You hear it all the time: Monitor your logs. When there is a problem, check the logs. And it’s good advice, because system and application logs tell you anything you need to know, provided you actually look at them and understand what they are saying.
Viewing logfiles is merely a question of volition; understanding what they are telling you is a another kettle of clams entirely. Today we’ll look at what you might find in your network activity logs, and what it all means. Then you’ll know if you need to leap heroically into action, or if you can return to sipping your iced tea and catching up on your sadly-neglected napping.
The Mysterious — MARK —
All newbie admins asks what this means in /var/log/messages:
Jul 1 16:04:53 windbag — MARK —
Jul 1 16:24:53 windbag — MARK —
Jul 1 16:44:53 windbag — MARK —
That’s just the syslog daemon letting you know that it is alive and well. You may set the interval to anything you like on Debian by editing /etc/init.d/sysklogd. This sets it to 60 minutes:
SYSLOGD=”-m 60″
Then restart the syslog daemon:
# /etc/init.d/sysklogd restart
On Red Hat and derivatives, edit /etc/sysconfig/syslog :
SYSLOGD_OPTIONS=”-m 60″
Restart syslogd with service syslog restart. Then watch it happen in realtime on any Linux with tail -f /var/log/messages. (You can monitor the changes in any text file with tail.)