1.9 KiB
Checking log files
The best way to see what a program is doing is to see what is in the logs for the particular program, by defaul logs are in the /var/log directory but they can also be in others as well
Common log locations
| Service | Log location | What is logged |
|---|---|---|
| Apache | /usr/local/apache/logs/error_log | Errors reported by Apache/PHP |
| Apache | /usr/local/apache/logs/stderr.log | Errors that are returned from STDERR |
| Exim | /var/log/mainlog | All connections and transactions for emails on the server |
| Dovecot | /var/log/maillog | All connections for incoming mail connections |
| lfd | /var/log/lfd.log | All firewall blocksk will be reported here along with the reason |
| ModSec | /usr/local/apache/modsec_audit.log | Any hits for the ModSec system will be logged here with the IP the rule and the data that triggered the rule |
Reading logs
You can read the log files using command line programs like cat and less, cat will just print the file to the terminal where less will open the file up in a pager, this allows for things like searching without closing the logs
You can open a log with something like less /var/log/mainlog this will allow you to read over the log and search for the information that you wanted
You can also use grep to filter the logs for the information that you are looking for see Grep Examples for some more information on doing this
If you wanted to watch the logs live as you are testing something you can use the tail -f command to watch the log in real time
Reading Archived logs
The Archived logs will usually be in a compressed gzip format with the date code and the .gz extenstion.
You can read these logs by either uncompressing them using gzip -d or you can use some handy versions of commands like cat and grep that are built to work with compression, these are zcat and zgrep