Monitoring
--
Linux stores logs of almost everything from user accounting to system halts. These logs are always useful to debug problems or track the loophole of any configurations. Logs are the records of system activity to assure the faults, traffic activities, configuration logs, user activity logs. Main Linux log files are situated at /var/logs by default. While it is also possible to define the log file in a custom path in the configuration files and this is usually not recommended. Major log files in Linux are described below.
/var/log/messages ——–>contains standard I/O logs, DNS logs, DHCP, NFS, NIS
/var/log/boot.log ——–>contains boot time logs about system shutdown, reboot
/var/log/dmesg ——–>hardware specific logs
/var/log/xferlog ——–>logs of FTP actities includes uploads, downloads, user processes
/var/log/samba ——–>logs of samba services(windows)
/var/log/httpd/* ——–>logs of all web activities, apache web server
/var/log/secure ——–>logs of SSH, telnet and authentication services
/var/log/cups/* ——–>logs of print activities
/var/log/cron ——–>logs of system activities from cron jobs
/var/log/xorg/* ——–>GUI related logs
/var/log/auth.log ——–>Authentication related logs
/var/log/kern.log ——–>Kernel logs
/var/log/maillog ——–>mail server logs
/var/log/mysqld.log ——–>logs from mysql activities
var/log/yum.log ——–>logs of yum activities includes packages downloads
Besides these, log files are created automatically after each package configurations.
Mail Log Analyze : pflogsumm
[root@mail ~]# yum -y install postfix-perl-scripts
Install pflogsumm which is the Postfix Log reporting tool.
generate log summary for yesterday
[root@mail ~]# perl /usr/sbin/pflogsumm -d today /var/log/maillog
Output from perl /usr/sbin/pflogsumm -d today /var/log/maillog ..
Postfix log summaries for May 29 Grand Totals ------------ messages 2189 received 8898 delivered 14 forwarded 40 deferred (314 deferrals) 13 bounced 143 rejected (1%) 0 reject warnings 0 held 0 discarded (0%) 943m bytes received 4210m bytes delivered 296 senders 100 sending hosts/domains 415 recipients 42 recipient hosts/domains Per-Hour Traffic Summary time received delivered deferred bounced rejected -------------------------------------------------------------------- 0000-0100 0 0 0 0 0 0100-0200 0 0 0 0 0 0200-0300 0 0 0 0 0 0300-0400 6 15 0 0 3 0400-0500 23 65 31 0 9 0500-0600 4 10 24 0 7 0600-0700 33 100 27 0 7 0700-0800 42 155 31 0 13 0800-0900 119 522 32 0 10 0900-1000 252 1085 26 1 12 1000-1100 324 1389 30 0 9 1100-1200 359 1462 31 2 24 1200-1300 511 2181 24 0 14 1300-1400 346 1222 26 0 19 1400-1500 170 692 32 10 16
----------------------XXXXXXXXXXXXXXXXXXXX---------------------------------
Creat Scripts
_________________________________________________________________________________
#!/bin/bash NOW=$(date +"%b %e") echo $NOW /bin/grep "$NOW" /var/log/maillog > /root/maillog /etc/init.d/clamd status > /root/mailreport.txt /etc/init.d/spamassassin status >> /root/mailreport.txt /etc/init.d/amavisd status >> /root/mailreport.txt sleep 1 /usr/local/bin/pflogsumm -d today --smtpd_warning_detail=0 --reject_detail=0 --deferral_detail=0 --rej_add_from --problems_first /root/maillog >> /root/mailreport.txt sleep 3 echo "Local MAIL Usage LOG" >> /root/mailreport.txt echo "====================" >> /root/mailreport.txt cat /var/log/messages | grep "$NOW" | grep "DPT=25 " | grep -o '[^ ]*SRC=[^ ]*' | sort | uniq -c | sort >> /root/mailreport.txt sleep 1 echo "HD Space Information " >> /root/mailreport.txt echo "===================================" >> /root/mailreport.txt df -h >> /root/mailreport.txt sleep 1 sleep 1 /bin/mail -s "Log report of $HOSTNAME" arif@worldcm.net < /root/mailreport.txt
____________________________________________________________________________________________________
# crontab -e # 54 23 * /root/bin/mail_usage.sh
Monitorix : Install
Install Monitorix which is a light weight system monitoring tool.
[1] Install Monitorix.
# install from EPEL
[root@dlp ~]# yum --enablerepo=epel -y install monitorix
[2]
Configure Monitorix.
[root@dlp ~]# vi /etc/monitorix/monitorix.conf
# line 6: change to any title you like
title = Monitorix
# line 7: change to your own hostname
hostname = dlp.srv.world
# line 8: backgroud color of admin site
theme_color = white
# line 12: change network units to bps (default is Bytes per/sec)
netstats_in_bps = y
# line 26: change like follows
<httpd_builtin>
enabled = y
host =
port = 8080
user = nobody
group = nobody
log_file = /var/log/monitorix-httpd
# set permittion for admin site
hosts_deny = all
hosts_allow = 10.0.0.0/24
[root@dlp ~]# systemctl start monitorix
[root@dlp ~]# systemctl enable monitorix
[3]
Access to the "http://(Monitorix server's hostname or IP address):8080/monitorix/" from a client which is in the network allowed in config. Then, Monitorix admin site is displayed like follows. Click "OK" to see graphs.
[4]
Graphs are displayed.
---
Mail Log Analyze : pflogsumm
[root@mail ~]# yum -y install postfix-perl-scripts
Install pflogsumm which is the Postfix Log reporting tool.
generate log summary for yesterday
[root@mail ~]# perl /usr/sbin/pflogsumm -d today /var/log/maillog
Output from perl /usr/sbin/pflogsumm -d today /var/log/maillog ..
Postfix log summaries for May 29
Grand Totals
------------
messages
2189 received
8898 delivered
14 forwarded
40 deferred (314 deferrals)
13 bounced
143 rejected (1%)
0 reject warnings
0 held
0 discarded (0%)
943m bytes received
4210m bytes delivered
296 senders
100 sending hosts/domains
415 recipients
42 recipient hosts/domains
Per-Hour Traffic Summary
time received delivered deferred bounced rejected
--------------------------------------------------------------------
0000-0100 0 0 0 0 0
0100-0200 0 0 0 0 0
0200-0300 0 0 0 0 0
0300-0400 6 15 0 0 3
0400-0500 23 65 31 0 9
0500-0600 4 10 24 0 7
0600-0700 33 100 27 0 7
0700-0800 42 155 31 0 13
0800-0900 119 522 32 0 10
0900-1000 252 1085 26 1 12
1000-1100 324 1389 30 0 9
1100-1200 359 1462 31 2 24
1200-1300 511 2181 24 0 14
1300-1400 346 1222 26 0 19
1400-1500 170 692 32 10 16
----------------------XXXXXXXXXXXXXXXXXXXX---------------------------------
Creat Scripts
_________________________________________________________________________________
#!/bin/bash
NOW=$(date +"%b %e")
echo $NOW
/bin/grep "$NOW" /var/log/maillog > /root/maillog
/etc/init.d/clamd status > /root/mailreport.txt
/etc/init.d/spamassassin status >> /root/mailreport.txt
/etc/init.d/amavisd status >> /root/mailreport.txt
sleep 1
/usr/local/bin/pflogsumm -d today --smtpd_warning_detail=0 --reject_detail=0 --deferral_detail=0 --rej_add_from --problems_first /root/maillog >> /root/mailreport.txt
sleep 3
echo "Local MAIL Usage LOG" >> /root/mailreport.txt
echo "====================" >> /root/mailreport.txt
cat /var/log/messages | grep "$NOW" | grep "DPT=25 " | grep -o '[^ ]*SRC=[^ ]*' | sort | uniq -c | sort >> /root/mailreport.txt
sleep 1
echo "HD Space Information " >> /root/mailreport.txt
echo "===================================" >> /root/mailreport.txt
df -h >> /root/mailreport.txt
sleep 1
sleep 1
/bin/mail -s "Log report of $HOSTNAME" arif@worldcm.net < /root/mailreport.txt
____________________________________________________________________________________________________
# crontab -e
# 54 23 * /root/bin/mail_usage.sh
Monitorix : Install
Install Monitorix which is a light weight system monitoring tool.
[1] Install Monitorix.
# install from EPEL
[root@dlp ~]# yum --enablerepo=epel -y install monitorix
[2] Configure Monitorix.
[root@dlp ~]# vi /etc/monitorix/monitorix.conf
# line 6: change to any title you like
title = Monitorix
# line 7: change to your own hostname
hostname = dlp.srv.world
# line 8: backgroud color of admin site
theme_color = white
# line 12: change network units to bps (default is Bytes per/sec)
netstats_in_bps = y
# line 26: change like follows
<httpd_builtin>
enabled = y
host =
port = 8080
user = nobody
group = nobody
log_file = /var/log/monitorix-httpd
# set permittion for admin site
hosts_deny = all
hosts_allow = 10.0.0.0/24
[root@dlp ~]# systemctl start monitorix
[root@dlp ~]# systemctl enable monitorix
[3] Access to the "http://(Monitorix server's hostname or IP address):8080/monitorix/" from a client which is in the network allowed in config. Then, Monitorix admin site is displayed like follows. Click "OK" to see graphs.