INSTRUCTIONS: - Provide answers to the indicated prompts these areas appear in green textboxes). Areas in blue textboxes provide information such as instructions or useful tips for helpful learning resources.
- When completed (or partial completion), save your work using the same filename and note the location of the saved file. Save your file under a permanent directory like Documents! Save your work often.
- When ready to complete, submit this file as an attachment for your Lab 4 dropbox.
| |
Exercise #1: System monitoring Try all the commands to get a basic feel for the command usage and output results (install the package if required). Refer to the following online article: http://www.cyberciti.biz/tips/top-linux-monitoring-tools.html
Perform Yourself (to be marked by instructor). Provide answer where indicated Fill in the chart with a brief purpose for each monitor tool from that above online article Utility | Purpose | top | Top command is used to show the Linux processes. It provides a dynamic real-time view of the running system. | vmstat | The vmstat command reports information about processes, memory, paging, block IO, traps, and cpu activity. | w | It displays information about the users currently on the machine, and their processes. | uptime | uptime command can be used to see how long the server has been running. | ps | ps command will report a snapshot of the current processes. | free | free command shows the total amount of free and used physical and swap memory in the system, as well as the buffers used by the kernel. | iostat (install sysstat first) | iostat command report Central Processing Unit statistics and input/output statistics for devices, partitions and network filesystems (NFS). | sar | sar command used to collect, report, and save system activity information. | mpstat | mpstat command displays activities for each available processor, processor 0 being the first one. mpstat -P ALL to display average CPU utilization per processor | pmap | pmap command report memory map of a process. Use this command to find out causes of memory bottlenecks. | netstat | netstat command displays network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. | ss | ss command use to dump socket statistics. It allows showing information similar to netstat. Please note that the netstat is mostly obsolete. | Iptraf (install) | iptraf command is interactive colorful IP LAN monitor. It is an ncurses-based IP LAN monitor that generates various network statistics including TCP info, UDP counts, ICMP and OSPF information, Ethernet load info, node stats, IP checksum errors, and others. | tcpdump | tcpdump command is simple command that dump traffic on a network. | strace | This command is useful for debugging webserver and other server problems. | /proc (directory) | proc file system provides detailed information about various hardware devices and other Linux kernel information. | nagios3 (install) | It is a popular open source computer system and network monitoring application software. You can easily monitor all your hosts, network equipment and services. | cacti (install) | Cacti is a complete network graphing solution designed to harness the power of RRDTools data storage and graphing functionality. Cacti provides a fast poller, advanced graph templating, multiple data acquisition methods, and user management features out of the box. | ksysguard (install) | KSysguard is a network enabled task and system monitor application for KDE desktop. This tool can be run over ssh session. It provides lots of features such as a client/server architecture that enables monitoring of local and remote hosts. | gnome-system-monitor (install) | The System Monitor application enables you to display basic system information and monitor system processes, usage of system resources, and file systems. | | |
Exercise #2: Working with and Configuring logs View the
/var/log/ directory and check the contents of some of the different logs using either
cat, more or
less command.
Perform Yourself (to be marked by instructor). Provide answer where indicated Another common way to check log files in real-time is using tail f try the following: tail f /var/log/auth.log What does this command do? ANSWER: It will show real time file updated if any new entry added then it shows the updated data. Open a second terminal and become root: sudo su Switch back to the original terminal and note the output from the tail command. What message from the tail f command did you see? ANSWER: | |
We will know setup logging to record critical events in a log file. We will setup for the facility level for e-mail events.
A Facility Level is used to indicate the type of program (process) that is logging the message. These facility levels are usually numbered. Here is a link to display various facility levels: http://en.wikipedia.org/wiki/Syslog#Facility_levels We are going to configure our system to log messages associated with the mail system. View the
/etc/rsyslog.conf file to get a sense of how this configuration file works. Create a file called
/etc/rsyslog.d/local2.conf (to set logging rules) and edit the file to add the following line to this file:
local2.* /var/log/local2.log (Note: This entry will direct the Linux kernel to log any event relating to the
local2 facility (e-mail) with all severity levels to be saved to a file called:
/var/log/local2.log)
Restart your VM. (Usually you should be able to just reload your logging daemon by issuing the command
sudo /etc/init.d/rsyslog restart but a restart may be required for Ubuntu). Issue the following Linux command to test out the system logging setup:
logger p local2.info Testing message View the content of the /var/log/local2.log file. You should see a message.
Provide a Screen Shot Take a screen capture of the system message in the /var/log/local2.log file as proof and paste the screen capture below. | |
Exercise #3: Monitoring System Logs Install the
logwatch and
logcheck application by issuing the following command:
sudo apt-get install logwatch logcheck For the
logwatch application: Create a directory for the Logwatch by issuing the following command:
sudo mkdir /var/cache/logwatch The configuration shouldn't be edited in the install directory (/usr/share/logwatch). It is recommended to copy logwatch.conf to /etc/logwatch before editing by issuing the following command:
sudo cp /usr/share/logwatch/default.conf/logwatch.conf /etc/logwatch/conf/ Edit the
/etc/logwatch/conf/logwatch.conf file and navigate to the following line: MailTo=root Change the e-mail to the vmadmin user:
MailTo = vmadmin The
detail level of the logwatch report can be
Low,
Med or
High. The default level is Low. To change that, edit the newly copied logwatch.conf:
Detail = High For Ubuntu systems with apache server perform the following operations:
sudo cp /usr/share/logwatch/default.conf/logfiles/http.conf /etc/logwatch/conf/logfiles/ Issue the following Linux command and view the output:
sudo logwatch Note: it is quite likely you will get an error while attempting to run the logwatch command. The error will say that the /var/cache/logwatch directory does not exist and the logwatch command will not run. The fix is quite simple: use the mkdir command to create the /var/cache/logwatch directory and run the logwatch command again. Provide a Screen Shot Take a screen capture of a portion of the logwatch output as proof and paste the screen capture below. | |
For more information about labs (for interest), you can read the information about logs at http://tuxradar.com/content/managing-your-log-files
*** END OF WEEK 8 TASKS ***