After you have completed installing Linux and set it up to do whatever you wanted it do, the next big challenge is to maintain it. It appears a daunting task if you're not sure what's going on within the system. But you'll be much more comfortable if you know about it. That's where System Accounting and Logging of Linux system comes in.
Linux has a very good system accounting and logging system in it. But you need to know a certain thing in order to fully utilize the service. In this post, we'll be discussing four important areas where you will be checking what's going on within your Linux system rather than configuring or modifying it.
1. Monitoring User Information
3. Quotas
2. System Logs
4. Monitoring Log Files
MONITORING USER INFORMATION
As Linux is a multi-user and multi-tasking system, it is extremely essential for you as a system administrator to keep eye on each user. Linux by default stores a lot of information about its use is unless it asked specifically not to. The information is saved in a file called utmp under /var/log directory
Lets discuss some of the important utilities under this category -
$who
This utility simply gives you details about the currently logged-in user and provide you with the following details -
[a]. Name of the users [b]. which tty users are using [c]. what time they logged in
$w
This takes the who to the next level and gives you more information about users and adds which programs users are running. It also provides detailed information about each user separately. It also displays system information at the top line in the following order -
[a]. Current Time [b]. Uptime Information [c]. Number of users [d]. System Load
$finger
This is another powerful utility for getting user information in the system or in a remote system. To get user information from a remote system, you need to supply a username@hotname to finger command. The finger utility provides the following information about the user -
[a]. Login names [b]. Real name of the user [c]. What tty they are using [d]. Idle time since their login time [e]. Login Date and Time [f]. Extended information if there is any
MONITORING USER INFORMATION PAST SYSTEM LOGINS
Apart from keeping user information in utml file, Linux also keeps a log of all logins to the system in another file called wtmp under /var/log directory. Please note that some Linux system uses a log rotator program to delete logs after every few days or weeks. You can check the configuration of log rotation utilities under /etc/logrotate.conf or /etc/logrotate.d/
$last
This command gets the information from wtmp file and displays a listing of every login since the last time the log file was rotated. It displays following details-
[a]. Login name [b]. tty [c]. Where the user login from (localhost or remote) [d]. Date, Time and Duration
$ac
This command provides Total Login Times per-user, per day or total system basis.
- ac run with no parameters gives you the total amount of time used on the system in hours by all users
- ac username : gives you total login time information for that particular user
- ac- d username : gives you the total login time of that user per-day basis
- ac p -d :This gives a day-by-day listing of each user individually
SYSTEM QUOTAS
Quotas are used to limit the use of hard drives on per-user or per-group basis - which means every user or group can only have a certain amount of hard drive to store their files. It is also used to set soft and hard limits and grace periods.
Most of the new Linux distributions already have quota enabled but for your knowledge, quota support needs to be compiled into the kernel. Most likely your Linux distribution will already have compiled it by default but if you're compiling Linux yourself, you need to include it and this is done by answering YES to Quota support (CONFIG_QUOTA) during configuration. Several other utilities are required to support the quota. You need to refer to HOW-TO Quota for in-depth knowledge.
Moving further, you need to prepare the Filesystem for Quota to work. You need to modify /etc/fstab file and specify whether you are using user-quotas, group-quotas, or both.
For example, look for similar entries -
/dev/hdb1 /home ext2 defaults 1 1
and replace the default with usrquota or grpquota or let be both there sepacated by comma (,)
/dev/hdb1 /home ext2 usrquota, grpquota 1 1
Now, you will need to create two separate files for user and group quotas. You only create two separate files if you'r using both quotas or you can just create one file whichever you are going to use. such as-
#touch /home/quota.user
#touch /home/quota.group
#chmod 600 /home/quota.user /home/user/quota.group
After this step, you will need to add Quota support to the system initialization process by modifying init process. In Red Hat system, you will want to add these two commands - quotacheck -avug and quotaon -avug
After this, use can use following commands to manage the Quotas on the system -
#quotaon / quotaoff : This is used to enable and disable quotas on the system respectively for a give filesystem. By default, it only affects user quotas, add -g with it to affect group quotas. To affect all filesystem, add -a to the command.
#quotacheck : This utility is run to update the quotas on the given filesystem. This command also takes -a for all filesystem, -u for user, -g for group and -v for verbose operation.
#quota : This command is used by user to check how much of their quotas have been used along with soft and hard limits.
#edquota : This command is only for Superuser and sets the user's quotas (soft and hard limits). A value of 0 (zero) means no limit is imposed on the user or group.
SYSTEM LOGGING
The syslog, a system logger, is a daemon in a Linux system which accepts logging information from other programs and acts as a central point for logging system-wide logs and saves them into a pre-designated area in the system. Non-privileged processes can also send their logging information to Syslog to be logged. This logging daemon can also send or accept logging information to or from remote hosts. This makes it really easy to capture and store log files from several servers or workstations spread across various locations into one central location.
The Syslog configuration file is located in /etc/syslog.conf file. It is a well commented file so it is really easy for anyone to customize it.
Whenever a program wants to save its logging information through syslog, it must provide its name and logging level to Syslog. The logging levels can be a Syslogwarning, alert, crit, err, info, notice etc.
Most likely, the log files in your system are stored in /var/log/ directory. If it is not, refer to /etc/syslog.conf file to know its location. The syslog files are written in plain text format so you can use any text editor or paging utility to view the log files.
For example,
# cat log-file-name : It will show print the content from the log file to the screen.
A paging utility such as less or more could also be used to view the log file as paginated so that you scroll up or down. But if you want to search for a particular text in a log file, you should use grep command.
For example, if you want to look for "Error" in a log file, you would need to run the following command -
# grep Error logs-file-name | less
Sometimes, you also might want to monitor log files in progress as it's being captured. For example - If you have a squid proxy running in your system, you can use the command below to monitor websites being visited in real-time by users.
# tail -f /var/log/squid3/access.log
CURRENT SYSTEM LOAD AND RUNNING PROCESSES
As a system administrator, you are also required to monitor the system load and current process from time to time to make sure everything is running normally in your system. Let's look into the command which you will be using to find out this -
Usually "load average" term in Linux is used to determine the system load. This basically tells you - how many processes (average) had to wait for the CPU in a given amount of time and typically, that time is last 1 minute, last 5 minutes and last 15 minutes. It looks something like this -
load average: 0.08, 0.03, 0.01
For a normal system load, the value of the load average has to be below 1. We shall be discussing three commands here to deal with average load and process.
# uptime
The uptime command shows the current time, Total system up time, Number of total logged-on users, and the load average.
# top
The top command is used to view currently running processes in the system. It also provides load average, CPU, and memory statistics.
# ps
The ps is a very powerful command to view and analyze running processes on the system. The ps command run without any option lists all the running process; # ps u display a detailed listing of running processes, # ps au usernames associated with each process and # ps aux will display processes associated with a tty and #ps auxwww - displays each entry on a separate line and each w makes the output to be one line longer to a better presentation.
Comments
Post a Comment