medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
23c83c50a07bbcc7805b2de8d9c3aaa758e19cae
the_information_nexus/docs/tech_docs/linux/linux-troubleshooting.md

5.8 KiB
Raw Blame History

Creating a focused reference guide for advanced log filtering and analysis, this guide will cover powerful and practical examples using grep, awk, sed, and tail. This guide is intended for experienced Linux users who are familiar with the command line and seek to refine their skills in parsing and analyzing log files for troubleshooting and monitoring purposes.

Log Filtering and Analysis Reference Guide

1. Using grep for Basic Searches

  • Filter Logs by Date:

    grep "2024-03-16" /var/log/syslog

    This command filters entries from March 16, 2024, in the syslog.

  • Search for Error Levels:

    grep -E "error|warn|critical" /var/log/syslog

    Use -E for extended regular expressions to match multiple patterns, useful for finding various error levels.

2. Advanced Text Processing with awk

  • Extract Specific Fields:

    awk '/Failed password/ {print $1, $2, $3, $(NF-5), $(NF-3)}' /var/log/auth.log

    This example extracts the date, time, and IP address from failed SSH login attempts. NF represents the number of fields in a line, making $(NF-5) and $(NF-3) select fields relative to the end of the line.

  • Summarize Access by IP Address:

    awk '{print $NF}' /var/log/apache2/access.log | sort | uniq -c | sort -nr

    Here, $NF extracts the last field (typically the IP address in access logs), uniq -c counts occurrences, and sort -nr sorts numerically in reverse for a descending list of IP addresses by access count.

3. Stream Editing with sed

  • Remove Specific Lines:

    sed '/debug/d' /var/log/syslog

    This command deletes lines containing "debug" from the output, useful for excluding verbose log levels.

  • Anonymize IP Addresses:

    sed -r 's/([0-9]{1,3}\.){3}[0-9]{1,3}/[REDACTED IP]/g' /var/log/apache2/access.log

    Using a regular expression, this replaces IP addresses with "[REDACTED IP]" for privacy in shared analysis.

4. Real-time Monitoring with tail -f and grep

  • Watch for Specific Log Entries in Real-time: 
    tail -f /var/log/syslog | grep "kernel"
    This monitors syslog in real-time for new entries containing "kernel", combining tail -f with grep for focused live logging.

Combining Tools for Enhanced Analysis

  • Identify Frequent Access by IP with Timestamps:

    awk '{print $1, $2, $4, $NF}' /var/log/apache2/access.log | sort | uniq -c | sort -nr | head

    This command combines awk to extract date, time, and IP, then sort and uniq -c to count and sort access attempts, using head to display the top results.

  • Extract and Sort Errors by Frequency:

    grep "error" /var/log/syslog | awk '{print $5}' | sort | uniq -c | sort -nr

    Filter for "error" messages, extract the application or process name (assuming it's the fifth field), count occurrences, and sort them by frequency.

This guide provides a foundation for powerful log analysis techniques. Experimentation and adaptation to specific log formats and requirements will further enhance your proficiency. For deeper exploration, consider the man pages (man grep, man awk, man sed, man tail) and other comprehensive resources available online.

Comprehensive Linux Troubleshooting Tools Guide

This guide provides an overview of key packages and their included tools for effective troubleshooting in Linux environments, specifically tailored for RHEL and Debian-based distributions.

Tools Commonly Included in Most Linux Distributions

  • GNU Coreutils: A collection of basic file, shell, and text manipulation utilities. Key tools include:

    • df: Reports file system disk space usage.
    • du: Estimates file space usage.

  • Util-linux: A suite of essential utilities for system administration. Key tools include:

    • dmesg: Examines or controls the kernel ring buffer.

  • IPUtils: Provides tools for network diagnostics. Key tools include:

    • ping: Checks connectivity with hosts.
    • traceroute: Traces the route taken by packets to reach a network host.

RHEL (Red Hat Enterprise Linux) and Derivatives

  • Procps-ng: Offers utilities that provide information about processes. Key tools include:

    • top: Displays real-time system summary and task list.
    • vmstat: Reports virtual memory statistics.

  • Net-tools: A collection of programs for controlling the network subsystem of the Linux kernel. Includes:

    • netstat: Shows network connections, routing tables, and interface statistics.

  • IPRoute: Modern replacement for net-tools. Key utility:

    • ss: Investigates sockets.

  • Sysstat: Contains utilities to monitor system performance and usage. Notable tools:

    • iostat: Monitors system I/O device loading.
    • sar: Collects and reports system activity information.

  • EPEL Repository (for tools not included by default):

    • htop: An interactive process viewer, enhanced version of top.

Debian and Derivatives

  • Procps: Similar to procps-ng in RHEL, it provides process monitoring utilities. Key tools include:

    • top: For real-time process monitoring.
    • vmstat: For reporting virtual memory statistics.

  • Net-tools: As with RHEL, includes essential networking tools like netstat.

  • IPRoute2: A collection of utilities for controlling and monitoring various aspects of networking in the Linux kernel, featuring:

    • ss: A utility for inspecting sockets.

  • Sysstat: Similar to its usage in RHEL, includes tools like iostat and sar for performance monitoring.

Conclusion

This guide emphasizes the importance of familiarizing oneself with the tools included in standard Linux packages. Whether you are operating in a RHEL or Debian-based environment, understanding the capabilities of these tools and their respective packages is crucial for effective troubleshooting and system monitoring.