Chapter 11. System monitoring: Working with log files
This chapter covers
- Filtering log entries to maintain system health
- The care and feeding of your Linux logging system
- Filtering text streams using grep, awk, and sed
- Deploying intrusion detection systems
If all you had to work with was just the things you’ve learned so far in this book, I’d say you’re ready to put together a pretty respectable server. It’ll be connected, automated, backed up, open for remote clients requesting data and other services, and at least reasonably secure. All the comforts of home.
Time to put your feet up and enjoy the view? Not yet. Your server may be properly configured, but you’ll also need to keep an eye on the way it handles the road once it enters its production environment. How does that work? As you’ll soon see, most Linux system monitoring consists of reading log files.
A log entry is a text-based record of some system event. When a user enters authentication credentials, a remote client requests data from a web server, an application crashes, or a new hardware device is connected, a descriptive note is appended to one or more log files.