keskiviikko 25. syyskuuta 2013

Reading linux logs

Our homework was to create three error messages and then analyze errors from log files.

SSH-"error"

My first error is not really error, but anyway I installed openssh-server and tried to login without password. Of course that would fail.


Then I started searching ssh logs from /var/log but didn't find anything useful so I did a search

grep -ir ssh /var/log/*

where:
grep = print lines matching a pattern
i = Ignore case distinctions in both the PATTERN and the input files.
r = Read all files under each directory, recursively
(http://explainshell.com/explain?cmd=grep+-ir)

And that revealed the path I should be looking /var/log/auth.log
However everything can be seen from the search so no point opening that file. It clearly says: Failed password for this from 127.0.0.1 port 58216 and so on...


Then my second error is what I came up with the class during apache php installation for all users. (http://nikinlinux.blogspot.fi/2013/04/user-homepages-on-apache.html)

From the part where I have to edit this file "sudoedit php5.conf" I somehow failed editing the file and now my apache won't restart.


 This time I knew the apache2 log file would be under /var/log/apache2 and from there I chose error.log. It didn't reveal anything useful but as you can see from the image above the error message is very clear and I don't need to look log files. There is on </IfModule> without matching start point and when I look my php5.conf file again I noticed I forgot to comment out the last IfModule


One comment there # and sudo service apache2 restart works again!

Third problem: I commented out all cdrom lines from /etc/apt/sources.list file and it is saying failed to fetch cdrom source. It is very clear and I just could remove the cdrom lines from apt because I don't use it.



Once I also encountered dpkg lock error:


This means some other program might be using apt-get. For example if you have package manager open and forget to use sudo before apt-get you can get this error message. You can get this error from other reasons too and to fix that type: sudo rm -fv /var/lib/dpkg/lock to remove the lock and continue using apt-get normally.

I found some log files under /var/log/dpkg.log and /var/log/apt/ history.log and term.log these were not much help because I had to google the answer how to remove lock.






Ei kommentteja:

Lähetä kommentti