ssh login activity and errors logged by the system security daemon.
If there are problems with your server being shutdown, or if you are having an issue booting up your server, /var/log/boot.log can help you determine the duration of unplanned downtime.
Automation is used frequently and to ensure your system is able to continue automation, checking the /var/log/cron can confirm that any planned execution is going as scheduled.
Mail being sent from your server is important to monitor and can be investigated further by monitoring /var/log/maillog frequently.
Sometimes, just knowing where to look is half the battle, and this guide is intended to lead you in the right direction to monitor your logs frequently and actively.
- Nagios – Utilize a monitoring service such as Nagios to be alerted of messages from your logs.