100 Unix log check commands that can be useful for monitoring and troubleshooting

Introduction

In the world of Linux/Unix systems, log files are invaluable resources for system administrators and developers alike. They serve as the backbone for monitoring system performance, diagnosing issues, and ensuring security. Understanding how to effectively check and analyze logs can significantly enhance your troubleshooting capabilities. This article will provide you with a comprehensive list of 100 Unix log check commands that are essential for effective monitoring and troubleshooting.

What Is Logging in Unix?

Logging in Unix refers to the systematic recording of events or messages generated by the system, applications, or services. These logs are typically stored in plain text files located in the /var/log directory. They serve as a critical source of information for diagnosing issues, monitoring system performance, and ensuring security compliance. Logs can be categorized into various types, including system logs, application logs, security logs, and audit logs, each serving a unique purpose in system management.

How It Works

Logs are generated by different components of the operating system and applications, capturing events such as system errors, user actions, and security incidents. Think of logs as a diary for your system; just as you might jot down important events or experiences, your system records significant occurrences that can help you understand its behavior over time. By analyzing these logs, you can identify patterns, troubleshoot problems, and enhance system security.

Prerequisites

Before diving into the commands, ensure you have the following:

• Access to a Unix/Linux system
• Sufficient permissions to read log files (usually requires root or sudo access)
• Familiarity with the command line interface
• Basic understanding of log file structures

Installation & Setup

No specific installation is required for basic log checking commands, as they are typically included with Unix/Linux distributions. However, ensure you have the following tools installed:

• grep for filtering log entries
• tail for real-time log monitoring

Step-by-Step Guide

Here’s a step-by-step guide to effectively monitor and troubleshoot using log commands:

1. Monitor System Logs
   Use the following command to follow the system log file in real-time:

   tail -f /var/log/messages

2. Check Authentication Logs
   Monitor login attempts and authentication events:

   tail -f /var/log/auth.log

3. Secure Log Monitoring
   For systems using the secure log format, check:

   tail -f /var/log/secure

4. Syslog Monitoring
   To follow system-wide events, use:

   tail -f /var/log/syslog

5. Kernel Log Monitoring
   For kernel-level events, check:

   tail -f /var/log/dmesg

6. Mail Log Monitoring
   Monitor mail-related events:

   tail -f /var/log/mail.log

7. Apache Error Log Monitoring
   To monitor errors related to the Apache web server:

   tail -f /var/log/httpd/error_log

8. Apache Access Log Monitoring
   Check requests to the Apache web server:

   tail -f /var/log/httpd/access_log

9. Nginx Error Log Monitoring
   For Nginx web server errors:

   tail -f /var/log/nginx/error.log

10. Nginx Access Log Monitoring
    Monitor requests to the Nginx web server:

    tail -f /var/log/nginx/access.log

11. MySQL Error Log Monitoring
    Check for MySQL server errors:

    tail -f /var/log/mysql/error.log

12. MySQL General Log Monitoring
    Monitor general MySQL activity:

    tail -f /var/log/mysql/mysql.log

13. MySQL Slow Query Log Monitoring
    To monitor slow-running queries:

    tail -f /var/log/mysql/slow-query.log

14. Redis Log Monitoring
    Check Redis server activity:

    tail -f /var/log/redis/redis-server.log

15. PostgreSQL Log Monitoring
    Monitor PostgreSQL server activity:

    tail -f /var/log/postgresql/postgresql.log

16. Filter SSH Events
    To filter SSH-related events from the authentication log:

    tail -f /var/log/auth.log | grep ssh

17. Filter Cron Events
    For cron-related events in the system log:

    tail -f /var/log/syslog | grep cron

Real-World Examples

1. Monitoring SSH Login Attempts
   By using the command to filter SSH events, you can quickly identify unauthorized login attempts:

   tail -f /var/log/auth.log | grep ssh

2. Analyzing Web Server Traffic
   Use the following command to analyze access patterns on your Nginx server:

   tail -f /var/log/nginx/access.log

3. Investigating Slow Database Queries
   To troubleshoot performance issues in MySQL, monitor the slow query log:

   tail -f /var/log/mysql/slow-query.log

Best Practices

• Regularly monitor critical log files to catch issues early.
• Use grep to filter logs for specific events or errors.
• Implement log rotation to manage log file sizes and retention.
• Use centralized logging solutions for large environments.
• Regularly review security logs for unauthorized access attempts.
• Automate log monitoring with scripts or tools like Logwatch or Splunk.
• Ensure log files have appropriate permissions to prevent unauthorized access.

Common Issues & Fixes

Issue	Cause	Fix
Log file is empty	Service not logging	Check service configuration
Unable to read log files	Insufficient permissions	Use sudo or change permissions
Log rotation not working	Misconfigured logrotate	Review /etc/logrotate.conf settings
Missing logs	Service not started	Ensure the service is running

Key Takeaways

• Logs are essential for monitoring and troubleshooting Unix systems.
• Understanding how to access and analyze logs can improve system reliability.
• Use specific commands to monitor various aspects of your system.
• Regular log monitoring can help catch issues before they escalate.
• Implement best practices for log management to maintain system health.