Online presence is more than something these days. People do have ideas and they are turning them into the business, portfolios, services, and so on. To power these websites up, the servers have to be up and running fine. But things do go wrong, and thus you might be asked to check the server logs to fix the issues yourselves. Here is techdecipher’s offering about how you can check server logs on various Linux distributions.
In Today’s post, we are going to check why checking server logs is necessary, brief about logs and how to check logs on Linux distributions, without further due, let’s begin.
Why checking logs are necessary?
Let’s take this whole matter through the end user’s eyes. The user requires a website for their business needs. The first thing user would do is they would sign up as a freelancer developer and things begin. Post that they start to encounter some issues, let it be accessibility in certain regions or certain devices does not load the website, and so on. You would contact the developer for this issue and then the developer might contact their server provider for the same.
Sometimes the sites are hosted in a shared platform so the hosting provider would consider the request and might share the log details. However, when you or your developer has their own Server then the situation differs. In that case, the service provider might refuse to provide support due to the fact that your server already has root permissions. This is enough to cause disputes, the developer is burdened with the client’s request. Server providers or hosting providers would always have some limits for scope support for legal and obvious reasons.
To figure out the actual reasons for the issue, one must know how to check the logs. No matter if it’s a website or an API or it is an application, checking logs would help you solve the issues in no longer and gain client trust. With you able to review logs and manage things you may gain more clients and a good opportunity to extend web and server management. It’s not necessary that only server admins handle servers these days, and that’s why knowing these skills is an added bonus.
Brief about logs
In Linux distributions, the default directory for logs is /var/log. All important logs for your server are located in var/log. You can change this location but that needs to be done in the configuration of your server. The log details for respective components/services are as follows.
1) Boot logs
Boot logs are the log file that contains all system actions while it’s booting until the system or machine is up and running. This log file may contain the boot sequence and some events if they have gone wrong and things over the course of booting up.
2) Chronyd logs
This chrony log contains the statistical information on your Linux server. This also contains NTP services that sync the time hence checking logs would be helpful in case when things go wrong.
4) Cron
This file contains the cron-related logs. This can help you understand whether the cron is being performed or delayed.
5) Maillog
These logs would help you figure out the emails and information about sending and receiving of emails.
6) Secure
Secure logs are a very helpful log for checking login records. It would help you figure out all the login users and ssh login records as well. You can use it to verify if anyone was backdooring.
7) Messages
This log stores all global information such as hardware, and software info. It indeed comes in important logs in the Linux env. For Debian-based servers like Ubuntu and Mint the path to log in is /var/log/Syslog and for RHEL based like centOS and Alma its /var/log/messages.
8) MTA logs
These logs are actually for the mail transfer agent which is used in the server. This helps in understanding the actual emails whether they are going, failing and so in a more profound way. Most of the time, it would be Exim. The full log name would be exim_mainlog. Apart from Exim, there are many others like Postfix that need to be installed.
Then there are Apache logs, and MySQL logs of them you can find them in the var/log directory and explore what might be wrong.
How to check logs?
1) Shared hosting with cpanel
Being in the industry, hosting with cpanel is a wide choice of people these days. The majority of end users opt out shared hosting model with cpanel as the control panel. The reason is simple, cpanel is very user-friendly to manage sites. If you do not have root permission for your cpanel account then checking logs should be done by following ways. Login to your cPanel account using the hosting IP along with port number 2083. Suppose your hosting IP is 323.23.233.3 you would need to use it as 323.23.233.3:2083 in the browser to access your cPanel. You may ask your hosting IP to your hosting provider if you are not sure about IP and user credentials.
When you are in, navigate to sections like Errors, Error Pages, and Raw Access to figure out if anything is wrong with the site or account. You would not be able to run sudo commands in the shared hosting cPanel account since it is managed by your hosting provider. So you would be able to check the basic functions the cPanel provides.
2) Servers
Let’s have a look at how to check logs in the Linux distributions. With the server, you would need extra effort to review the logs. You can make use of the command line interface to collect valuable information about the issue. Not a while ago we covered how to access servers with different approaches which you can check here. Once you are in, change the directory to /var/log to see what types of log files are present and then you can cat them to preview and use various variations to gain the best conclusion. Follow the below commands according to your need, and read them carefully. You may as well google some of the logs which would help you how to troubleshoot them.
cPanel
cat /var/log/messages | grep username
cat /usr/local/cpanel/logs/access_log | more
cat /usr/local/cpanel/logs/access_log | head -3
cat /usr/local/cpanel/logs/access_log | tail -3
grep username /usr/local/cpanel/logs/error_log | tail -3
Apache, httpd
grep techdecipher.com /usr/local/apache/logs/error_log | tail -3
cat /var/log/apache2/error_log | grep username tail -2
cat /var/log/apache2/error_log | grep username head -2
grep ModSecurity /usr/local/apache/logs/error_log
grep ModSecurity /usr/local/apache/logs/error_log | grep -i cp-user
grep ModSecurity /usr/local/apache/logs/error_log | grep -i your-websit.com
Mail log
cat /var/log/maillog | tail -2
Cphulk
cat /usr/local/cpanel/logs/cphulkd.log | grep blocked | tail -3
Firewalld
cat /var/log/firewalld
Secure
cat /var/log/secure | tail -10
Exim logs
sudo cat exim_mainlog | grep email@yourwebsite.com
Dmesg
cat /var/log/dmesg | tail -10
MySQL
You would need to verify where your Database service is storing logs, its located in mycnf
cat /etc/mycnf
mysql -e "show variables like '%log%';"
in my case it is
| log_error | /var/lib/mysql/199-193-7-132.cprapid.com.err
so I caught the file
cat /var/lib/mysql/199-193-7-132.cprapid.com.err | tail -10
You may check this cpanel documentation for more here.
Note: Some commands may differ due to it being RHEL-based and if you wish to check the difference of commands in Debian-based OS like Ubuntu, check the article here. This blog is currently having limited commands to begin with, however, we will update it from time to time to get you an ultimate log check experience to help you troubleshoot your issues.
Conclusion
In the blog, we have checked some basic commands to help you get started. Though server administration is a waste subject, but having a basic command idea is enough to understand the issues. This concludes with how to check logs in the Linux distributions. Which command helps you fix issues? do let us know in the comments section below. If you need any help or have any suggestions to make, then do reach us via the contact page here. Happy Global Beatles Day!
