Tweet
If you want to watch a log file and have it update when ever new content is added the "tail" command is an easy on-the-fly tool to use.
Ofcourse for long term use other implementations of log file analyzers or syslog services would be better.
Here is a short example and some sample output showing a failed root login attempt.
# tail -n 20 -f -s 5 /var/log/auth.log
Feb 17 04:11:09 testbox login[4822]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost= user=root
Feb 17 04:11:12 testbox login[4822]: FAILED LOGIN (1) on 'tty2' FOR `root', Authentication failure
Feb 17 04:11:18 testbox login[4822]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Feb 17 04:11:18 testbox login[5020]: ROOT LOGIN on 'tty2'
Feb 17 04:11:20 testbox login[4822]: pam_unix(login:session): session closed for user root
This will output to stdout and autoupdate when ever entries is being added to the auth.log file.
The "-n" option sets how many lines from the file to display so in this example the latest 20 lines will be displayed.
The "-f" option is what makes this autoupdate whenever new entries are added.
The default read rate from the log file is 1 second but this is here set to 5 seconds using the "-s" option.
Ofcourse this can be done on any text file you have permission to read and is not limited to log files.
Check out the man or info page for additional options.
In addition you can try out the "last" command that will display the last logged in users.
This also has some additional options but here is some basic output.
# last
root tty1 Thu Feb 18 00:13 still logged in
root tty1 Thu Feb 18 00:13 - 00:13 (00:00)
reboot system boot 2.6.26-2-686 Thu Feb 18 00:09 - 22:13 (22:04)
root tty1 Wed Feb 17 21:50 - down (00:29)
root tty1 Wed Feb 17 21:50 - 21:50 (00:00)
reboot system boot 2.6.26-2-686 Wed Feb 17 21:49 - 22:20 (00:30)
root tty1 Wed Feb 17 18:00 - down (00:59)
root tty1 Wed Feb 17 18:00 - 18:00 (00:00)
reboot system boot 2.6.26-2-686 Wed Feb 17 17:55 - 19:00 (01:04)
root tty2 Wed Feb 17 04:11 - 04:11 (00:00)
Remark the newest entries are the first ones to be listed. Log files usually have the most recent data at the bottom.
The "watch" command is a bit odd but can also be useful now and then.
It executes one command of your choice repeatedly. That is that it defaults to repeat the command 2 seconds after the previous one ends. In this example I use the "watch" command combined with grep.
# watch --differences=cumulative 'grep FAILED /var/log/auth.log'
I do not show any output from this one but output form above will be every line from auth.log containing the word FAILED and whenever a new match is found the new match will be highlighted. When this is possible with grep it gets very powerfull. I recommend checking out the man page for additional features on both watch and grep.
Categories
Collapse
Article Tags
Collapse
Latest Articles
Collapse
-
by ReshephTelnet to your smtp server using the following:
"telnet example.com 25". The number "25" is the default portnumber for outging mail, defined by IANA.
Substitute the address with your own address or ip number.
Even though this might very well be possible to do on your ISP mail server, dont!!
This will give you the SMTP server banner. I hope this has been changed or spoofed to protect from banner grabbing.
In my example, it gives me "220 example.com...-
Channel: Articles
08-06-2016, 09:38 PM -
-
by ReshephHere are a few command line tools that will help you estimate your system usage and performance.
There is a lot more information on this in the man pages so take a look there also. If you dont know your average system load you will not be able to determine if the load is in a peaking state or if the host is able to handle more load.
Note that some commands might require installation of a few packages.
Below gives a nice simple performance view of a HDU. Ofcourse running...-
Channel: Articles
08-06-2016, 09:35 PM -
-
by ReshephSometimes it can be quite a challenge to find out what hardware you have but it is actually quite easy.
Here are a few commands and some sample output for you.
USB devices are usually easy to identify because you can just pick them up and look at them.
Below will help you out with the few that just say NoName on it. Often those noname ones are the same as the named ones just with another wrapping. Below display a list of detected USB devices.
# lsusb
Bus...-
Channel: Articles
08-06-2016, 09:34 PM -
-
by ReshephIf you want to watch a log file and have it update when ever new content is added the "tail" command is an easy on-the-fly tool to use.
Ofcourse for long term use other implementations of log file analyzers or syslog services would be better.
Here is a short example and some sample output showing a failed root login attempt.
# tail -n 20 -f -s 5 /var/log/auth.log
Feb 17 04:11:09 testbox login[4822]: pam_unix(login:auth): authentication failure; logname=LOGIN...-
Channel: Articles
08-06-2016, 09:31 PM -
-
by ReshephSometimes it comes in handy to know what libraries and what versions of those libraries some software is depending on.
This is quite easy and is done with the "ldd" command.
Here are the dependencies that the "ls" command has. Remark that you have to use the absolute path as ldd does not support the use of the search path stated in the environment variable PATH.
# ldd /bin/ls
linux-gate.so.1 => (0xb7fd4000)
librt.so.1 => /lib/i686/cmov/librt.so.1...-
Channel: Articles
08-06-2016, 09:29 PM -