Troubleshooting Your Linux System

This is a work in progress.

Part 1: Important Log Files

Problems with system stability, hardware related problems, boot related problems. The log files generated in a Linux environment can typically be classified into four different categories:

  1. Application
  2. Event
  3. Service
  4. System

syslog and dmesg

The system log typically contains the greatest deal of information by default about your Ubuntu system. It is located at /var/log/syslog, and may contain information other logs do not. Consult the System Log when you can't locate the desired log information in another log. It also contains everything that used to be in /var/log/messages.

If you want to review messages from the current day, use command:

cat /var/log/syslog|less

You can scroll up and down to look for issues, and do regex search.

You can actively monitor the syslog to watch for errors while you work or perform an activity which typically creates a problem;

tail -f /var/log/syslog

Keep that running in a terminal window while you work. Messages and errors will appear in real time.

They call dmesg the kernel ring buffer utility. In this case, dmesg is an actual command you execute which displays kernel log data. This information is also sent in real time to syslogd or klogd, when they are running, and ends up in /var/log/messages. The dmesg command captures boot-time messages from before syslogd. Type:

dmesg|less

Again, the pipe - less is used to buffer it so you can scroll up and down or perform regex search. Use dmesg to see what occurred during system boot. Things go wrong such as a file system failing to mount or a device driver failing to load, and these events will show up in dmesg.

other useful logs

We are looking at relevant log files generated by the system and stored in the path:

/var/log

Caution: do not open these in a text editor because they are files in an "open" state meaning they are being written in real time, content constantly being added as events occur. You can "cat" or "tail" or make a copy "cp" and open the copy in an editor such as vi.

cat /var/log/boot.log 

or make a copy and open in an editor

cp /var/log/boot.log /tmp/boot.log
vi /tmp/boot.log

Others: (kern.log faillog cron auth.log) secure which are all relevant to a linux workstation. Additional logs become relevant to a server such as web or mail, not covered here.

hardware modules

Get to know the lsmod command

lsmod

This command reports which modules are in loaded into the kernel and their use count. An example is checking to see of a sound card module is loaded (system has no audio.) You might find that the sound card module failed to load or initialize by reviewing dmesg, and you double check to see if module loaded by using lsmod.

You can see what hardware is using the PCI bus.

lspci


 

Last modified on 20 January 2018, at 16:55