Server Status Check

12006

Learning Objectives

Learn how to view and analyze server logs
Learn how to manage server processes

1. Server Log Analysis

Linux systems provide extensive logging capabilities. Learning to view and analyze these logs can help us better understand the operational status of the server, identify and troubleshoot issues. Below are some commonly used logs in servers:

journalctl command:

journalctl is a powerful log management tool used to query and display logs collected by the systemd system and service manager. It allows administrators to view system logs in various formats and supports filtering logs by time, service, priority, etc. journalctl provides deep insights into system activities and is a key tool for maintaining and troubleshooting Linux systems. Through it, administrators can effectively monitor system health and security status.

journalctl is highly versatile with many usages:

View all logs (by default, only logs from the current boot are saved):

journalctl

View kernel logs (does not display application logs):

journalctl -k

View logs from the current boot:

journalctl -b  
journalctl -b -0

Real-time scrolling display of the latest logs, where the -f parameter indicates real-time scrolling display.

journalctl -f

View logs for a specific service, such as nginx (the -u parameter indicates viewing logs related to the service that follows):

journalctl -u nginx

View logs in the /var/log/ directory:

auth.log
message
syslog

/var/log/ is the standard directory in Linux systems for storing log files. This directory contains various log files generated by the system, applications, and services, which are crucial for system administrators in troubleshooting, monitoring, and daily maintenance activities. Some common log files in the /var/log/ directory include:

syslog: A global log file that records various events of the system, such as messages during startup and shutdown processes, as well as various warnings and errors during system operation.
auth.log: Stores information related to user authentication and authorization, including login attempts, usage of sudo commands, etc.
mysql.log or mysql.err: These are logs for the MySQL database, recording database operations and error messages.
boot.log: Contains information about the system startup process.
dmesg: Contains messages generated by the kernel, such as hardware driver and diagnostic information.
The messages file is an important log file typically used to store general information and non-error system messages of the Linux system. This file contains various information during system operation.

These log files are essential for understanding the operational status of the system, diagnosing issues, and ensuring security and compliance. Administrators need to regularly check these log files to obtain information about the system's health and performance.

2. Server Process Management

ps, top, kill, systemctl, check port usage (lsof, netstat)

Process is an instance of a program that is currently running on a computer. Each process has its own memory space and system resources, and operates under the management of the operating system. Each running process is assigned a unique numerical identifier, known as PID. The PID can be used to distinguish different processes in the system.

In Linux systems, there are many commands available to manage and operate processes:

ps: Displays currently running processes. The ps -aux option is commonly used to show all running processes along with their detailed information.
top: Displays a dynamic list of processes in the system in real-time. It provides information about each process's CPU and memory usage, and allows interactive management of processes.
kill: Used to terminate a process. By passing the PID (process identifier) of the process, it can be terminated. For example, kill 1234 will end the process with PID 1234.
killall: Used to terminate processes by name. For example, killall nginx will terminate all processes named nginx.
jobs: Displays a list of background processes running in the current session.

These commands are fundamental to Linux system management and are crucial for managing system resources, optimizing performance, and maintaining system health.

3. Service Management

systemctl is a command-line tool used to manage the systemd system and service manager. It provides functionalities such as starting, stopping, restarting, reloading configurations, enabling or disabling services. systemd is the initialization system and service manager for many modern Linux distributions, responsible for system startup and service management. Using systemctl, administrators can easily control the status of system services, check the status of services, and manage system behavior at startup.

4. Network Connections and Statistics

netstat (short for Network Statistics) is a network system monitoring tool used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It is very important for checking the network connections of the system and diagnosing network issues.

5. File and Resource Monitoring

lsof (short for List Open Files) is a utility that displays currently open files in the system. In Linux systems, almost everything is a file, including devices and network connections. The lsof command can be used to show which process has opened which file, which process is using which port, etc. This is very useful for system monitoring, troubleshooting file usage conflicts, and network issues.

By comprehensively utilizing these commands, administrators can gain deeper insights into the operational status of services, troubleshoot issues, and perform repairs.

## Learning Objectives

- Learn how to view and analyze server logs  
- Learn how to manage server processes

## 1. Server Log Analysis

Linux systems provide extensive logging capabilities. Learning to view and analyze these logs can help us better understand the operational status of the server, identify and troubleshoot issues. Below are some commonly used logs in servers:

`journalctl` **command:**

`journalctl` is a powerful log management tool used to query and display logs collected by the `systemd` system and service manager. It allows administrators to view system logs in various formats and supports filtering logs by time, service, priority, etc. `journalctl` provides deep insights into system activities and is a key tool for maintaining and troubleshooting Linux systems. Through it, administrators can effectively monitor system health and security status.

`journalctl` is highly versatile with many usages:

- View all logs (by default, only logs from the current boot are saved):  
```
journalctl  
```  
- View kernel logs (does not display application logs):  
```
journalctl -k  
```  
- View logs from the current boot:  
```
journalctl -b  
journalctl -b -0  
```  
- Real-time scrolling display of the latest logs, where the `-f` parameter indicates real-time scrolling display.  
```
journalctl -f  
```  
- View logs for a specific service, such as `nginx` (the `-u` parameter indicates viewing logs related to the service that follows):  
```
journalctl -u nginx  
```

**View logs in the** `/var/log/` **directory:**

- `auth.log`  
- `message`  
- `syslog`

`/var/log/` is the standard directory in Linux systems for storing log files. This directory contains various log files generated by the system, applications, and services, which are crucial for system administrators in troubleshooting, monitoring, and daily maintenance activities. Some common log files in the `/var/log/` directory include:

- `syslog`: A global log file that records various events of the system, such as messages during startup and shutdown processes, as well as various warnings and errors during system operation.  
- `auth.log`: Stores information related to user authentication and authorization, including login attempts, usage of sudo commands, etc.  
- `mysql.log` or `mysql.err`: These are logs for the MySQL database, recording database operations and error messages.  
- `boot.log`: Contains information about the system startup process.  
- `dmesg`: Contains messages generated by the kernel, such as hardware driver and diagnostic information.  
- The `messages` file is an important log file typically used to store general information and non-error system messages of the Linux system. This file contains various information during system operation.

These log files are essential for understanding the operational status of the system, diagnosing issues, and ensuring security and compliance. Administrators need to regularly check these log files to obtain information about the system's health and performance.

## 2. Server Process Management

ps, top, kill, systemctl, check port usage (lsof, netstat)

**Process** is an instance of a program that is currently running on a computer. Each process has its own memory space and system resources, and operates under the management of the operating system. Each running process is assigned a unique numerical identifier, known as **PID**. The `PID` can be used to distinguish different processes in the system.

In Linux systems, there are many commands available to manage and operate processes:

- `ps`: Displays currently running processes. The `ps -aux` option is commonly used to show all running processes along with their detailed information.  
- `top`: Displays a dynamic list of processes in the system in real-time. It provides information about each process's CPU and memory usage, and allows interactive management of processes.  
- `kill`: Used to terminate a process. By passing the PID (process identifier) of the process, it can be terminated. For example, `kill 1234` will end the process with `PID` 1234.  
- `killall`: Used to terminate processes by name. For example, `killall nginx` will terminate all processes named `nginx`.  
- `jobs`: Displays a list of background processes running in the current session.

These commands are fundamental to Linux system management and are crucial for managing system resources, optimizing performance, and maintaining system health.

## 3. Service Management

`systemctl` is a command-line tool used to manage the `systemd` system and service manager. It provides functionalities such as starting, stopping, restarting, reloading configurations, enabling or disabling services. `systemd` is the initialization system and service manager for many modern Linux distributions, responsible for system startup and service management. Using `systemctl`, administrators can easily control the status of system services, check the status of services, and manage system behavior at startup.

## 4. Network Connections and Statistics

`netstat` (short for Network Statistics) is a network system monitoring tool used to display network connections, routing tables, interface statistics, masquerade connections, and multicast memberships. It is very important for checking the network connections of the system and diagnosing network issues.

## 5. File and Resource Monitoring

`lsof` (short for List Open Files) is a utility that displays currently open files in the system. In Linux systems, almost everything is a file, including devices and network connections. The `lsof` command can be used to show which process has opened which file, which process is using which port, etc. This is very useful for system monitoring, troubleshooting file usage conflicts, and network issues.

By comprehensively utilizing these commands, administrators can gain deeper insights into the operational status of services, troubleshoot issues, and perform repairs.