8.2. Log FilesMost of the services running on your LAMP server will keep logs of their activities, usually in the form of text files in the /var/log directory. Services can either log their outputs in the system log /var/log/messages, or in specific logs kept for individual services. Some of the logs that you may find useful include:
All of these logs are presented as plain text files . You don't need to use the GUI tool to view them: use the following simple command to view the logs in a terminal. [root@swinetrek kermit]# cat /var/log/messages Oct 11 06:14:59 swinetrek syslogd 1.4.1: restart. Oct 11 06:14:59 swinetrek kernel: klogd 1.4.1, log source = /proc/kmsg started. Oct 11 06:14:59 swinetrek kernel: Linux version 2.6.11-1.1369_FC4 (bhcompile@decompose.build.redhat.com) (gcc version 4.0.0 20050525 (Red Hat 4.0.0-9)) #1 Thu Jun 2 22:55:56 EDT 2005 Oct 11 06:14:59 swinetrek kernel: BIOS-provided physical RAM map: Oct 11 06:14:59 swinetrek kernel: BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) Oct 11 06:14:59 swinetrek kernel: BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) … Oct 17 21:01:10 swinetrek sshd(pam_unix)[2898]: session closed for user kermit Oct 17 21:16:15 swinetrek su(pam_unix)[2605]: session closed for user root Oct 17 21:16:21 swinetrek su(pam_unix)[3060]: session opened for user root by (uid=500) [root@swinetrek kermit]# The text-based nature of logs is very useful when you're using SSH connections to other machines; you can view their log files from the command line without needing to use VNC or similar graphical tools. A useful command to know when you're investigating log files from the command line is tail . This lists the last ten lines of any file. [root@swinetrek kermit]# tail /var/log/httpd/error_log [client 192.168.69.36] PHP Warning: Division by zero in /var/www/html/div-zero-test.php on line 2 [Mon Oct 17 23:07:59 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [Mon Oct 17 23:08:05 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [Tue Oct 17 01:27:22 2005] [error] [client 69.20.16.232] File does not exist: /var/www/html/favicon.ico [Tue Oct 17 03:50:12 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [client 192.168.69.36] PHP Fatal error: Call to undefined function blowup() in /var/www/html/blowup-test.php on line 2 [Tue Oct 17 03:52:47 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [Tue Oct 17 03:53:01 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [client 192.168.69.36] PHP Warning: Division by zero in /var/www/html/div-zero-test.php on line 2 [Tue Oct 17 03:57:26 2005] [error] [client 192.168.69.36] File does not exist: /var/www/html/favicon.ico [root@swinetrek kermit]# If you're investigating an error that's just occurred, tail can be very handy: it lets you avoid having to skip through the whole log. If you want to view more (or less) of the file, you can use tail -n filename to show the last n lines of filename. The -f option will instruct tail to display new lines as they're added to the file. This is exceptionally helpful for "watching" a log file. As an experiment, run tail -f /var/log/httpd/error_log, then try to load a URL pointing to a file that doesn't exist on your server (e.g. http://localhost/foo.txt). You'll see that tail outputs the error immediately. Hit CtrlC to exit tail -f. 8.2.1. Log RotationYou may notice that, over time, copies of your log files start to appear. For example: [root@swinetrek kermit]# cd /var/log/httpd/ [root@swinetrek httpd]# ls error_log* error_log error_log.1 error_log.2 error_log.3 error_log.4 Not only do we have the error_log file itself, but also an error_log.1, an error_log.2, right through to an error_log.4. These copies are being made by the log rotator, a cron job that works to keep the size of your log files under control. error_log (in this example) is the current log; error_log.1 is an older log, error_log.2 is older still, and so on. When the log rotator cron job is triggered, error_log is moved to error_log.1, the old error_log.1 is moved to error_log.2, and so on. This ensures that your saved logs cover more than just the immediate past, but avoids their being saved as one enormous, unmanageable file. |