Which Linux VPS server log files you should monitor
Running a Linux VPS server can be tough sometimes – there are so many things to check, improve, install, automate, troubleshoot, and so on, but it gets easier with time once you get the hang of it. But when you’re new to this, it can be a bit overwhelming, and you might not know which tasks to prioritize. Well, one thing that you should do is to monitor the server log files.
Essentially, they contain all messages about the server, including the services, applications, and the kernel. You should check these regularly as you learn more about your server performance, error messages, security, and any possible underlying issues. These can greatly help you anticipate upcoming issues before they even happen. Here are some of the most important ones.
var/log/messages
This Linux VPS server log file stores informational and non-critical system messages. This is the first file you should check if something goes wrong with the system. You can also track application-related service errors, non-kernel boot errors, and messages logged during system start-up.
/var/log/auth.log
This log stores all authentication-related events, so if you need to look up information concerning the user authorization mechanism, this is the place to check.
It also very useful if you think that there might have been a security breach. You can easily investigate brute-force attacks, failed login attempts, and other user authorization mechanism vulnerabilities.
/var/log/secure
This tracks all usage of authorization systems, like sudo, SSH logins, and stores all security-related messaged as well as authentication failures. You’ll also find all successful login attempts and the activities of valid users. Use this to detect hacking attempts and learn more about unauthorized/failed logins.
/var/log/boot.log
You can look up all system start-up process related messages and other booting related information in this Linux VPS server log. It comes in handy when an unexpected shutdown occurs, as you can use it to determine the duration of it. It’ also useful for analyzing unplanned reboots and booting failures.
/var/log/dmesg
Here you’ll find data related to hardware devices as their drivers are logged here. It also contains Kernel ring buffer messages. Whenever something is malfunctioning or just isn’t getting detected, use this to troubleshoot the problem as it logs device statuses and errors.
/var/log/kern.log
This contains the information logged by the kernel, so it’s a crucial Linux VPS server log file. Use it to troubleshoot all kernel-related warnings and errors, and to debug connectivity and hardware issues. Even if you run on a custom-built kernel, it still stores all relevant data related to it.
/var/log/faillog
This one is also useful for analyzing your server security as it contains data about all failed login attempts. It’s especially useful for tracking brute-force attacks and security breaches that involve username-password hacks.
/var/log/cron
As the name suggests, this stores all data about cron jobs, and whether they run as their supposed to, if they were executed successfully or failed, and so on. If your cron jobs aren’t working, this is the first place to check why.
/var/log/yum.log
This logs information on every new package that is installed via the yum command. You’ll see all the components of the packages, and whether they were installed correctly or not. If your Linux VPS server is behaving strangely and you think that a recently installed package is causing this, use this log file to identify the root cause.
/var/log/mail.log
Here you’ll find all logs related to your mail server. You can use it to track all inbound/outbound emails, analyse failed delivery attempts, and even track the origins of incoming emails. It is also very useful for determining possible spamming attempts and finding additional information about all email related services.
/var/log/httpd/
This stores all Apache server logs, including this server’s login information in the error_log and access_log files. The error_log file logs messages related to httpd errors and records events that happened while processing httpd requests. So, if there is an issue with the Apache webserver, check this log.
The access_log stores all HTTP access requests. This way you can easily track every page and file loaded by Apache. It also stores data about access request statuses, if they were successful or not. Furthermore, it keeps the IP addresses and user IDs of all clients that connect to the server.
/var/log/mysql.log
This is the file for MySQL, and it logs all success, failure, and debug messages related to the [mysqld] and [mysqld_safe] daemons. If you’re experiencing issues while stopping, starting, or running mysqld, check this log.
If you want to be proactive about the functionality and security of your Linux VPS server, you have to monitor these logs. It’s beneficial to do as you’ll learn more about how your system operates along the way. Take note that monitoring and analysing these separately is very time-consuming and difficult. It’s strongly recommended to install a centralized log monitoring tool to ease this burden.