All long running software components provide means to monitor their behaviour, logging is the most basic one. They continuously write information about their actions and problems they encounter to files, including timestamps, when these actions or events occured.
On Unix like systems, the standard way to write logs is through the Syslog facility. This has become a standard, so there are different implementations for receiving the logs of the different software components. We use socklog, which is lightweight and resilient against log attacks. I dare to say, that socklog is inspired by multilog.
Some programs write their own logfiles directly. In order to avoid that these logfiles grow to much, logrotate is used.
Of special interest are the logfiles of the webserver, which provide the raw material for statistics about the visitors of our website.
Awstats converts these logfiles into nice statistics which can be accesed as web pages.
Another important use case for log files is to monitor the system for
attacks. The Remote Access facility ssh
, for example is subject
to senseless Script kiddie attacks. We have used
Fail2ban to block attackers, based on the frequency of
failed login attempts.