This article lists several log files in the Linux system. and combining the log records in the message, a simple analysis is made. Syslog is the default log daemon for Linux systems. The default Syslog profile is the/etc/sysctl.conf file. Typically, Syslog accepts information from various functions of the system, each of which includes an important level. The/etc/syslog.conf file notifies syslogd how to report information based on device and information importance levels.
So, what are the logs of Linux records?
/var/log/lastlog: Record the last time the user successfully logged in, login IP and other information
/var/log/messages: Log the common system and service error messages for Linux operating systems
/var/log/secure : Linux system security log, record user and workgroup bad situation, user login authentication
/var/log/btmp: Log user, time and remote IP address of Linux login failure
/var/log/cron : Record Crond scheduled task service execution
grep ' Find key field '/var/log/messages|head-n number
grep ' Find key field '/var/log/messages|tail-n number of rows
How to view a log (in message as an example)
Question 1:time wait bucket table overflow Analysis: The reason is more than the number of Linux system TW valve value. Damage is more than the threshold, the system will be redundant time-wait socket removed, and display a warning message, if the NAT network environment and a large number of access, will produce a variety of connections unstable disconnect. According to the error prompts, you need to change the Net.ipv4.tcp_max_tw_buckets kernel parameter. This parameter is the maximum number of timewait sockets that the system maintains at the same time. If this number is exceeded, the time-wait socket is immediately cleared and the warning message is printed. This limitation is only to prevent simple Dos attacks. I have seen the time_wait in my system is produced by PHP-FPM, is a normal phenomenon. Solve:
net.ipv4.tcp_max_tw_buckets = 20000
Related articles: Understanding time_wait, thoroughly understand solve tcp:http://www.itnpc.com/news/web/146163065359633.html solve time_wait problems caused by too much: http:// blog.csdn.net/eroswang/article/details/51141963 "Linux Log" system log and Analysis: http://www.cnblogs.com/yingsong/p/6022181.html
Problem 2:7:28 kernel:php-fpm: segfault at 7ff56c752268 IP 00007ff56c752268 sp 00007fff18bc1b18 error in zero (delet ed) [7ff56be47000+8000000] Analysis: With backlog configuration, need to understand the department of "Computer network" three times handshake, four wave mechanism. Not too much in this description, find a few articles, detailed interested, you can see the relevant articles below. Solve:
net.ipv4.tcp_max_tw_buckets = 10000
Related article: Nginx php-fpm segfault that thing: http://blog.csdn.net/mengfanzhong/article/details/53012478 php-fpm parameter potential problem: http://blog.csdn.net/willas/article/details/11634825 TCP/IP protocol backlog analysis and settings and TCP state changes: http://www.2cto.com/net/ 201307/224634.html a segfault error in the troubleshooting process: http://blog.csdn.net/zhaohaijie600/article/details/45246569
Summary: So, ask multiple questions can be modified in the sysctl.conf configuration file, as shown in the following figure. But all problems found solution, to combine the current business and machine configuration reasonable adjustment, not indiscriminately modified. Usually have time also can go to production to see the relevant operating system log, there is a better understanding of their own system.
Edit configuration file: vi/etc/sysctl.conf
Other articles reference: Linux syslog detailed: http://www.cnblogs.com/skyofbitbit/p/3674664.html settings sysctl.conf (configuration sysctl.conf file detailed): http:// blog.csdn.net/21aspnet/article/details/6584792 Linux under the syslog usage instructions: http://blog.chinaunix.net/ Uid-25120309-id-3359929.html
System log: Record system related information: http://blog.csdn.net/ty_hf/article/details/55511624 Apache access logs and error logs: http://blog.csdn.net/ty_hf/ article/details/55504719 nginx access log and error log: http://blog.csdn.net/ty_hf/article/details/55518070 php-fpm slow Log : Detect slow PHP script: http://blog.csdn.net/ty_hf/article/details/55504172 PHP error log: Detects PHP run or user logs error log: http:// blog.csdn.net/ty_hf/article/details/55505262 MySQL slow log: Record the performance sql:http://blog.csdn.net/ty_hf/article/in the MySQL server details/55504172
This article address: http://blog.csdn.net/ty_hf/article/details/55511624