5. Monitoring System Activity and Status

Abstract

This tool allows you to look for specific entries in various log files, therefore facilitating the search for particular incidents or security threats.

5.1. Browsing System Logs

Figure 5.9. Browsing and Searching through System Logs

Browsing and Searching through System Logs

These are the steps to follow in order to browse or look for a specific event into the system logs:

  1. You must choose which specific words to match by filling the Matching (log files contain the words) field and/or the but not matching (log files do not contain the words) field. At least one of the two fields must be filled.

  2. Then in the Choose file area select the file you want to perform the search on: simply check the corresponding box.

    [Note]Note

    The Mandrakelinux Tools Log is filled by Mandrakelinux-specific configuration tools, like those you find in the Mandrakelinux Control Center. Each time these tools modify the system configuration they write a line in this log file.

  3. Optionally, you can restrict the search to a specific day. In that case, check the Show only for the selected day box and choose the desired day from the calendar.

  4. When all is set up, click on the Search button. The results will appear in the Content of the file area at the bottom.

Clicking on the Save button will open a standard dialog letting you save the search results into a plain text (*.txt) file.

5.2. Setting up Mail Alerts

Abstract

In order to facilitate server monitoring, Mandrakelinux supplies a simple tool which sends automatic mail alerts whenever something goes wrong on your server.

Clicking on the Mail alert button of the LogDrake main interface (see Figure 5.9, “Browsing and Searching through System Logs”) starts the wizard. First you are asked whether you wish to configure or stop the mail alert system. Choose Configure the mail alert system entry on the pull-down list, and click Next.

Figure 5.10. Setting up a Mail Alert: Services

Setting up a Mail Alert: Services

The next step (see Figure 5.10, “Setting up a Mail Alert: Services”) allows you to select the services you wish to receive alerts from in case they stop working. Simply check the service boxes which interest you, and go on to next step.

[Note]Note

The services listed will be the ones present on your system. Here is a list of the currently tracked ones:

  • Postfix Mail Server;

  • Webmin Service;

  • FTP Server;

  • BIND Domain Name Resolver;

  • Apache World Wide Web Server;

  • ssh Server;

  • Samba Server;

  • Xinetd Service.

Figure 5.11. Setting up a Mail Alert: Load

Setting up a Mail Alert: Load

Select the load you consider not to be acceptable by moving the Load slider (see Figure 5.11, “Setting up a Mail Alert: Load”). A high system load may indicate that a process has gone out of control, or simply that there is a very high demand on this machine. Therefore a service is suffering from it and is delayed. As a rule of thumb, the load on your computer should not exceed 3 times the number of processors you have on it.

Figure 5.12. Setting up a Mail Alert: Recipient

Setting up a Mail Alert: Recipient

You finally need to tell the system who these alerts should be sent to (see Figure 5.12, “Setting up a Mail Alert: Recipient”). Provide an e-mail address and the mail server (local or on the Internet) to relay the alerts to.

When the wizard is finished, an hourly check will be set up to check for unavailable services and the system's load. If needed a mail alert will be sent to the alerts recipient.