How do I check my server's log files?
Hi there,
I just would like to know how can I check the server's log files, as we keep having notice that the server is using 300% of the CPU and the disk storage is currently full with no backup function, so we'd like to find out the details.
7 Replies
You can check the logs for your server using an editor like 'nano' or 'vi'. You can also use a tool like 'cat' and/or 'less'. Whichever tool you choose to use, invoking them follows pretty much the same or similar syntax:
vi </path/to/log>
nano </path/to/log>
less </path/to/log>
cat </path/to/log> | less
where </path/to/log> is the actual path to the log file you would like to view. For example,
cat /var/log/messages | less
will show the contents of the log '/var/log/messages' and allow you to scroll through it one line at a time.
It is worth noting that since 'nano' and 'vi' are text editors, they will permit you to edit whatever files you open with them, so be careful when you have something open that you do not wish to make changes to (although you should be prompted as to whether or not you wish to save before any changes are actually committed to the file). 'cat' and 'less' - if invoked without any additional arguments - only display the contents of a file, and do not make any changes.
The standard locations for some of the most common logs on a Linux server are:
/var/log/messages : General message and system related stuff
/var/log/kern.log : Kernel logs
/var/log/cron.log : Crond logs (cron job)
/var/log/maillog : Mail server logs
/var/log/httpd/ or /var/log/apache2 : Apache access and error logs directory
/var/log/nginx/ : Nginx access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log : MySQL database server log file
/var/log/secure or /var/log/auth.log : Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
If you need any help interpreting an error in these logs, you can post it here for a second opinion, but please do not indiscriminately attach an entire log as it is difficult to read in a forum. I would recommend sticking only to the relevant lines.
I am getting this error in / var / log / message
Sep 2 15:07:09 li936-163 rsyslogd: action 'action-7-builtin:omfile' resumed (module 'builtin:omfile') [v8.1901.0 try https://www.rsyslog.com/e/2359 ]
I am getting this error in /var/log/nginxerror.log
2020/09/02 15:10:53 [warn] 23795#23795: conflicting server name "servpcspa.com" on 45.56.118.163:443, ignored
2020/09/02 15:10:53 [warn] 23795#23795: conflicting server name "mail.servpcspa.com" on 45.56.118.163:443, ignored
Please can you help me
@cgs_servpc - Typically, the error "conflicting server name" means that you have the same server name in multiple server blocks. You aren't able to have the same server name listening on the same port in multiple server blocks. You can fix this by removing the duplicate server block in /etc/nginx/sites-enabled/example1.com
(where example1.com is the name of your website's configuration file), as mentioned in this ServerFault post.
The rsyslogd error you're seeing is a generic error that can be caused by outdated parameters in your /etc/rsyslog.conf
file. This site has an example of what parameters to comment out of that file so that you can prevent those messages moving forward.
I didn't understand any of this:
Typically, the error "conflicting server name" means that you have the same server name in multiple server blocks. You aren't able to have the same server name
Reviewing, this directory / etc / nginx / sites-enabled / does not exist
I found this
/etc/nginx/conf.d/domains# ls
cccloud.cl.conf
cccloud.cl.ssl.conf
host.lucasflo.com.conf
legalpal.cl.conf
legalpal.cl.ssl.conf
li936-163.members.linode.com.conf
li936-163.members.linode.com.ssl.conf
mercatodipatrizio.cl.conf
runko.cl.conf
runko.cl.ssl.conf
servpcspa.com.conf
servpcspa.com.ssl.conf
webmail.cccloud.cl.conf
webmail.cccloud.cl.ssl.conf
webmail.legalpal.cl.conf
webmail.mercatodipatrizio.cl.conf
webmail.runko.cl.conf
webmail.runko.cl.ssl.conf
webmail.servpcspa.com.conf
webmail.servpcspa.com.ssl.conf
Forgive my ignorance, can you help me please.
@cgs_servpc --
You write:
I am getting this error in /var/log/nginxerror.log
2020/09/02 15:10:53 [warn] 23795#23795: conflicting server name "servpcspa.com" on <redacted>:443, ignored
2020/09/02 15:10:53 [warn] 23795#23795: conflicting server name "mail.servpcspa.com" on <redacted>:443, ignored
You also write:
I didn't understand any of this:
Typically, the error "conflicting server name" means that you have the same server name in multiple server blocks. You aren't able to have the same server name
You are trying to configure the virtual host servpcspa.com in two different places in your web server configuration. Web servers, dumb animals that they are, are easily confused by things like this. The root of your problem is that you are trying to accomplish something with your web server that you should be doing with your DNS configuration.
- Set up A/AAAA records in the DNS manager for servpcspa.com and mail.servpcspa.com to point to the IP address <redacted>. There are guides as to how to do this…I don't have command of their location at the moment.
- Fix your web server configuration to serve any request on port 443 (I don't know anything about nginx so I can't tell you how to do this).
- You can find out which web server configuration files you need to fix by running the command:
[sudo] grep servpcspa.com /etc/nginx/sites-enabled
The [sudo]
part indicates that you may need to preface grep
with sudo
depending on whether or not you are logged in as root
…NOT the type the string [sudo].
It appears that you have quite a lot of cruft in your nginx configuration. Are cccloud.cl, lucasflo.com, legalpal.cl, li936-163.members.linode.com, mercatodipatrizio.cl, & runko.cl domains that are served by this system? If not, a good first step would be to get rid of all this stuff.
You also write:
I am getting this error in / var / log / message
Sep 2 15:07:09 li936-163 rsyslogd: action 'action-7-builtin:omfile' resumed (module 'builtin:omfile') [v8.1901.0 try https://www.rsyslog.com/e/2359 ]
This is a notice of recovery from some transient error condition by rsyslogd (the Linux system logging daemon). It's most likely innocuous but you should investigate the cause (my guess is that newer release rsyslogd changed it's configuration parameters and your configuration uses the older ones that are no longer recognized…just a guess though). Since the message is a notice of recovery, this is definitely lower-priority than your web server issue described above.
-- sw
P.S. It's not a good idea to post your IP address in a public forum like this. There are a lot of bad actors out there. That's why I have substituted <redacted> for it. Also, in @jyoo's reply above, he was confusing the configuration location for apache2 for the configuration location for nginx when he referenced /etc/nginx/sites-enabled. An honest mistake…
"It seems you have quite a bit of cruft in your nginx configuration. Are domains cccloud.cl, lucasflo.com, legalpal.cl, li936-163.members.linode.com, mercatodipatrizio.cl and runko.cl that are served by this system If not, a good first step would be to get rid of all these things. "
I don't know what you mean by this.
a good first step would be to get rid of all these things.
On the server I have all those domains, I can't delete them, are they active?
"sites-enabled", this directory does not exist on the server.
"PS: It's not a good idea to post your IP address in a public forum like this. There are a lot of bad actors out there. That's why I've replaced it with <redacted & gt."
Thank you for this
@cgs_servpc --
You write:
I don't know what you mean by this.
I'm showing my age… cruft is an old hacker term for junk or clutter… I was merely stating that, to me…a casual observer…and based solely on the information you have provided here…it appeared that your server configuration had needless clutter that could be obfuscating your problem.
a good first step would be to get rid of all these things.
On the server I have all those domains, I can't delete them, are they active?
If you say they are necessary, then I have to defer to your expertise. I don't know if they're active or not. You say you have all those domains so I would assume they are active. Why would you have active configuration for inactive sites (see cruft above)?
sites-enabled, this directory does not exist on the server.
I was telling you that @jyoo made a mistake in his advice. /etc/apache2/sites-enabled is the location of configuration for enabled sites for the apache2 web server. As you (correctly) state, there is no directory /etc/nginx/sites-enabled.
-- sw