[fingal]

... perhaps because I'm a desktop user and my up-time is minimal during the working week. I installed Logwatch not long ago, and configured it to e-mail a breakdown of my system logs using Postfix. So far I haven't learned much from that!

My Snort 'alert' log is more interesting. Every other evening I go into /var/logs/snort and type tail -50 alert . It appears I get port scanned a lot.

Has anyone here learned anything interesting from looking at system logs?

[apoorv_khurasia]

We (the univ mainframe sys-admin team) use them frequently to analyze system errors and monitor access activities etc.....

Sometimes they come handy when for example some process keeps on dieing etc....

For my desktop....I normally do not go thru the logs unless I have nothing better to do :P.

[fingal]

Quote:

Originally Posted by apoorv_khurasia

We (the univ mainframe sys-admin team) use them frequently to analyze system errors and monitor access activities etc.....

Sometimes they come handy when for example some process keeps on dieing etc....

For my desktop....I normally do not go thru the logs unless I have nothing better to do :P.

Hi apoorv: how do you go about analysing those logs? I've found that over time they can start to take up quite a lot of room!

[budman7]

Quote:

Originally Posted by apoorv_khurasia

For my desktop....I normally do not go thru the logs unless I have nothing better to do :P.

What doesn't classify as something better.
I would think recompiling your kernel would classify as something better than going through system logs.

I have looked at system logs just to see what was in them. boooooooooring

[apoorv_khurasia]

Quote:

Originally Posted by fingal

Hi apoorv: how do you go about analysing those logs? I've found that over time they can start to take up quite a lot of room!

Yes thats a problem. Some logs take up as much as 2-3 GB of space. As a solution we rotate the logs frequently using logrotate.conf. So after some time (say three weeks) old logs are deleted. Different logs have different frequency of deletion. Hope that clarifies your doubt.

[fingal]

Quote:

Originally Posted by apoorv_khurasia

Yes thats a problem. Some logs take up as much as 2-3 GB of space. As a solution we rotate the logs frequently using logrotate.conf. So after some time (say three weeks) old logs are deleted. Different logs have different frequency of deletion. Hope that clarifies your doubt.

Hi apoorv - Yes thanks, that's useful ... I'll take a look at logrotate.conf when I get home. I don't really need to hang onto logs for very long as my computing needs are very simple at this point.

I've been using SMART tools to monitor my hdd lately, and found that information to be useful from my logs. I was worried about my drive failing: but it's not.

[Redman]

They can be useful to see if people are attacking your system(s). And through which doors/protocols they try to enter.

It becomes funny when I see which usernames they tried to access through SSH

[fingal]

I must admit, when I posted this I thought, 'Well logs may be boring, but they're also useful!' But perhaps useful=boring?

I never used to look at my system logs, but now I don't feel like anything's going on behind my back. Coming from a Windows background it took me ages to get used to logs ... But I'm pleased I have them.

Some stuff about Logwatch is on: http://www2.logwatch.org:81 There's a similar package for Debian based distros. Not sure what it's called.

<obscure joke>
Never tell an English person that you 'spent the night checking my logs.' They'll give you a strange look and tell their neighbours.
</obscure joke>

[Roxoff]

Personally, I like boring logs. It's when the logs become exciting that you're in the shit

NB: Can I use the word 'shit' on here?

[fingal]

Quote:

Originally Posted by Roxoff

Personally, I like boring logs. It's when the logs become exciting that you're in the shit

NB: Can I use the word 'shit' on here?

Nah ... I knew that comment would pull you in though.