What are server logs and what are they for
Server logs are files that record and store system information about the operation of the device. They contain data about certain events that occur on the server:
- Errors that occur during work;
- Attendance statistics;
- Data about search queries;
- Login and logout attempts for accounts;
- Information about the operation of the mail service;
- Task scheduler data, and more.
The nature of the contents of the logs depends on their location, purpose, and the settings set by the administrator.
Where can I see the server logs
As a rule, these files are stored on the hard disk or SSD drive of the main server, and most often it is the root directory of the hosting, the system folder logs. The exact location will depend on the operating system:
- For Ubuntu or Debian users, the main log file will be stored under /var/log/syslog, and logs of system boot, nginx, MySQL can be found there.
- For CentOS or Fedora it is /var/log/. Here you can find the logs of errors, accesses, system boots and other software.
- For Windows it is much easier - just go through the control panel to the "View logs and events" application, and then directly to the system logs.
In general, it is not a problem to find web server logs, but not everyone can read and understand them correctly. Let's talk about this further.
Why watch server logs and how to read them correctly
The logs contain important information about server crashes, sudden increases in load, insufficient performance, and more. Here you can find indirect and direct indications of hacking attempts, spamming, etc. It is important to be able to properly analyze these files to take timely measures to improve the server and ensure a high level of security.
Every log has a clear structure with coded information about the nature of the incident. For example, let's look at the structure of a standard access_log file:
102.102.102.102 - - [02/Feb/2022:12:00:00 +0100] "GET /wp-includes/feed.php HTTP/2.0" 200 - "-" "Chrome/6.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36"
Decipher:
- 102.102.102.102.102 - IP address where the request came from;
- [02/Feb/2022:12:00:00 +0100] - date and time of the event;
- GET - request method;
- /wp-includes/feed.php - request object;
- HTTP/2.0 - protocol;
- 200 - server response code;
- Chrome/6.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.96 Safari/537.36 - visitor data.
The structure of log files will be different depending on the operating system, so there is no universal guide - you need to learn everything on an individual basis. For Windows Server everything is very simple - logging is done in the form of a table with a smart and convenient structure. All in all, a little bit of theory and practice, and you can easily read any server logs, from mail logs to boot logs.
Checking logs if you have a VPS server
To access the system logs, you first need to connect to the server via SSH, and then enter a sequence of commands into the console:
- cd logs.
- ls -all.
The contents of the logs folder will appear in front of you, so all you have to do is to open the log file you are looking for and start analyzing it. To make it easier to collect and view server logs, many administrators use special software such as Paessler PRTG, Papertrail, Loggly or XpoLog. Here everyone prefers what is more convenient and cheaper, because the normal programs, as a rule, paid. This concludes our article and thank you for your attention. If you experience any difficulties, feel free to contact the HostZealot specialists. We can offer a VPS for rent and help you get started.