Section 8.2. Log Files


8.2. Log Files

Most of the services running on your LAMP server will keep logs of their activities, usually in the form of text files in the /var/log directory. Services can either log their outputs in the system log /var/log/messages, or in specific logs kept for individual services. Some of the logs that you may find useful include:


/var/log/messages

This is the system log , which contains log messages from the kernel itself, as well as those from a number of system daemons.

The system log is a useful place to look if you suspect that your machine has low-level issues: that Linux itself is causing the problem, rather than one of the programs you have running on it. Lots of programs write to the system log, making it a constant stream of "chatter" about low-level processes that occur on the machine. It's often incomprehensible, but it's worth looking into, because the system log may provide clues about what the machine was doing when the problem occurred.


/var/log/httpd/access_log


/var/log/httpd/ssl_access_log

These are the Apache access logs, which list the details of each Website hit as it occurs. The logged details of a single request are shown below.

/var/log/httpd/access_log (excerpt)

 192.168.69.36 - - [17/Oct/2005:23:07:59 -0400]     "GET /about.html HTTP/1.1" 200 - "-"      "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b5)         Gecko/20051006 Firefox/1.4.1" 


/var/log/httpd/error_log


/var/log/httpd/ssl_error_log

This comprises a log of errors occurring in Web pages or in Apache itself.

The Apache error log is extremely useful to Web developers deploying applications on the LAMP server, because more detail about an error in a Web application will normally be displayed in the log.

/var/log/httpd/error_log (excerpt)

 [client 192.168.69.36] PHP Warning:  Division by zero in      /var/www/html/div-zero-test.php on line 2 

This file also logs errors in the Apache configuration, and errors caused by Apache itself. For example, if the server doesn't seem to be serving Web pages, your examination of the log might show the following line:

/var/log/httpd/error_log (excerpt)

 [Mon Oct 10 04:10:49 2005] [error] (12)Cannot allocate memory:     fork: Unable to fork new process 

This is a good indication that the machine has, for some reason, run out of memory. While this doesn't help you work out why it ran out of memory, it does, at least, alert you that the problem has occurred; you can now concentrate on finding out what's eating all the memory, and fixing it before you restart Apache.


/var/log/samba/client.log

This is Samba's access log from client.


/var/log/yum.log

This comprises a log of packages that were updated or installed via yum.

All of these logs are presented as plain text files . You don't need to use the GUI tool to view them: use the following simple command to view the logs in a terminal.

[root@swinetrek kermit]# cat /var/log/messages Oct 11 06:14:59 swinetrek syslogd 1.4.1: restart. Oct 11 06:14:59 swinetrek kernel: klogd 1.4.1,     log source = /proc/kmsg started. Oct 11 06:14:59 swinetrek kernel: Linux version 2.6.11-1.1369_FC4     (bhcompile@decompose.build.redhat.com)     (gcc version 4.0.0 20050525 (Red Hat 4.0.0-9))     #1 Thu Jun 2 22:55:56 EDT 2005 Oct 11 06:14:59 swinetrek kernel: BIOS-provided physical RAM map: Oct 11 06:14:59 swinetrek kernel:     BIOS-e820: 0000000000000000 - 000000000009fc00 (usable) Oct 11 06:14:59 swinetrek kernel:            BIOS-e820: 000000000009fc00 - 00000000000a0000 (reserved) … Oct 17 21:01:10 swinetrek sshd(pam_unix)[2898]: session closed for     user kermit Oct 17 21:16:15 swinetrek su(pam_unix)[2605]: session closed for     user root Oct 17 21:16:21 swinetrek su(pam_unix)[3060]: session opened for     user root by (uid=500) [root@swinetrek kermit]# 

The text-based nature of logs is very useful when you're using SSH connections to other machines; you can view their log files from the command line without needing to use VNC or similar graphical tools.

A useful command to know when you're investigating log files from the command line is tail . This lists the last ten lines of any file.

[root@swinetrek kermit]# tail /var/log/httpd/error_log [client 192.168.69.36] PHP Warning:  Division by zero in     /var/www/html/div-zero-test.php on line 2 [Mon Oct 17 23:07:59 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [Mon Oct 17 23:08:05 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [Tue Oct 17 01:27:22 2005] [error] [client 69.20.16.232] File     does not exist: /var/www/html/favicon.ico [Tue Oct 17 03:50:12 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [client 192.168.69.36] PHP Fatal error:  Call to undefined     function blowup() in /var/www/html/blowup-test.php on line 2 [Tue Oct 17 03:52:47 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [Tue Oct 17 03:53:01 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [client 192.168.69.36] PHP Warning:  Division by zero in     /var/www/html/div-zero-test.php on line 2 [Tue Oct 17 03:57:26 2005] [error] [client 192.168.69.36] File     does not exist: /var/www/html/favicon.ico [root@swinetrek kermit]# 

If you're investigating an error that's just occurred, tail can be very handy: it lets you avoid having to skip through the whole log. If you want to view more (or less) of the file, you can use tail -n filename to show the last n lines of filename. The -f option will instruct tail to display new lines as they're added to the file. This is exceptionally helpful for "watching" a log file. As an experiment, run tail -f /var/log/httpd/error_log, then try to load a URL pointing to a file that doesn't exist on your server (e.g. http://localhost/foo.txt). You'll see that tail outputs the error immediately. Hit CtrlC to exit tail -f.

8.2.1. Log Rotation

You may notice that, over time, copies of your log files start to appear. For example:

[root@swinetrek kermit]# cd /var/log/httpd/ [root@swinetrek httpd]# ls error_log* error_log  error_log.1  error_log.2  error_log.3  error_log.4 

Not only do we have the error_log file itself, but also an error_log.1, an error_log.2, right through to an error_log.4. These copies are being made by the log rotator, a cron job that works to keep the size of your log files under control.

error_log (in this example) is the current log; error_log.1 is an older log, error_log.2 is older still, and so on. When the log rotator cron job is triggered, error_log is moved to error_log.1, the old error_log.1 is moved to error_log.2, and so on. This ensures that your saved logs cover more than just the immediate past, but avoids their being saved as one enormous, unmanageable file.




Run Your Own Web Server Using Linux & Apache
Run Your Own Web Server Using Linux & Apache
ISBN: 0975240226
EAN: 2147483647
Year: 2006
Pages: 92

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net