Les logs

De The Linux Craftsman
Aller à la navigation Aller à la recherche

Introduction

/var/log/messages

Par démons

dhcpd

Les logs de dhcpd se trouve dans /var/log/messages :

Feb 14 09:00:56 fw dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Feb 14 09:00:56 fw dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Feb 14 09:00:56 fw dhcpd: All rights reserved.
Feb 14 09:00:56 fw dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 14 09:00:56 fw dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Feb 14 09:00:56 fw dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Feb 14 09:00:56 fw dhcpd: Wrote 0 deleted host decls to leases file.
Feb 14 09:00:56 fw dhcpd: Wrote 0 new dynamic host decls to leases file.
Feb 14 09:00:56 fw dhcpd: Wrote 5 leases to leases file.
Feb 14 09:00:56 fw dhcpd: Listening on LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:00:56 fw dhcpd: Sending on   LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:00:56 fw dhcpd:
Feb 14 09:00:56 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses).
Feb 14 09:00:56 fw dhcpd: ** Ignoring requests on eth2.  If this is not what
Feb 14 09:00:56 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:00:56 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:00:56 fw dhcpd:    to which interface eth2 is attached. **
Feb 14 09:00:56 fw dhcpd:
Feb 14 09:00:56 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:00:56 fw dhcpd: Sending on   LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:00:56 fw dhcpd:
Feb 14 09:00:56 fw dhcpd: No subnet declaration for eth0 (192.168.100.200).
Feb 14 09:00:56 fw dhcpd: ** Ignoring requests on eth0.  If this is not what
Feb 14 09:00:56 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:00:56 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:00:56 fw dhcpd:    to which interface eth0 is attached. **
Feb 14 09:00:56 fw dhcpd:
Feb 14 09:00:56 fw dhcpd: Sending on   Socket/fallback/fallback-net
Feb 14 09:01:06 fw dhcpd: Internet Systems Consortium DHCP Server 4.1.1-P1
Feb 14 09:01:06 fw dhcpd: Copyright 2004-2010 Internet Systems Consortium.
Feb 14 09:01:06 fw dhcpd: All rights reserved.
Feb 14 09:01:06 fw dhcpd: For info, please visit https://www.isc.org/software/dhcp/
Feb 14 09:01:06 fw dhcpd: WARNING: Host declarations are global.  They are not limited to the scope you declared them in.
Feb 14 09:01:06 fw dhcpd: Not searching LDAP since ldap-server, ldap-port and ldap-base-dn were not specified in the config file
Feb 14 09:01:06 fw dhcpd: Wrote 0 deleted host decls to leases file.
Feb 14 09:01:06 fw dhcpd: Wrote 0 new dynamic host decls to leases file.
Feb 14 09:01:06 fw dhcpd: Wrote 5 leases to leases file.
Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:01:06 fw dhcpd: Sending on   LPF/eth3/00:0c:29:db:3a:1f/192.168.210.0/24
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth2 (no IPv4 addresses).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth2.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth2 is attached. **
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: Listening on LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:01:06 fw dhcpd: Sending on   LPF/eth1/00:0c:29:db:3a:0b/192.168.200.0/24
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: No subnet declaration for eth0 (192.168.100.200).
Feb 14 09:01:06 fw dhcpd: ** Ignoring requests on eth0.  If this is not what
Feb 14 09:01:06 fw dhcpd:    you want, please write a subnet declaration
Feb 14 09:01:06 fw dhcpd:    in your dhcpd.conf file for the network segment
Feb 14 09:01:06 fw dhcpd:    to which interface eth0 is attached. **
Feb 14 09:01:06 fw dhcpd:
Feb 14 09:01:06 fw dhcpd: Sending on   Socket/fallback/fallback-net


named (bind)

Les logs de named se trouve en majeur partie dans /var/log/message

Feb 14 13:17:30 dns named[1559]: ----------------------------------------------------
Feb 14 13:17:30 dns named[1559]: BIND 9 is maintained by Internet Systems Consortium,
Feb 14 13:17:30 dns named[1559]: Inc. (ISC), a non-profit 501(c)(3) public-benefit
Feb 14 13:17:30 dns named[1559]: corporation.  Support and training for BIND 9 are
Feb 14 13:17:30 dns named[1559]: available at https://www.isc.org/support
Feb 14 13:17:30 dns named[1559]: ----------------------------------------------------
Feb 14 13:17:30 dns named[1559]: adjusted limit on open files from 4096 to 1048576
Feb 14 13:17:30 dns named[1559]: found 2 CPUs, using 2 worker threads
Feb 14 13:17:30 dns named[1559]: using up to 4096 sockets
Feb 14 13:17:30 dns named[1559]: loading configuration from '/etc/named.conf'
Feb 14 13:17:30 dns named[1559]: reading built-in trusted keys from file '/etc/named.iscdlv.key'
Feb 14 13:17:30 dns named[1559]: using default UDP/IPv4 port range: [1024, 65535]
Feb 14 13:17:30 dns named[1559]: using default UDP/IPv6 port range: [1024, 65535]
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53
Feb 14 13:17:30 dns named[1559]: generating session key for dynamic DNS
Feb 14 13:17:30 dns named[1559]: sizing zone task pool based on 8 zones
Feb 14 13:17:30 dns named[1559]: using built-in DLV key for view _default
Feb 14 13:17:30 dns named[1559]: set up managed keys zone for view _default, file '/var/named/dynamic/managed-keys.bind'
Feb 14 13:17:30 dns named[1559]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 127.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 254.169.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 2.0.192.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 100.51.198.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 113.0.203.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 255.255.255.255.IN-ADDR.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: D.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 9.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: A.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: B.E.F.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: automatic empty zone: 8.B.D.0.1.0.0.2.IP6.ARPA
Feb 14 13:17:30 dns named[1559]: command channel listening on 0.0.0.0#953
Feb 14 13:17:30 dns named[1559]: zone 0.in-addr.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone 1.0.0.127.in-addr.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10
Feb 14 13:17:30 dns named[1559]: zone 1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20
Feb 14 13:17:30 dns named[1559]: zone localhost.localdomain/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: zone localhost/IN: loaded serial 0
Feb 14 13:17:30 dns named[1559]: managed-keys-zone ./IN: loaded serial 81
Feb 14 13:17:30 dns named[1559]: running

Chargement des fichiers de zones

Il faut repérer dans cet amas de lignes celles qui sont font référence au chargement des zones spécifiques :

Feb 14 13:17:30 dns named[1559]: zone 200.168.192.in-addr.arpa/IN: loaded serial 10
Feb 14 13:17:30 dns named[1559]: zone tala-informatique.fr/IN: loaded serial 20

Interfaces d'écoute

On peut s'assurer, autrement qu'avec netsatat que named écoute bien sur les bonnes interfaces :

Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface lo, 127.0.0.1#53
Feb 14 13:17:30 dns named[1559]: listening on IPv4 interface eth0, 192.168.200.253#53

httpd

httpd log dans le répertoire /var/log/httpd/ et utilise deux fichiers:

  • access_log → pour journaliser tous les accès
  • error_log → pour journaliser toutes les erreurs


Squid

Samba

smbd

nmbd

Iptables