Difference between revisions of "Troubleshooting Your Linux System"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
(Created page with "This is a work in progress. == Part 1: Important Log Files == Problems with system stability, hardware related problems, boot related problems. === syslog and dmesg === ...")
 
m (Part 1: Important Log Files)
 
(2 intermediate revisions by one user not shown)
Line 3: Line 3:
 
== Part 1: Important Log Files ==
 
== Part 1: Important Log Files ==
  
Problems with system stability, hardware related problems, boot related problems.
+
Problems with system stability, hardware related problems, boot related problems. The log files generated in a Linux environment can typically be classified into four different categories:
 +
#Application
 +
#Event
 +
#Service
 +
#System
  
 
=== syslog and dmesg ===
 
=== syslog and dmesg ===
Line 10: Line 14:
  
 
If you want to review messages from the current day, use command:
 
If you want to review messages from the current day, use command:
  cat /var/log/syslog |less
+
  cat /var/log/syslog|less
 
You can scroll up and down to look for issues, and do regex search.
 
You can scroll up and down to look for issues, and do regex search.
  
Line 16: Line 20:
 
  tail -f /var/log/syslog
 
  tail -f /var/log/syslog
 
Keep that running in a terminal window while you work.  Messages and errors will appear in real time.
 
Keep that running in a terminal window while you work.  Messages and errors will appear in real time.
 +
 +
They call dmesg the kernel ring buffer utility.  In this case, dmesg is an actual command you execute which displays kernel log data.  This information is also sent in real time to syslogd or klogd, when they are running, and ends up in /var/log/messages.  The dmesg command captures boot-time messages from before syslogd.  Type:
 +
dmesg|less
 +
Again, the pipe - less is used to buffer it so you can scroll up and down or perform regex search.  Use dmesg to see what occurred during system boot.  Things go wrong such as a file system failing to mount or a device driver failing to load, and these events will show up in dmesg.
 +
 +
=== other useful logs ===
 +
We are looking at relevant log files generated by the system and stored in the path:
 +
/var/log
 +
Caution: do not open these in a text editor because they are files in an "open" state meaning they are being written in real time, content constantly being added as events occur.  You can "cat" or "tail" or make a copy "cp" and open the copy in an editor such as vi.
 +
cat /var/log/boot.log
 +
or make a copy and open in an editor
 +
cp /var/log/boot.log /tmp/boot.log
 +
vi /tmp/boot.log
 +
 +
Others: (kern.log faillog cron auth.log) secure which are all relevant to a linux workstation.  Additional logs become relevant to a server such as web or mail, not covered here.
 +
 +
== hardware modules ==
 +
Get to know the lsmod command
 +
lsmod
 +
This command reports which modules are in loaded into the kernel and their use count.  An example is checking to see of a sound card module is loaded (system has no audio.)  You might find that the sound card module failed to load or initialize by reviewing dmesg, and you double check to see if module loaded by using lsmod.
 +
 +
You can see what hardware is using the PCI bus.
 +
lspci
 +
 +
 +
 
 +
 +
[[Category:Computer_Technology]]
 +
[[Category:Linux]]

Latest revision as of 16:55, 20 January 2018

This is a work in progress.

Part 1: Important Log Files

Problems with system stability, hardware related problems, boot related problems. The log files generated in a Linux environment can typically be classified into four different categories:

  1. Application
  2. Event
  3. Service
  4. System

syslog and dmesg

The system log typically contains the greatest deal of information by default about your Ubuntu system. It is located at /var/log/syslog, and may contain information other logs do not. Consult the System Log when you can't locate the desired log information in another log. It also contains everything that used to be in /var/log/messages.

If you want to review messages from the current day, use command:

cat /var/log/syslog|less

You can scroll up and down to look for issues, and do regex search.

You can actively monitor the syslog to watch for errors while you work or perform an activity which typically creates a problem;

tail -f /var/log/syslog

Keep that running in a terminal window while you work. Messages and errors will appear in real time.

They call dmesg the kernel ring buffer utility. In this case, dmesg is an actual command you execute which displays kernel log data. This information is also sent in real time to syslogd or klogd, when they are running, and ends up in /var/log/messages. The dmesg command captures boot-time messages from before syslogd. Type:

dmesg|less

Again, the pipe - less is used to buffer it so you can scroll up and down or perform regex search. Use dmesg to see what occurred during system boot. Things go wrong such as a file system failing to mount or a device driver failing to load, and these events will show up in dmesg.

other useful logs

We are looking at relevant log files generated by the system and stored in the path:

/var/log

Caution: do not open these in a text editor because they are files in an "open" state meaning they are being written in real time, content constantly being added as events occur. You can "cat" or "tail" or make a copy "cp" and open the copy in an editor such as vi.

cat /var/log/boot.log 

or make a copy and open in an editor

cp /var/log/boot.log /tmp/boot.log
vi /tmp/boot.log

Others: (kern.log faillog cron auth.log) secure which are all relevant to a linux workstation. Additional logs become relevant to a server such as web or mail, not covered here.

hardware modules

Get to know the lsmod command

lsmod

This command reports which modules are in loaded into the kernel and their use count. An example is checking to see of a sound card module is loaded (system has no audio.) You might find that the sound card module failed to load or initialize by reviewing dmesg, and you double check to see if module loaded by using lsmod.

You can see what hardware is using the PCI bus.

lspci