Monday, 14 April 2008

Be a good sysadmin, check your log messages...


You might know the feeling of never be able to check your system/web/mail/ftp log messages, due the lack of time. I do have to guarantee it will cause problems, so better do it yourself or have someone do it for you ;-).

I do know this does not apply to you as you are always checking/analyzing your logs, running a fully tested and updated system and read every changelog/readme on any expected problem. But still as a piece of advice five reasons to do read your logs. Trust me if you have not been there, you might will be one day if your do not know the risks, I have visited all paths unfortunately (great learning experience how-ever ;-))


  1. Your machine resources might run out unnoticed You will get called in the middle of night cause your
    /var or /tmp
    ran out of space, causing the machine to halt

  2. Resources will not be sufficient anymore: Users tend to run as must software/services on the machine if possible draining your network, memory and cpu power and some day you are left with a ssh session will be a slow as your few baud terminal you used to have ages ago

  3. >System might be abused Not checking the log messages most likely also means not checking whether every piece of software/script is up2date. You do want your forgotten outdated phpBB forum test instance to be abused by link/email spammers, do you?

  4. Your fully automated scripts are missing some crucial bits and pieces: Written down in a debug log message, but never ever checked. Doing a backup one a night, but excluding a number of file, due some tag was set wrongly

  5. Missing deprecated warnings of updated software and wonders why the software breaks down real bad after upgrading a few releases.

2 comments:

  1. This comment has been removed by a blog administrator.

    ReplyDelete
  2. This comment has been removed by a blog administrator.

    ReplyDelete