Operating system records stored for administrators are called Linux log files. They are used by specialists to monitor important events that occur during the operation of Ubuntu Virtual Private Server. We will tell you how important it is to monitor logs so as not to miss failures and errors in the VPS operation.
Important: Linux logs contain all the important information about the operation of the kernel, all services, and applications.
What is Linux file log monitoring for?
The server administrator needs to view reports to get information about the operation of the server itself and the software, the security and performance of the server, and errors. Regular monitoring of this information is the direct responsibility of the specialist who manages the server. The data obtained makes it possible to implement a proactive policy regarding server management. In simple words, the analysis of log files allows you to anticipate failures until the moment when they happen.
Which log files should definitely be monitored?
For the Linux operating system, log files are stored in a centralized repository. The directory of entries is called /var/log. The reporting files created by the server environment can be divided into the following categories:
- application logs;
- event logs;
- service files;
- system reports.
It should be understood that there are a lot of Linux service files. It is quite difficult to keep track of logs regularly. Therefore, it is important to focus on information of paramount importance. We offer you a list of the most important logs.
Important: The list below is not final. The more data you can track, the more useful it will be for your server. But the proposed minimum is subject to mandatory monitoring.
/var/log/messages
What information is saved? Information messages about system activity are stored in the log.
How will these logs be useful to me? Track download errors, and non-critical errors in the operation of applications. Experienced administrators check this log first if something goes wrong. For example, if the video card fails, it is important to make sure that there was no failure at the system startup.
/var/log/auth.log
What information is saved? The log logs data about user authentication on the Ubuntu server.
How will these logs be useful to me? If you are unsure of the security system, allow unauthorized access, log attempts to log in through a brute force attack, examine the log files. All the data will be in front of you in the palm of your hand.
/var/log/secure
What information is saved? The log stores security-related data, such as SSH logins.
How will these logs be useful to me? Hacking attempts, unauthorized access, attacks – the log stores files about such facts. It also stores data about successful logins and user actions.
/var/log/boot.log
What information is saved? This is where the database on the boot and startup processes of the system is concentrated.
How will these logs be useful to me? The data will allow you to track incorrect shutdowns, unscheduled reboots, and boot failures. It also stores information about system downtime caused by errors and forced shutdown.
/var/log/dmesg
What information is saved? It stores information about hardware devices and their installation files, the status of additional equipment.
How will these logs be useful to me? The log stores data about the incorrect operation of additional equipment.
/var/log/kern.log
What information is saved? Information related to the operation of the kernel is stored here.
How will these logs be useful to me? The log is useful for detecting problems in the kernel.
/var/log/faillog
What information is saved? Here the administrator will find data about failed login attempts.
How will the log be useful to me? Here you will find data about attempts to violate security – hacking of the user’s personal data or a brute force attack.
/var/log/cron
What information is saved? Here is the data about cron tasks.
How will the log be useful to me? When a cron job is executed, the data is written to the log. These are both successful and unsuccessful processes.
/var/log/yum.log
What information is saved? The log logs the installation of a new package via the yum command.
How will the log be useful to me? System data helps to control the installation of software packages. The administrator will find messages about the correctness of the software installation. For example, if the server is not working correctly, make sure that the recent installation of programs was correct.
/var/log/mail.log
What information is saved? The database of the mail server operation is stored here.
How will the log be useful to me? The files that are stored here contain information about all the mail server services that ensure the operation of email. The database saves emails for a specific period of time, fixes problems with their delivery, about spam.
var/log/httpd/
What information is saved? The log stores error_log and access_log files recorded by the Apache server.
How will the log be useful to me? The error_log file logs httpd error messages that occur when processing httpd requests. The access_log file records access requests sent over HTTP, the IP address of all users sending a request to connect to the server, and the status of requests.
/var/log/mysql.log
What information is saved? MySQL data is stored in this log – information on debugging and errors of the [mysqld] and [mysqld_safe] daemon.
How will the log be useful to me? If there is a problem with loading, stopping, or mysqld problems, you will find the necessary information in this log. The file registers all client connections to the MySQL database.
Resume
Do not ignore the analysis of logs, as the information stored in them allows you to manage the server ahead of time. If it is difficult to monitor log files manually, you can always use the log tracking tool. This will make it possible to carry out control and analysis quickly. For example, you can install the Nagios Log Server software. It will allow you to manage VPS logs. Set up alerts that will inform you about the occurrence of potential threats.
You can also always rent a managed virtual private server. This type of hosting provides that the administrator’s duties will be assumed by the provider’s technical support specialists.