Checking your logs on Ubuntu Server

Posted on November 29, 2009 | Category: Informational, Kubuntu, Linux, Linux Distributions, Resources, Security, Server, Ubuntu, bash

How often do you check your server logs? My servers operate Ubuntu Server. I feel fairly certain that they will be able to withstand the standard hacker attempts (and they have). Part of my confidence stems from my log viewing habits.

Logs are a good way to check what traffic is visiting your server, what errors are presented to the visitor, and what if any hardware problems you might be experiencing. Logs for Ubuntu Servers and many other linux distributions are found in /var/log folder, with apache logs located in /var/log/apache2. Below are some of the logs that I view to grasp what is happening within my server.

• /var/log/dmesg – contains kernel bootup messages that might help you track down a bad block in your hard disk, blocked firewall attempts, or kernel errors (once a week)
• /var/log/auth.log – see what people log in as root (once or twice a month)
• /var/log/apache2/error.log – this is my favorite log to view and in my opinion, the most informative. Apache’s error log will tell you what errors viewers experience. For instance, the log snippet below shows several ip’s that were blocked from my server (malicious Chinese hackers). While, the third log down from the top shows that my olylinks/robots.txt does not exist (checked daily).

[Sat Nov 28 21:01:40 2009] [error] [client 124.115.0.159] client denied by server configuration: /APACHE/bucky/
[Sat Nov 28 21:02:12 2009] [error] [client 124.115.0.160] client denied by server configuration: /APACHE/bucky/
[Sat Nov 28 21:23:40 2009] [error] [client 77.88.28.248] File does not exist: /APACHE/olylinks/robots.txt
[Sat Nov 28 22:30:42 2009] [error] [client 59.61.216.53] client denied by server configuration: /APACHE/24.18.97.111/
[Sat Nov 28 23:37:24 2009] [error] [client 220.181.94.222] client denied by server configuration: /APACHE/markimoore/robots.txt
[Sun Nov 29 00:28:54 2009] [error] [client 220.181.94.222] client denied by server configuration: /APACHE/markimoore/army-recall-i-r-r

The logs above are the files I check most often. However, if you have additional programs such as fail2ban, you should also meander around your log files and gain perspective on what is happening, or not happening with your system. For more information on logfiles, check out https://help.ubuntu.com/community/LinuxLogFiles.

Similar Articles

• » Terminal command for reinstall of Ubuntu packages
• » Google text-to-speech API - Unofficially
• » Linux File Permissions
• » Google Voice bypasses Apple and makes their own app
• » Nexus One Google Phone Android 2.1 Preview video

Leave a Reply

Name (required)

Mail (will not be published) (required)

Website

CAPTCHA Code

Notify me of followup comments via e-mail