Différences entre versions de « Les logs »
Ligne 153 : | Ligne 153 : | ||
</pre> | </pre> | ||
<section end=log_httpd/> | <section end=log_httpd/> | ||
− | |||
== Squid == | == Squid == | ||
Version du 16 février 2014 à 14:13
Introduction
/var/log/messages
Par démons
dhcpd
Les logs de dhcpd se trouve dans /var/log/messages :
Feb 14 09:01:06 fw dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1 Feb 14 09:01:06 fw dhcpd: Copyright 2004-2010 Internet Systems Consortium. Feb 14 09:01:06 fw dhcpd: All rights reserved. Feb 14 09:01:06 fw dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Feb 14 09:01:06 fw dhcpd: WARNING: Host declarations are global. They are not limited to the scope you declared them in. Feb 14 09:01:06 fw dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file Feb 14 09:01:06 fw dhcpd: Wrote 0 deleted host decls to leases file. Feb 14 09:01:06 fw dhcpd: Wrote 0 new dynamic host decls to leases file. Feb 14 09:01:06 fw dhcpd: Wrote 5 leases to leases file. Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24 Feb 14 09:01:06 fw dhcpd: Sending on LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24 Feb 14 09:01:06 fw dhcpd: Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses). Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth2. If this is not what Feb 14 09:01:06 fw dhcpd: you want, please write a subnet declaration Feb 14 09:01:06 fw dhcpd: in your dhcpd.conf file for the network segment Feb 14 09:01:06 fw dhcpd: to which interface eth2 is attached. ** Feb 14 09:01:06 fw dhcpd: Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24 Feb 14 09:01:06 fw dhcpd: Sending on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24 Feb 14 09:01:06 fw dhcpd: Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth0 (192.168.100.200). Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth0. If this is not what Feb 14 09:01:06 fw dhcpd: you want, please write a subnet declaration Feb 14 09:01:06 fw dhcpd: in your dhcpd.conf file for the network segment Feb 14 09:01:06 fw dhcpd: to which interface eth0 is attached. ** Feb 14 09:01:06 fw dhcpd: Feb 14 09:01:06 fw dhcpd: Sending on Socket/fallback/fallback-net
Interfaces d'écoutes
On voit clairement les interfaces ou dhcpd va répondre :
Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24 Feb 14 09:01:06 fw dhcpd: Sending on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Et celles ou rien ne se passera :
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses). Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth2. If this is not what Feb 14 09:01:06 fw dhcpd: you want, please write a subnet declaration Feb 14 09:01:06 fw dhcpd: in your dhcpd.conf file for the network segment Feb 14 09:01:06 fw dhcpd: to which interface eth2 is attached. ** Feb 14 09:01:06 fw dhcpd: Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth0 (192.168.100.200). Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth0. If this is not what Feb 14 09:01:06 fw dhcpd: you want, please write a subnet declaration Feb 14 09:01:06 fw dhcpd: in your dhcpd.conf file for the network segment Feb 14 09:01:06 fw dhcpd: to which interface eth0 is attached. **
Délivrance des baux
Quand une machine demande un bail au serveur DHCP, on peut le suivre dans les logs... ce qui est très pratique quand on n'a pas envie de recopier son adresse MAC !
Feb 14 09:08:33 fw dhcpd: DHCPDISCOVER from 00:0c:29:e6:c5:aa via eth1 Feb 14 09:08:33 fw dhcpd: DHCPOFFER on 192.168.200.253 to 00:0c:29:e6:c5:aa via eth1 Feb 14 09:08:33 fw dhcpd: DHCPREQUEST for 192.168.200.253 (192.168.200.254) from 00:0c:29:e6:c5:aa via eth1 Feb 14 09:08:33 fw dhcpd: DHCPACK on 192.168.200.253 to 00:0c:29:e6:c5:aa via eth1
named (bind)
Les logs de named se trouve en majeur partie dans /var/log/message
Feb 14 13:17:30 dns named[1559]: ---------------------------------------------------- Feb 14 13:17:30 dns named[1559]: BIND 9 is maintained by Internet Systems Consortium, Feb 14 13:17:30 dns named[1559]: Inc. (ISC), a non-profit 501(c)(3) public-benefit Feb 14 13:17:30 dns named[1559]: corporation. Support and training for BIND 9 are Feb 14 13:17:30 dns named[1559]: available at https://www.isc.org/support Feb 14 13:17:30 dns named[1559]: ---------------------------------------------------- Feb 14 13:17:30 dns named[1559]: adjusted limit on open files from 4096 to 1048576 Feb 14 13:17:30 dns named[1559]: found 2 CPUs, using 2 worker threads Feb 14 13:17:30 dns named[1559]: using up to 4096 sockets Feb 14 13:17:30 dns named[1559]: loading configuration from '/etc/named.conf' Feb 14 13:17:30 dns named[1559]: reading built-in trusted keys from file '/etc/named.iscdlv.key' Feb 14 13:17:30 dns named[1559]: using default UDP/IPv4 port range: [1024, 65535] Feb 14 13:17:30 dns named[1559]: using default UDP/IPv6 port range: [1024, 65535] Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53 Feb 14 13:17:30 dns named[1559]: generating session key for dynamic DNS Feb 14 13:17:30 dns named[1559]: sizing zone task pool based on 8 zones Feb 14 13:17:30 dns named[1559]: using built-in DLV key for view _default Feb 14 13:17:30 dns named[1559]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind' Feb 14 13:17:30 dns named[1559]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones Feb 14 13:17:30 dns named[1559]: automatic empty zone: 127.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 254.169.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 2.0.192.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 100.51.198.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 113.0.203.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: D.F.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.E.F.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 9.E.F.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: A.E.F.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: B.E.F.IP6.ARPA Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA Feb 14 13:17:30 dns named[1559]: command channel listening on 0.0.0.0#953 Feb 14 13:17:30 dns named[1559]: zone 0.in-addr.arpa/IN: loaded serial 0 Feb 14 13:17:30 dns named[1559]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0 Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10 Feb 14 13:17:30 dns named[1559]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0 Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20 Feb 14 13:17:30 dns named[1559]: zone localhost.localdomain/IN: loaded serial 0 Feb 14 13:17:30 dns named[1559]: zone localhost/IN: loaded serial 0 Feb 14 13:17:30 dns named[1559]: managed-keys-zone ./IN: loaded serial 81 Feb 14 13:17:30 dns named[1559]: running
Chargement des fichiers de zones
Il faut repérer dans cet amas de lignes celles qui sont font référence au chargement des zones spécifiques :
Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10 Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20
Interfaces d'écoute
On peut s'assurer, autrement qu'avec netsatat que named écoute bien sur les bonnes interfaces :
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53 Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53
httpd
httpd log dans le répertoire /var/log/httpd/ et utilise deux fichiers:
- access_log → pour journaliser tous les accès
- error_log → pour journaliser toutes les erreurs
Démarrage et erreurs
Le fichier /var/log/httpd/error_log est fait pour ça. Quand vous avez une erreur PHP ou autre, c'est ici qu'il faut venir faire un tour:
[Sat Feb 15 02:32:53 2014] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) [Sat Feb 15 02:32:53 2014] [notice] Digest: generating secret for digest authentication ... [Sat Feb 15 02:32:53 2014] [notice] Digest: done [Sat Feb 15 02:32:54 2014] [notice] Apache/2.2.15 (Unix) DAV/2 mod_ssl/2.2.15 OpenSSL/1.0.0-fips configured -- resuming normal operations
Vérifier l'accès aux pages
Pour vérifier, qui demande quoi sur à votre serveur c'est dans le fichier /var/log/httpd/access_log qu'il faut venir regarder:
192.168.200.254 - - [30/Dec/2013:13:43:38 +0100] "GET / HTTP/1.1" 200 130 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" 192.168.200.254 - - [30/Dec/2013:13:43:39 +0100] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" 192.168.200.254 - - [30/Dec/2013:13:43:42 +0100] "GET / HTTP/1.1" 200 14 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0" 192.168.200.254 - - [30/Dec/2013:13:43:45 +0100] "GET / HTTP/1.1" 200 130 "-" "Mozilla/5.0 (X11; Linux i686; rv:24.0) Gecko/20100101 Firefox/24.0"