Linux Logs
===========
/var/log/messages – Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.
/var/log/dmesg – Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the dmesg command.
/var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.
/var/log/boot.log – Contains information that are logged when the system boots
/var/log/daemon.log – Contains information logged by the various background daemons that runs on the system
/var/log/dpkg.log – Contains information that are logged when a package is installed or removed using dpkg command
/var/log/kern.log – Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
/var/log/lastlog – Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
/var/log/maillog /var/log/mail.log – Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
/var/log/user.log – Contains information about all user level logs
/var/log/Xorg.x.log – Log messages from the X
/var/log/alternatives.log – Information by the usepdate-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
/var/log/btmp – This file contains information about failed login attemps. Use the last command to view the btmp file. For example, “last -f /var/log/btmp | more”
/var/log/cups – All printer and printing related log messages
/var/log/anaconda.log – When you install Linux, all installation related messages are stored in this log file
/var/log/yum.log – Contains information that are logged when a package is installed using yum
/var/log/cron – Whenever cron daemon (or anacron) starts a cron job, it logs the information about the cron job in this file
/var/log/secure – Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
/var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
/var/log/faillog – Contains user failed login attemps. Use faillog command to display the content of this file.
Apart from the above log files, /var/log directory may also contain the following sub-directories depending on the application that is running on your system.
/var/log/httpd/ (or) /var/log/apache2 – Contains the apache web server access_log and error_log
/var/log/lighttpd/ – Contains light HTTPD access_log and error_log
/var/log/conman/ – Log files for ConMan client. conman connects remote consoles that are managed by conmand daemon.
/var/log/mail/ – This subdirectory contains additional logs from your mail server. For example, sendmail stores the collected mail statistics in /var/log/mail/statistics file
/var/log/prelink/ – prelink program modifies shared libraries and linked binaries to speed up the startup process. /var/log/prelink/prelink.log contains the information about the .so file that was modified by the prelink.
/var/log/audit/ – Contains logs information stored by the Linux audit daemon (auditd).
/var/log/setroubleshoot/ – SELinux uses setroubleshootd (SE Trouble Shoot Daemon) to notify about issues in the security context of files, and logs those information in this log file.
/var/log/samba/ – Contains log information stored by samba, which is used to connect Windows to Linux.
/var/log/sa/ – Contains the daily sar files that are collected by the sysstat package.
/var/log/sssd/ – Use by system security services daemon that manage access to remote directories and authentication mechanisms.
Monday, June 2, 2014
Tuesday, June 28, 2011
Linux network checks
#service xinetd restart
#rpcinfo -p
#/etc/init.d/rpc start //to restart RPC
check lan
#lspci
#mii-tool -v
NTP
===
#service ntpd status
#service ntpd restart
#ps -eaf |grep ntpd
Check network interface
===============
#ethtool eth0 / eth1 / eth2
cd /etc/sysconfig/network-scripts/
/etc/init.d/network restart
#mii-tool -v
#ethtool eth0
check MAC address
#ifconfig | grep HWaddr
#rpcinfo -p
#/etc/init.d/rpc start //to restart RPC
check lan
#lspci
#mii-tool -v
NTP
===
#service ntpd status
#service ntpd restart
#ps -eaf |grep ntpd
Check network interface
===============
#ethtool eth0 / eth1 / eth2
cd /etc/sysconfig/network-scripts/
/etc/init.d/network restart
#mii-tool -v
#ethtool eth0
check MAC address
#ifconfig | grep HWaddr
Linux boot process
Boot process
1) BIOS
2) Master Boot Record (MBR)
3) LILO or GRUB
LILO has no interactive command interface, whereas GRUB does.
* LILO does not support booting from a network, whereas GRUB does.
* LILO stores information regarding the location of the operating systems it can to load physically on the MBR. If you change your LILO config file, you have to rewrite the LILO stage one boot loader to the MBR. Compared with GRUB, this is a much more risky option since a misconfigured MBR could leave the system unbootable. With GRUB, if the configuration file is configured incorrectly, it will simply default to the GRUB command-line interface.
4) Kernel
5) init
6) Run Levels
1) BIOS
Load boot sector from one of:
Floppy
CDROM
Hard drive
The boot order can be changed from within the BIOS. BIOS setup can be entered by pressing a key during boot up. The exact key depends varies, but is often one of Del, F1, F2, or F10.
2)(DOS) Master Boot Record (MBR)
DOS in the context includes MS-DOS, Win95, and Win98.
BIOS loads and execute the first 512 bytes off the disk (/dev/hda)
Standard DOS MBR will:
look for a primary partition (/dev/hda1-4) marked bootable
load and execute first 512 bytes of this partition
can be restored with fdisk /mbr from DOS
3) LILO
does not understand filesystems
code and kernel image to be loaded is stored as raw disk offsets
uses the BIOS routines to load
Loading sequence
load menu code, typically /boot/boot.b
prompt for (or timeout to default) partition or kernel
for "image=" (ie Linux) option load kernel image
for "other=" (ie DOS) option load first 512 bytes of the partition
Reconfiguring LILO
One minute guide to installing a new kernel
copy kernel image (bzImage) and modules to /boot and /lib/modules
edit /etc/lilo.conf
duplicate image= section, eg:
image=/bzImage-2.4.14
label=14
read-only
man lilo.conf for details.Click here for manpage of lilo.conf
run /sbin/lilo
reboot to test
GRUB
Understands file systems
config lives in /boot/grub/menu.lst or /boot/boot/menu.lst
4)Kernel
initialise devices
(optionally loads initrd, see below)
mounts root filesystem
specified by lilo or loadin with root= parameter
kernel prints: VFS: Mounted root (ext2 filesystem) readonly.
runs /sbin/init which is process number 1 (PID=1)
init prints: INIT: version 2.76 booting
can be changed with boot= parameter to lilo, eg boot=/bin/sh can be useful to rescue a system which is having trouble booting.
initrd
Allows setup to be performed before root FS is mounted
lilo or loadlin loads ram disk image
kernel runs /linuxrc
load modules
initialise devices
/linuxrc exits
"real" root is mounted
kernel runs /sbin/init
Details in /usr/src/linux/Documentation/initrd.txt (part of the kernel source).
5) /sbin/init
reads /etc/inittab (see man inittab which specifies the scripts below for manpage click here)
Run boot scripts:
debian: run /etc/init.d/rcS which runs:
/etc/rcS.d/S* scripts
/etc/rc.boot/* (depreciated)
run programs specified in /etc/inittab
6)Run Levels
0 halt
1 single user
2 Full Multi-User mode (default)
3-5 Same as 2
6 Reboot
Default is defined in /etc/inittab, eg:
id:3:initdefault:
The current runlevel can be changed by running /sbin/telinit # where # is the new runlevel, eg typing telinit 6 will reboot.
Run Level programs
Scripts in /etc/rc*.d/* are symlinks to /etc/init.d
Scripts prefixed with S will be started when the runlevel is entered, eg /etc/rc5.d/S99xdm
Scripts prefixed with K will be killed when the runlevel is entered, eg /etc/rc6.d/K20apache
X11 login screen is typically started by one of S99xdm, S99kdm, or S99gdm.
Run programs for specified run level
/etc/inittab lines:
1:2345:respawn:/sbin/getty 9600 tty1
Always running in runlevels 2, 3, 4, or 5
Displays login on console (tty1)
2:234:respawn:/sbin/getty 9600 tty2
Always running in runlevels 2, 3, or 4
Displays login on console (tty2)
l3:3:wait:/etc/init.d/rc 3
Run once when switching to runlevel 3.
Uses scripts stored in /etc/rc3.d/
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
Run when control-alt-d
1) BIOS
2) Master Boot Record (MBR)
3) LILO or GRUB
LILO has no interactive command interface, whereas GRUB does.
* LILO does not support booting from a network, whereas GRUB does.
* LILO stores information regarding the location of the operating systems it can to load physically on the MBR. If you change your LILO config file, you have to rewrite the LILO stage one boot loader to the MBR. Compared with GRUB, this is a much more risky option since a misconfigured MBR could leave the system unbootable. With GRUB, if the configuration file is configured incorrectly, it will simply default to the GRUB command-line interface.
4) Kernel
5) init
6) Run Levels
1) BIOS
Load boot sector from one of:
Floppy
CDROM
Hard drive
The boot order can be changed from within the BIOS. BIOS setup can be entered by pressing a key during boot up. The exact key depends varies, but is often one of Del, F1, F2, or F10.
2)(DOS) Master Boot Record (MBR)
DOS in the context includes MS-DOS, Win95, and Win98.
BIOS loads and execute the first 512 bytes off the disk (/dev/hda)
Standard DOS MBR will:
look for a primary partition (/dev/hda1-4) marked bootable
load and execute first 512 bytes of this partition
can be restored with fdisk /mbr from DOS
3) LILO
does not understand filesystems
code and kernel image to be loaded is stored as raw disk offsets
uses the BIOS routines to load
Loading sequence
load menu code, typically /boot/boot.b
prompt for (or timeout to default) partition or kernel
for "image=" (ie Linux) option load kernel image
for "other=" (ie DOS) option load first 512 bytes of the partition
Reconfiguring LILO
One minute guide to installing a new kernel
copy kernel image (bzImage) and modules to /boot and /lib/modules
edit /etc/lilo.conf
duplicate image= section, eg:
image=/bzImage-2.4.14
label=14
read-only
man lilo.conf for details.Click here for manpage of lilo.conf
run /sbin/lilo
reboot to test
GRUB
Understands file systems
config lives in /boot/grub/menu.lst or /boot/boot/menu.lst
4)Kernel
initialise devices
(optionally loads initrd, see below)
mounts root filesystem
specified by lilo or loadin with root= parameter
kernel prints: VFS: Mounted root (ext2 filesystem) readonly.
runs /sbin/init which is process number 1 (PID=1)
init prints: INIT: version 2.76 booting
can be changed with boot= parameter to lilo, eg boot=/bin/sh can be useful to rescue a system which is having trouble booting.
initrd
Allows setup to be performed before root FS is mounted
lilo or loadlin loads ram disk image
kernel runs /linuxrc
load modules
initialise devices
/linuxrc exits
"real" root is mounted
kernel runs /sbin/init
Details in /usr/src/linux/Documentation/initrd.txt (part of the kernel source).
5) /sbin/init
reads /etc/inittab (see man inittab which specifies the scripts below for manpage click here)
Run boot scripts:
debian: run /etc/init.d/rcS which runs:
/etc/rcS.d/S* scripts
/etc/rc.boot/* (depreciated)
run programs specified in /etc/inittab
6)Run Levels
0 halt
1 single user
2 Full Multi-User mode (default)
3-5 Same as 2
6 Reboot
Default is defined in /etc/inittab, eg:
id:3:initdefault:
The current runlevel can be changed by running /sbin/telinit # where # is the new runlevel, eg typing telinit 6 will reboot.
Run Level programs
Scripts in /etc/rc*.d/* are symlinks to /etc/init.d
Scripts prefixed with S will be started when the runlevel is entered, eg /etc/rc5.d/S99xdm
Scripts prefixed with K will be killed when the runlevel is entered, eg /etc/rc6.d/K20apache
X11 login screen is typically started by one of S99xdm, S99kdm, or S99gdm.
Run programs for specified run level
/etc/inittab lines:
1:2345:respawn:/sbin/getty 9600 tty1
Always running in runlevels 2, 3, 4, or 5
Displays login on console (tty1)
2:234:respawn:/sbin/getty 9600 tty2
Always running in runlevels 2, 3, or 4
Displays login on console (tty2)
l3:3:wait:/etc/init.d/rc 3
Run once when switching to runlevel 3.
Uses scripts stored in /etc/rc3.d/
ca:12345:ctrlaltdel:/sbin/shutdown -t1 -a -r now
Run when control-alt-d
Semaphores in Linux
check semaphores.
==============
# /sbin/sysctl -a | grep sem
# more /etc/sysctl.conf
# cat /proc/sys/kernel/sem
to modify semaphores.
==================
# /sbin/sysctl -w kernel.sem=300
then update
# /etc/sysctl.conf ....so it takes effect after reboot.
OR
#sysctl -p //will update the new semaphore values after new value inserted w/o reboot
==============
# /sbin/sysctl -a | grep sem
# more /etc/sysctl.conf
# cat /proc/sys/kernel/sem
to modify semaphores.
==================
# /sbin/sysctl -w kernel.sem=300
then update
# /etc/sysctl.conf ....so it takes effect after reboot.
OR
#sysctl -p //will update the new semaphore values after new value inserted w/o reboot
CPU and Memory usage in Linux
check cpu usage.
=================
# mpstat -P ALL
check top memory usage
================
UNIX95= ps -eo vsz,comm | sed 1d | sort -rn | head -20
UNIX95= ps -ef -o pcpu,pid,ppid,ruser,args | sort -nk1
# ps aux | awk '{if ($5 != 0 ) print $2,$5,$6,$11}' | sort -k2n
SWAP
# free | grep -i swap | tr -d [A-z],\:,\+,\=,\-,\/, | awk '{print"Swap free: "($3)/($1)*100"%"}'
=================
# mpstat -P ALL
check top memory usage
================
UNIX95= ps -eo vsz,comm | sed 1d | sort -rn | head -20
UNIX95= ps -ef -o pcpu,pid,ppid,ruser,args | sort -nk1
# ps aux | awk '{if ($5 != 0 ) print $2,$5,$6,$11}' | sort -k2n
SWAP
# free | grep -i swap | tr -d [A-z],\:,\+,\=,\-,\/, | awk '{print"Swap free: "($3)/($1)*100"%"}'
Serviceguard on Linux essential commands
cmruncl -v - start entire cluster
cmhaltcl - stop entire cluster
cmviewcl - check status of cluster
cmrunnode -v nodename - start a single node
cmhaltnode -f -v nodename - stop a node
cmgetconf -C config_name - get current configuration
cmrunpkg -n nodename package_name - start package on node
cmmodpkg -e package_name - enable switching
cmhaltpkg package_name - stop package
cmhaltcl - stop entire cluster
cmviewcl - check status of cluster
cmrunnode -v nodename - start a single node
cmhaltnode -f -v nodename - stop a node
cmgetconf -C config_name - get current configuration
cmrunpkg -n nodename package_name - start package on node
cmmodpkg -e package_name - enable switching
cmhaltpkg package_name - stop package
Remove VG and LV in Linux LVM
Remove VG and LV
[root@atlsdbal003b tempback]# df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/tempvg-tempvol
984G 89G 846G 10% /tempback
#umount /tempback
#vgdisplay /dev/mapper/tempvg
# lvchange -an /dev/mapper/tempvg-tempvol
# lvremove /dev/mapper/tempvg-tempvol
# vgdisplay /dev/mapper/tempvg
# vgremove /dev/mapper/tempvg
[root@atlsdbal003b tempback]# df -h .
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/tempvg-tempvol
984G 89G 846G 10% /tempback
#umount /tempback
#vgdisplay /dev/mapper/tempvg
# lvchange -an /dev/mapper/tempvg-tempvol
# lvremove /dev/mapper/tempvg-tempvol
# vgdisplay /dev/mapper/tempvg
# vgremove /dev/mapper/tempvg
Subscribe to:
Posts (Atom)