diff --git a/docs/Linux/shellbasics.md b/docs/Linux/shellbasics.md index f3c1838..81e0f45 100644 --- a/docs/Linux/shellbasics.md +++ b/docs/Linux/shellbasics.md @@ -1,8 +1,6 @@ # Basics - -Basics of the Linux Shell - +Basics of how the linux shell can be used to interact with programs ## Streams @@ -17,7 +15,7 @@ STREAM ID STREAM NAME STREAM USE 2 STDERR Used to receive errors from the program ``` -#### Standard Input +### Standard Input Standard input is how we send input to an program it is also how we interact with the command line shell (Usually [`bash`](/Linux/bash.md)) @@ -27,15 +25,15 @@ The STDIN stream can also be refrenced by the '-' char in a command line program One thing that makes the linux command line so powerfull is the suite of commands that is provided all work using STDIN, STDOUT and STDERR you can pipe information from one stream to another (i.e the STDOUT from one program can be in STDIN to another) -### Input Redirection +#### Input Redirection You can use redirection to send information to a program using the '<' symbol i.e `cat < file` this will push the contents of 'file' to cat using STDIN -#### Standard Output +### Standard Output Standard output is how we get the output from a program, usually this is printed directly to the terminal -### Output Redirection +#### Output Redirection You can redirect the STDOUT of a program is a few ways you can use the '>' symbol to push the information from the programs output and saves it in a file for example `ls > filelist` will take the output of ls and saves it in the filelist file @@ -43,18 +41,18 @@ You can also redirect the STDOUT of one program to another programs STDIN using For example you can use `ls -alh | grep filename` this will list the files in the current directory and then passes the STDOUT to the STDIN for grep, this causes grep to use the output of ls as the input data to work with so the output of ls is searched for the string 'filename' -#### Standard Error +### Standard Error Standard error is how error messages are sent between programs or displayed to the user As this is a different to STDOUT you will still get output to the terminal if you redirect using the '>' symbol -### Error Redirection +#### Error Redirection Errors can be redirected using the following '2>' this specifies the stream to redirect and the direction For example you can redirect errors of an program to an error log file using '2> error.log' so a command that uses this would look like `find / -name "filename" 2> errors.log` this would make an error.log in the directory you are in and save the errors in a log and show the results from STDOUT on the screen (In this example the errors that you would see are `Permission Denied` errors) -#### More redirection tips +### More redirection tips You can do quite a bit with piping and redirection, using these basics you will be able to do quite a bit in the bash shell I have created some examples both to show how programs can work together and provide some real world examples on what it can be used for [here](/examples/redirection) diff --git a/docs/Troubleshooting/checkinglogs.md b/docs/Troubleshooting/checkinglogs.md new file mode 100644 index 0000000..faef9cd --- /dev/null +++ b/docs/Troubleshooting/checkinglogs.md @@ -0,0 +1,30 @@ +# Checking log files + +The best way to see what a program is doing is to see what is in the logs for the particular program, by defaul logs are in the `/var/log` directory but they can also be in others as well + +## Common log locations + +| Service | Log location | What is logged | +|---------|--------------|----------------| +| Apache | /usr/local/apache/logs/error_log | Errors reported by Apache/PHP | +| Apache | /usr/local/apache/logs/stderr.log | Errors that are returned from STDERR | +| Exim | /var/log/mainlog | All connections and transactions for emails on the server | +| Dovecot | /var/log/maillog | All connections for incoming mail connections | +| lfd | /var/log/lfd.log | All firewall blocksk will be reported here along with the reason | +| ModSec | /usr/local/apache/modsec_audit.log | Any hits for the ModSec system will be logged here with the IP the rule and the data that triggered the rule | + +## Reading logs + +You can read the log files using command line programs like `cat` and `less`, cat will just print the file to the terminal where less will open the file up in a [pager](/Commands/pagers), this allows for things like searching without closing the logs + +You can open a log with something like `less /var/log/mainlog` this will allow you to read over the log and search for the information that you wanted + +You can also use `grep` to filter the logs for the information that you are looking for see [Grep Examples](/Examples/grep) for some more information on doing this + +If you wanted to watch the logs live as you are testing something you can use the `tail -f` command to watch the log in real time + +## Reading Archived logs + +The Archived logs will usually be in a compressed gzip format with the date code and the .gz extenstion. + +You can read these logs by either uncompressing them using `gzip -d` or you can use some handy versions of commands like `cat` and `grep` that are built to work with compression, these are `zcat` and `zgrep` \ No newline at end of file diff --git a/docs/Troubleshooting/connections.md b/docs/Troubleshooting/connections.md index a5d90bc..bdb3c8b 100644 --- a/docs/Troubleshooting/connections.md +++ b/docs/Troubleshooting/connections.md @@ -14,10 +14,10 @@ In these situations we will usually see a high connection count for certain serv * POP3 (Incoming Email Service) * FTP (File Transport Service) -##HTTP +## HTTP Finding IP addresses connecting to HTTP is quite easy, all you should need to do is tail access logs to find the IP addresses You can use a command like `tail -f /home/*/access-logs/* | awk '{print $1}'` to get a live update on connections via HTTP/HTTPS on the server. [For more information on the commands used click here](/Commands/commands.md) *__Note: This will only check sites in /home__* -##SMTP \ No newline at end of file +## SMTP \ No newline at end of file diff --git a/docs/examples/dns.md b/docs/examples/dns.md deleted file mode 100644 index e69de29..0000000 diff --git a/docs/index.md b/docs/index.md index 071f658..6e4ab20 100644 --- a/docs/index.md +++ b/docs/index.md @@ -12,6 +12,13 @@ This is a compendium of all the useless facts, tips, tricks and commands that I ------------------------------------ -[Linux Shell Basics](/Linux/shellbasics) +- Linux + - [Linux Shell Basics](/Linux/shellbasics) + - [Scripting](/Linux/scripting) [Commands](/Commands/commands) + +- Troubleshooting + - [Common DNS Issues](/Troubleshooting/dns) + - [Server Connections](/Troubleshooting/connections) + - [Checking logs](/Troubleshooting/checkinglogs) \ No newline at end of file