π Log Monitoring & Rotation in Linux (Complete Guide)
In this guide, we'll cover real-time log monitoring , log rotation , and troubleshooting common log issues with explanations of what happens when you run each command .
π Step 1: Checking Logs in Linux
1.1 Check System Logs
πΉ View system logs (recent logs & errors):
What Happens?
Shows extended logs with errors, warnings, and critical messages .
Useful for debugging service failures and system crashes .
πΉ View logs from a specific service (e.g., SSH):
Copy journalctl -u sshd --since " 1 hour ago " What Happens?
Filters logs for the sshd service in the last 1 hour .
πΉ Check kernel logs (boot & hardware issues):
What Happens?
Displays last 20 kernel logs .
Useful for troubleshooting boot issues .
1.2 Real-Time Log Monitoring
πΉ Monitor logs in real-time (live updates):
What Happens?
Continuously displays new log entries .
πΉ Monitor authentication logs (failed logins, SSH attempts):
What Happens?
Shows login attempts and authentication failures .
πΉ Monitor specific service logs (e.g., Nginx):
What Happens?
Displays live access logs for Nginx.
β
Common Issue: Logs Not Updating in Real-Time
πΉ Restart logging service:
What Happens?
Restarts system logging service to fix log display issues.
π οΈ Step 2: Log Rotation & Management
Linux systems generate a lot of logs. If logs are not rotated, they can fill up disk space and cause system slowdowns.
2.1 Checking Log Rotation Configuration
πΉ Check log rotation status:
What Happens?
Runs a dry-run of log rotation (shows what it would do without actually rotating logs ).
πΉ Check log rotation for a specific service (e.g., Apache):
What Happens?
Displays log rotation settings specific to Apache logs .
2.2 Manually Rotate Logs
πΉ Force log rotation immediately:
What Happens?
Forces immediate rotation of logs based on the current config.
πΉ Compress logs after rotation:
What Happens?
Compresses rotated logs to save space.
2.3 Common Log Rotation Issues & Fixes
β
Issue: Logs Are Not Rotating
πΉ Check if logrotate service is running:
Solution: If not running, start it:
β
Issue: Disk Full Due to Logs
πΉ Find large log files:
πΉ Delete old logs manually (if needed):
β
Issue: Log Rotation Not Happening Automatically
πΉ Ensure logrotate is enabled in cron jobs:
πΉ Manually trigger cron jobs:
π Step 3: Advanced Log Monitoring (Bonus)
3.1 Using grep to Filter Logs
πΉ Find errors in logs:
What Happens?
Searches for "error" (case-insensitive) in syslog.
πΉ Check failed SSH logins:
3.2 Using journalctl for Persistent Logs
πΉ View logs after reboot:
πΉ Clear old logs to free space:
What Happens?
Deletes logs older than 7 days .
β Checked system logs (journalctl, dmesg)
β Monitored logs in real-time (tail -f)
β Ensured log rotation (logrotate -d, gzip)
β Fixed common issues (disk full, log not rotating)
Next: Do you want to set up log monitoring with Prometheus + Loki + Grafana? π
Last updated 11 months ago