Table of Contents
If you want to send us your comments, please do so. Thanks
More on comments
Log analyses
See also our Log configuration page
System logs
lnav | ncurses-based log file viewer. Especially /var/log/syslog and /var/log/message |
logcheck | Useful if you are looking for issues which need attention. E-mails results |
logwatch | Not so useful if you are looking for issues. E-mails results |
Login, logout log
The contents of btmp, utmp and wtmp can be analysed with the last command
last --system
shows all system boots (named “reboot system boot” in the log), shutdowns, crashes, (external (like over ssh)) logins, terminal (also tmux) logins
Crashes might also be system freezes. To be investigated
On our system (M_AMD) the logins all have the same date: Mon Apr 22. This occurs since the 11th of Februari 2021. So far we do not know what the cause is. When we do journalctl --list-boots we get one entry dated:
Mon 2019-04-22 00:00:44 UTC—Wed 2021-04-07 12:20:15 UTC. If we run journalctl --boot we see only entrys dated Apr 22, Apr 6 and Apr 7 on today, Apr 7 2021. To be investigated
lastb
should show all bad login attempts. On our system this log is empty although there have been bad login attempts
Network logs
tcpspy
Run in debug mode
Option | Description |
---|---|
-d | Debug mode, no logging to syslog |
-p | Log the filename of the program that initiated the connection |
-U user | Log only for user user |
-I interval | Default 1000mS. Connections established and disconnected agian in this interval are not logged. Make interval small enough to log what jou want to log |
-e 'rule' | Log only connections matching rule |
-f rulefile | Log only connections matching the connections described in the rulefile file |
Logged to syslog
Show to which servers a connection is made
192.168.1.4 is your host PC
192.168.1.1 is the router
The ….. 's represent any 5 digit portnumber
grep tcpspy /var/log/syslog | grep -Ev "local 192.168.1.4:....., remote 192.168.1.1:https" | grep " connect: " | cut -d " " -f 13 | uniq
Webserver logs
Analyser
GoAccess
Dokuwiki on Apache use the NCSA Combined Log Format
Main subjects on this wiki: Linux, Debian, HTML, Microcontrollers, Privacy
RSS
Disclaimer
Privacy statement
Bugs statement
Cookies
Copyright © : 2014 - 2024 Webevaluation.nl and the authors
Changes reserved.