Les logs

De The Linux Craftsman
Aller à la navigation Aller à la recherche

Introduction

/var/log/messages

Par démons

dhcpd

Les logs de dhcpd se trouve dans /var/log/messages :

Feb 14 09:01:06 fw dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Feb 14 09:01:06 fw dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Feb 14 09:01:06 fw dhcpd: All rights reserved.
Feb 14 09:01:06 fw dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 14 09:01:06 fw dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Feb 14 09:01:06 fw dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Feb 14 09:01:06 fw dhcpd: Wrote 0 deleted host decls to leases file.
Feb 14 09:01:06 fw dhcpd: Wrote 0 new dynamic host decls to leases file.
Feb 14 09:01:06 fw dhcpd: Wrote 5 leases to leases file.
Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:01:06 fw dhcpd: Sending on   LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth2.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth2 is attached. **
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:01:06 fw dhcpd: Sending on   LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth0 (192.168.100.200).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth0.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth0 is attached. **
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: Sending on   Socket/fallback/fallback-net

Interfaces d'écoutes

On voit clairement les interfaces ou dhcpd va répondre :

Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:01:06 fw dhcpd: Sending on   LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24

Et celles ou rien ne se passera :

Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth2.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth2 is attached. **
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth0 (192.168.100.200).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth0.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth0 is attached. **

Délivrance des baux

Quand une machine demande un bail au serveur DHCP, on peut le suivre dans les logs... ce qui est très pratique quand on n'a pas envie de recopier son adresse MAC !

Feb 14 09:08:33 fw dhcpd: DHCPDISCOVER from 00:0c:29:e6:c5:aa via eth1
Feb 14 09:08:33 fw dhcpd: DHCPOFFER on 192.168.200.253 to 00:0c:29:e6:c5:aa via eth1
Feb 14 09:08:33 fw dhcpd: DHCPREQUEST for 192.168.200.253 (192.168.200.254) from 00:0c:29:e6:c5:aa via eth1
Feb 14 09:08:33 fw dhcpd: DHCPACK on 192.168.200.253 to 00:0c:29:e6:c5:aa via eth1

named (bind)

Les logs de named se trouve en majeur partie dans /var/log/message

Feb 14 13:17:30 dns named[1559]: ----------------------------------------------------
Feb 14 13:17:30 dns named[1559]: BIND 9 is maintained by Internet Systems Consortium,
Feb 14 13:17:30 dns named[1559]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Feb 14 13:17:30 dns named[1559]: corporation.  Support and training for BIND 9 are
Feb 14 13:17:30 dns named[1559]: available at https://www.isc.org/support
Feb 14 13:17:30 dns named[1559]: ----------------------------------------------------
Feb 14 13:17:30 dns named[1559]: adjusted limit on open files from 4096 to 1048576
Feb 14 13:17:30 dns named[1559]: found 2 CPUs, using 2 worker threads
Feb 14 13:17:30 dns named[1559]: using up to 4096 sockets
Feb 14 13:17:30 dns named[1559]: loading configuration from '/etc/named.conf'
Feb 14 13:17:30 dns named[1559]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Feb 14 13:17:30 dns named[1559]: using default UDP/IPv4 port range: [1024, 65535]
Feb 14 13:17:30 dns named[1559]: using default UDP/IPv6 port range: [1024, 65535]
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53
Feb 14 13:17:30 dns named[1559]: generating session key for dynamic DNS
Feb 14 13:17:30 dns named[1559]: sizing zone task pool based on 8 zones
Feb 14 13:17:30 dns named[1559]: using built-in DLV key for view _default
Feb 14 13:17:30 dns named[1559]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Feb 14 13:17:30 dns named[1559]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: D.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: A.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: B.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: command channel listening on 0.0.0.0#953
Feb 14 13:17:30 dns named[1559]: zone 0.in-addr.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10
Feb 14 13:17:30 dns named[1559]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20
Feb 14 13:17:30 dns named[1559]: zone localhost.localdomain/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone localhost/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: managed-keys-zone ./IN: loaded serial 81
Feb 14 13:17:30 dns named[1559]: running

Chargement des fichiers de zones

Il faut repérer dans cet amas de lignes celles qui sont font référence au chargement des zones spécifiques :

Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10
Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20

Interfaces d'écoute

On peut s'assurer, autrement qu'avec netsatat que named écoute bien sur les bonnes interfaces :

Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53

httpd

httpd log dans le répertoire /var/log/httpd/ et utilise deux fichiers:

  • access_log → pour journaliser tous les accès
  • error_log → pour journaliser toutes les erreurs

Démarrage et erreurs

Le fichier /var/log/httpd/error_log est fait pour ça. Quand vous avez une erreur PHP ou autre, c'est ici qu'il faut venir faire un tour:

[Sat Feb 15 02:32:53 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Sat Feb 15 02:32:53 2014] [notice] Digest: generating secret for digest authentication ...
[Sat Feb 15 02:32:53 2014] [notice] Digest: done
[Sat Feb 15 02:32:54 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations

Vérifier l'accès aux pages

Pour vérifier, qui demande quoi sur à votre serveur c'est dans le fichier /var/log/httpd/access_log qu'il faut venir regarder:

192.168.200.254 - - [30/Dec/2013:13:43:38 +0100] "GET / HTTP/1.1" 200 130 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
192.168.200.254 - - [30/Dec/2013:13:43:39 +0100] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
192.168.200.254 - - [30/Dec/2013:13:43:42 +0100] "GET / HTTP/1.1" 200 14 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"
192.168.200.254 - - [30/Dec/2013:13:43:45 +0100] "GET / HTTP/1.1" 200 130 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"

Squid

Samba

smbd

nmbd

Iptables