Chapter 11. System monitoring: Working with log files

 

This chapter covers

  • Filtering log entries to maintain system health
  • The care and feeding of your Linux logging system
  • Filtering text streams using grep, awk, and sed
  • Deploying intrusion detection systems

If all you had to work with was just the things you’ve learned so far in this book, I’d say you’re ready to put together a pretty respectable server. It’ll be connected, automated, backed up, open for remote clients requesting data and other services, and at least reasonably secure. All the comforts of home.

Time to put your feet up and enjoy the view? Not yet. Your server may be properly configured, but you’ll also need to keep an eye on the way it handles the road once it enters its production environment. How does that work? As you’ll soon see, most Linux system monitoring consists of reading log files.

A log entry is a text-based record of some system event. When a user enters authentication credentials, a remote client requests data from a web server, an application crashes, or a new hardware device is connected, a descriptive note is appended to one or more log files.

11.1. Working with system logs

 

11.2. Managing log files

 
 
 

11.3. Consuming large files

 
 

11.4. Monitoring with intrusion detection

 
 
 

Summary

 
 
 

Key terms

 
 
 

Security best practices

 
 
 

Command-line review

 
 

Test yourself

 
sitemap

Unable to load book!

The book could not be loaded.

(try again in a couple of minutes)

manning.com homepage
test yourself with a liveTest