notes

Linux Throubleshooting

Procedure

  1. Define the issue
    • be specific
    • provide details
    • be aware that reported issues could be symptoms of another problem
  2. Narrow down the issue.
  3. Gather information
    • logs
    • monitoring
    • strace for syscalls
    • tcpdump, ping, tracepath, traceroute for network issues
  4. Form a hypothesis
  5. Test the hypothesis
    • if the hypothesis is wrong go to step 1,2 or 3
  6. Fix the problem
  7. Verify that test is successfull

Gathering data

  1. journalctl
    • to show only messages with specific log level:
        journalctl -p emerg..err
      
    • information from the last boot

        journalctl -xb
      
    • time filters

        journalctl --since '2018-04-24 17:00:00' --until '2018-04-24 18:00:00'
      
    • get verbose output

        journalctl -o verbose
      
  2. /var/log/messages
  3. /var/log/audit/autid.log
  4. /var/log/secure