User Tools

Site Tools


log_analyses

If you want to send us your comments, please do so. Thanks
More on comments


Log analyses

See also our Log configuration page

System logs

lnavncurses-based log file viewer. Especially /var/log/syslog and /var/log/message
logcheckUseful if you are looking for issues which need attention. E-mails results
logwatchNot so useful if you are looking for issues. E-mails results

Login, logout log

The contents of btmp, utmp and wtmp can be analysed with the last command

last --system

shows all system boots (named “reboot system boot” in the log), shutdowns, crashes, (external (like over ssh)) logins, terminal (also tmux) logins

Crashes might also be system freezes. To be investigated
On our system (M_AMD) the logins all have the same date: Mon Apr 22. This occurs since the 11th of Februari 2021. So far we do not know what the cause is. When we do journalctl --list-boots we get one entry dated: Mon 2019-04-22 00:00:44 UTC—Wed 2021-04-07 12:20:15 UTC. If we run journalctl --boot we see only entrys dated Apr 22, Apr 6 and Apr 7 on today, Apr 7 2021. To be investigated

lastb

should show all bad login attempts. On our system this log is empty although there have been bad login attempts

Network logs

tcpspy

Run in debug mode

OptionDescription
-dDebug mode, no logging to syslog
-pLog the filename of the program that initiated the connection
-U userLog only for user user
-I intervalDefault 1000mS. Connections established and disconnected agian in this interval are not logged. Make interval small enough to log what jou want to log
-e 'rule'Log only connections matching rule
-f rulefileLog only connections matching the connections described in the rulefile file

Logged to syslog

Show to which servers a connection is made
192.168.1.4 is your host PC
192.168.1.1 is the router
The ….. 's represent any 5 digit portnumber

grep tcpspy /var/log/syslog | grep -Ev "local 192.168.1.4:....., remote 192.168.1.1:https" | grep " connect: " | cut -d " " -f 13 | uniq

Webserver logs

Analyser

GoAccess

Dokuwiki on Apache use the NCSA Combined Log Format


Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy

RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.

This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
log_analyses.txt · Last modified: 17-08-2023 12:15 by wim