|
UNIX Hints & Hacks |
 |
||||||||||||||||||||||||||||||||||||
|
Chapter 4: System Monitoring |
|
||||||||||||||||||||||||||||||||||||
|
Using tail is one of the best forms of monitoring various system files.
Flavors: AT&T, BSD
Shells: All
Syntax:
tail -number file
Always use tail to view the last x number of lines in a large file. It comes in handy when you only have 24 lines to work with on an VT100 type terminal or a nonscrolling X terminal or window session.
# tail -10 /var/adm/sulog
SU 10/07 14:03 + ttyq7 cassi-root-crv SU 10/07 14:20 + ttyq8 cassi-root-crv SU 10/10 10:26 - ttyq2 mike-root-mxk SU 10/10 10:27 + ttyq2 mike-root-mxk SU 10/11 15:28 + ttyq1 root SU 10/11 15:32 + ttyq1 root SU 10/12 20:07 - ttyq3 baday-root-bad SU 10/12 20:08 - ttyq3 baday-root-bad SU 10/12 20:08 - ttyq3 baday-root-bad #
Flavors: All
Shells: All
Syntax:
tail [-f] file
Monitoring can mean to consistently observe. The tail command offers a great feature to constantly observe open files that are written to on a regular basis. The output appears to be similar to using the tail command with a value, except that the shell prompt does not return to the window. The command continues to output any data that is written to the file that tail is observing. Tail remains running until a Ctrl+C is hit. Some excellent files to monitor on-the-fly are
# tail -f /var/adm/messages # tail -f /usr/local/httpd/logs/access_logs # tail -f /var/adm/sulog # tail -f /var/adm/SYSLOG
Flavors: AT&T, BSD
Shell: ksh
Have you asked a user to enter a command and the user believes they are entering it correctly when in fact they are entering it incorrectly? We have all asked users to change directories or run programs that are similar to the program /usr/tmp/program/runme at one time or another. As administrators, what do you see happening? The user could do any one of the following:
Type a backslash ( \) instead of a slash ( /), because they operated in the DOS world too long.
If you put the user in the korn shell, every command they enter is logged into a file called .sh_history in the user's home directory. It is with this file that you can monitor the user as you talk them through various steps and commands.
# tail -f /usr/home/ben/.sh_history
cd \USER\TEMP cd \usr\temp cd \usr\tmp cd /usr/tmp ls -al cat runme runme ./runme
This is another useful tool, in an multiadministrative environment, for system administrators to show other administrators what steps are being taken at a remote terminal.
Any data that that is written out to a file can be used by the tail command. This command is a key tool in keeping an eye on your system and files.
It is easy to track the motions of an individual that might be attempting to compromise a system or a Web server using tail. On Web servers, tail can monitor HTTP logs on-the-fly to track those that are cruising through your site. When an intruder is attempting to compromise a Web site, you can better estimate what they are up to by watching their every move as it happens.
Using the tail command can be an enormous help as a debugging tool when building and running scripts that output to files. Rather than editing the script, running it, and then using cat to display the output of the file, leave a window open to monitor the output at all times with the tail -f command.
Man page:
tail
|
UNIX Hints & Hacks |
|
||||||||||||||||||||||||||||||||||||
|
Chapter 4: System Monitoring |
|
||||||||||||||||||||||||||||||||||||
|
© Copyright Macmillan USA. All rights reserved.