notes

Linux Throubleshooting

Procedure

1. Define the issue
   • be specific
   • provide details
   • be aware that reported issues could be symptoms of another problem
2. Narrow down the issue.
3. Gather information
   • logs
   • monitoring
   • strace for syscalls
   • tcpdump, ping, tracepath, traceroute for network issues
4. Form a hypothesis
5. Test the hypothesis
   • if the hypothesis is wrong go to step 1,2 or 3
6. Fix the problem
7. Verify that test is successfull

Gathering data

1. journalctl
   • to show only messages with specific log level:

       journalctl -p emerg..err
     

   • information from the last boot

       journalctl -xb
     

   • time filters

       journalctl --since '2018-04-24 17:00:00' --until '2018-04-24 18:00:00'
     

   • get verbose output

       journalctl -o verbose
     

2. /var/log/messages
3. /var/log/audit/autid.log
4. /var/log/secure