Book Image

Troubleshooting CentOS

By : Jonathan Hobson
Book Image

Troubleshooting CentOS

By: Jonathan Hobson

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Troubleshooting CentOS
Jonathan Hobson
Jun, 2015 | 190 pages
No titles found
Table of Contents (17 chapters)
Troubleshooting CentOS
Troubleshooting CentOS
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Basics of Troubleshooting CentOS
Basics of Troubleshooting CentOS
Installing some basic tools
Gathering hardware information
Understanding dmesg
Understanding log files
Reading log files and affecting the output
Using tail to monitor log files
Using cat, less, and more
Using grep
Using diff
Using truncation
Summary
References
2
Troubleshooting Active Processes
Troubleshooting Active Processes
Tuning server performance with memory management and swap
Managing memory with vmstat
Checking the system load with the top command
Monitoring disk I/O with iotop
Checking processes with the ps command
Checking performance with iostat and lsof
Calculating the system load
Discovering process IDs with pgrep and systemctl
More about systemd
Issuing the kill signal
Dealing with an orphaned process
Summary
References
3
Troubleshooting the Network Environment
Troubleshooting the Network Environment
Using ping, dig, host, traceroute, and mtr
Monitoring network connections with the ss command
Packet analysis with tcpdump
Summary
References
4
Troubleshooting Package Management and System Upgrades
Troubleshooting Package Management and System Upgrades
Gathering software information
Using Yum plugins
Fixing Yum operations
Installing additional Yum repositories
Downloading an RPM package with Yum
Diagnosing a corrupt RPM database
Minor release upgrades
Summary
References
5
Troubleshooting Users, Directories, and Files
Troubleshooting Users, Directories, and Files
Users
Monitoring user activity with utmpdump
Resetting the root password and enhancing logging
Recovering lost or deleted files with Scalpel
Restoring file and directory permissions
Working with and extending the XFS filesystem
Running repairs on XFS
Investigating fragmentation on XFS
Auditing directories and files
Visualizing directories and files
Summary
References
6
Troubleshooting Shared Resources
Troubleshooting Shared Resources
Providing NFS shares on a CentOS 7 server
About NFS exports
Mounting NFS shares on a CentOS client
Mounting an external drive with CIFS
Using autofs to mount an external drive
Summary
References
7
Troubleshooting Security Issues
Troubleshooting Security Issues
Auditing SELinux with aureport and setroubleshoot
SSH banners
Tuning SSH
Intrusion detection with Tripwire
Firewalld – zone, service, and port management
Removing Firewalld and returning to iptables
Summary
References
8
Troubleshooting Database Services
Troubleshooting Database Services
Getting up-and-running with MariaDB
Resetting and recovering a root password with MariaDB
Tuning MariaDB and MySQL
Obtaining metrics from MariaDB and MySQL
Returning to MySQL
Installing and configuring PostgreSQL 9
Summary
References
9
Troubleshooting Web Services
Troubleshooting Web Services
Auditing the server with cURL
Debugging Akamai headers with cURL
Adding Varnish to Apache
Testing Varnish with cURL
Using cURL to access an FTP directory
Enabling mod_status in Apache
Summary
References
10
Troubleshooting DNS Services
Troubleshooting DNS Services
Changing the hostname and managing the FQDN
Performing system sanity checks with BIND
Monitoring bandwidth with iftop
Flushing the cache
Summary
References
Index
Index

Reading log files and affecting the output

Viewing or reading a log file is very easy and depending on your personal preferences, the basic syntax to view any of these files can be expressed in any of the following formats:

# less /var/log/filename
# more /var/log/filename
# cat /var/log/filename
# cat /var/log/filename | less
# cat /var/log/filename | more

Note

Remember, depending on the system configuration, you may need root privileges to view a specific log file. The same can be said when you are attempting to make changes to any system files, and for this reason, we will continue as the root user. However, those who use sudo or su (switch user) should change the instructions accordingly.

Log files can vary between applications and services, but the general purpose of these files is to record the time and date of an event and the security level, and to provide a message or general description. Most messages will be general notices or warnings of one type or another, but on certain occasions, errors will also be trapped.

For example, you may see something like this:

Dec  4 12:49:05 localhost postfix/postfix-script[1909]: starting the Postfix mail system

Messages like this are quite ordinary and merely explain what is happening and when it happened. Yes, you can safely ignore them, but due to the number of messages you see, some may remark or feel that the system is acting a little oversensitive to the extent that a log file is being flooded with low-level information. This information may serve no real purpose to many, but in some circumstances, you may consider that the information supplied isn't sensitive enough, and more information is needed. In the end, only you can decide what best suits your needs. So, in order to take a case in point, let's increase log sensitivity for the purpose of troubleshooting the system.

To do this, we will begin by running the following command:

# cat /proc/sys/kernel/printk

The output of the preceding command enables you to view the current settings for the kernel, which, on a typical system, will look like this:

4       4       1       7

There is a relationship at work here, and it is important that you understand that printk maintains four numeric values that control a number of settings related to the logging of error messages, while every error message in turn maintains its very own log level in order to define the importance of that message.

The log level values can be summarized in the following way:

  • 0: Kernel emergency

  • 1: Kernel alert; action must be taken immediately

  • 2: Condition of the kernel is considered critical

  • 3: General kernel, error condition

  • 4: General kernel, warning condition

  • 5: Kernel notice of a normal but significant condition

  • 6: Kernel informational message

  • 7: Kernel debug-level messages

So, based on the above information, the log level values of 4, 4, 1, and 7 tell us that the following is now apparent:

  • The first value (4) is called the console log level. This numeric value defines the lowest priority of any message printed to the console, thereby implying that the lower the priority, the higher the log level number.

  • The second value (4) determines the default log level for all messages that do not maintain an exclusive log level.

  • The third value (1) determines the lowest possible log level configuration for the overall console log level. The lower the priority, the higher the log level number.

  • The fourth and final value (7) determines the default value for the overall console log level. Again, the lower the priority, the higher the log level number.

Consequently, you are now in a position to consider making changes to the log level through a configuration file found at /etc/sysctl.conf. This file enables you to make fine adjustments to default settings, and it can be accessed with your favorite text editor in the following manner:

# nano /etc/sysctl.conf

To make the required change use the following syntax:

kernel.printk = X X X X

Here, the actual value of X is a log level setting taken from the options described earlier.

For example, you can change the number of messages by adding the following line:

kernel.printk = 5 4 1 7

Of course, such a modification implies a change to the kernel, and for this reason a reboot would be warranted. So, having done this, you will find that the output of running cat /proc/sys/kernel/printk should now reflect the new values. However, and as a supplementary note of caution, having considered doing this (and yes, you can easily reverse any changes made), it is important to realize that there are many questions based on the validity of changing these settings. Look at it this way: it may not help you at all, so you should always read around the subject before making these changes in order to confirm that making this alteration will suit your general purposes.

To view the onboard manual, simply use the following command:

$ man sysctl

On the other hand, for the many other services and applications on your server, you will have additional avenues of investigation to consider and these are generally set by the service or application in question.

A common example of this is Apache. So, if you are debugging a web-based issue related to this service, you may be inclined to open the httpd configuration file like this:

# nano /etc/httpd/conf/httpd.conf

Look or search for the following line:

LogLevel warn

Then, replace the instruction with a more appropriate setting (before saving the file and restarting the service). In this case, you can use:

LogLevel debug

Fortunately, it is nice to know that most services and applications do support a form of debugging mode for an improved log output. This will make the log file much more descriptive and easier to work with when troubleshooting the server, but just before we leave this subject, here comes the small print…

When you are working with log files, you should be aware that the information contained within those log files will not always be enough to help you diagnose the issue at hand or discover the cause of a problem. Log files may not only lack the required information, but they can also contain unknown errors and misleading messages. After all, log files only contain a series of (mainly) predefined messages or break points in a package, and these messages have been designed by programmers to make a remark concerning a known event that could have, or has taken place.

Note

Remember…

When affecting the output of a log file, a verbose and detailed output may raise performance or security issues, while detailed logging can also place an undue burden on the CPU or disk I/O operations.

Based on these circumstances, there are no hard and fast rules because we also know that log files have limitations. So, in the end you will rely on a keen eye for detail and a great deal of patience, and for these reasons alone, you must always learn to "listen to the server" as a whole.

Let's put it this way: the answer is there, but it may not be in the log files. Perseverance and a calm (but firm) hand will win the day, and it is this point of contention that will be echoed throughout the pages of this book.

Previous Section
End of Section 6
Next Section