logo © 1996 Phil Waclawski
Felitaur Site
Offerings
About Me
Crafts
Services
ftp files
Help Files
What's New?
Home Page
Other Links
Anatomy &
Physiology
Arthropods
Biology
Computers
Ferrets
Fun Links
Internet
Linux
S.C.A.
Win 95/NT
Comments or
Suggestions
webmaster@ felitaur.com
   
Week 9 for CIS126DL Linux Course
Lecture Overview Index | Linux SysAdmin Homepage
Overview
Logs, Process Management, system tuning/monitoring

The following commands/programs will be used/discussed this week:

/var/log
ps -aux (-ef on solaris)
top
jobs
kill, kill -9 kill -l
sighup (kill -1) vs nohup
^z and &
bg fg
nice
grep sort uniq wc -l and awk -F '{print $1}'
/proc
rsyslog.conf (man rsyslog.conf)
/etc/logrotate.d
/etc/log.d/logwatch.conf(Need to do yum install logwatch first
tail -f
grep and grep -v (and the pipe | )
netstat, netstat -tupan, netstat -rn
hdparm -t and hdparm -I
hddtemp

Questions
Why is it important to monitor logs on your system?
What is kept in /var/log/messages? In secure? in xferlog?
Where are the apache log files?
You want to find all entries for a particular user in a log file (we'll say messages). How would you do it?
You want to find all the processes for a user, again, how?
If you do kill -l (L not 1) you get a list of different signals sent to programs. What is SIGHUP? SIGKILL? SIGTERM? Which is the default?
If you see a program set to a niceness of -19, why is that potentially bad? Why do you adjust the niceness anyhow?
What is rsyslog.conf? (man rsyslog.conf)
What is ryslog?
What files/directories control how logs rotate?
What information is kept in the /proc files?
How would you get a particular column of a log file to be the only thing printed?
For Apache, what is kept in the error_log? referrer_log? access_log? agent_log?
For true security, what should you do with your logs in a cron job?
Activities & Assignments

  1. yum install logwatch and check out the logwatch config
  2. Using ps and grep, find the commands being run by root. Then by nobody.
  3. Look through the messages log. What happens in the log when you su?
  4. Use tail -f /var/log/xferlog have a friend ftp to your IP address. What do you see?
  5. Have your classmate log into a user account you made for them using ssh -l username@IPADDRESS and see what shows up in /var/log/secure, /var/log/mesages, and netstat
Resources
Check out the various web page resources on the Linux System Administration home page.