Archive for the ‘Syslog’ Category
7 Tips Dasar Troubleshooting di Solaris
1. cek service yang jalan
# ps -ef | grep httpd
webservd 718 640 0 Sep 04 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
root 640 1 0 Sep 03 ? 0:42 /opt/coolstack/apache2/bin/httpd -k start
webservd 875 640 0 Sep 09 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 873 640 0 Sep 09 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 663 640 0 Sep 03 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 872 640 0 Sep 09 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 874 640 0 Sep 09 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 717 640 0 Sep 03 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 761 640 0 Sep 04 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 756 640 0 Sep 04 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
webservd 758 640 0 Sep 04 ? 0:00 /opt/coolstack/apache2/bin/httpd -k start
# ps -ef
UID PID PPID C STIME TTY TIME CMD
root 0 0 0 Sep 03 ? 0:53 sched
root 1 0 0 Sep 03 ? 0:02 /sbin/init
root 2 0 0 Sep 03 ? 0:00 pageout
root 3 0 0 Sep 03 ? 12:52 fsflush
root 130 1 0 Sep 03 ? 2:36 /usr/sbin/ipmon -Ds
root 7 1 0 Sep 03 ? 0:11 /lib/svc/bin/svc.startd
root 9 1 0 Sep 03 ? 0:30 /lib/svc/bin/svc.configd
root 179 1 0 Sep 03 ? 0:32 /usr/sbin/nscd
root 81 1 0 Sep 03 ? 0:00 devfsadmd
root 538 1 0 Sep 03 ? 0:00 /usr/lib/snmp/snmpdx -y -c /etc/snmp/conf
root 558 1 0 Sep 03 ? 0:00 /opt/coolstack/nginx/sbin/nginx
# ps -ef | wc -l
77
note : wc -l buat ngitung jumlah service yang jalan ada berapa
2. cek log, /var/adm/messages, /var/log/syslog
# cat /var/adm/messages
Sep 10 03:10:02 blackbox2 syslogd: line 31: unknown priority name “notice /var/adm/ipflog.notice”
Sep 10 03:10:02 blackbox2 syslogd: line 32: unknown priority name “warning /var/adm/ipflog.warning”
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1/cmdk@0,0 (Disk2):
Sep 10 11:49:27 blackbox2 Error for command ‘read sector’ Error Level: Retryable
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.notice] Sense Key: bad block detected
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.notice] Vendor ‘Gen-ATA ‘ error code: 0×8
Sep 10 13:51:19 blackbox2 gda: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1/cmdk@0,0 (Disk2):
Sep 10 13:51:19 blackbox2 Error for command ‘read sector’ Error Level: Retryable
# cat /var/adm/messages | grep kern.warning
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1/cmdk@0,0 (Disk2):
Sep 10 13:51:19 blackbox2 gda: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1/cmdk@0,0 (Disk2):
Sep 10 15:04:49 blackbox2 scsi: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1 (ata2):
Sep 10 15:04:49 blackbox2 scsi: [ID 107833 kern.warning] WARNING: /pci@0,0/pci-ide@5/ide@1 (ata2):
# cat /var/adm/messages | grep kern.notice
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.notice] Sense Key: bad block detected
Sep 10 11:49:27 blackbox2 gda: [ID 107833 kern.notice] Vendor ‘Gen-ATA ‘ error code: 0×8
Sep 10 13:51:19 blackbox2 gda: [ID 107833 kern.notice] Sense Key: bad block detected
Sep 10 13:51:19 blackbox2 gda: [ID 107833 kern.notice] Vendor ‘Gen-ATA ‘ error code: 0×8
Sep 10 15:04:49 blackbox2 gda: [ID 107833 kern.notice] Sense Key: aborted command
# cat /var/log/syslog.0
May 5 06:18:36 blackbox2 sendmail[6478]: [ID 702911 mail.crit] My unqualified host name (blackbox2) unknown; sleeping for retry
May 5 06:19:36 blackbox2 sendmail[6478]: [ID 702911 mail.alert] unable to qualify my own domain name (blackbox2) — using short name
May 5 06:19:36 blackbox2 sendmail[6478]: [ID 702911 mail.notice] alias database /etc/mail/aliases rebuilt by root
May 5 06:19:36 blackbox2 sendmail[6478]: [ID 702911 mail.info] /etc/mail/aliases: 12 aliases, longest 10 bytes, 138 bytes total
May 5 06:19:37 blackbox2 sendmail[8282]: [ID 702911 mail.crit] My unqualified host name (blackbox2) unknown; sleeping for retry
3. cek kapasitas disk,,jangan sampai kita ga tahu kalau hardisk mau habis. 
# df -h
Filesystem size used avail capacity Mounted on
rpool/ROOT/s10x_u7wos_08
36G 6.6G 5.0G 57% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 258M 944K 257M 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
sharefs 0K 0K 0K 0% /etc/dfs/sharetab
/usr/lib/libc/libc_hwcap1.so.1
12G 6.6G 5.0G 57% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
rpool/ROOT/s10x_u7wos_08/var
36G 341M 5.0G 7% /var
swap 257M 8K 257M 1% /tmp
swap 257M 28K 257M 1% /var/run
rpool/export 36G 19K 5.0G 1% /export
rpool/export/home 36G 23G 5.0G 83% /export/home
poolhrd 587G 354G 233G 61% /export/home/hrd
rpool 36G 35K 5.0G 1% /rpool
4. cek apakah service di blackbox jalan apa kagak
# telnet 192.168.0.10 80
Trying 192.168.0.10…
Connected to192.168.0.10.
Escape character is ‘^]’.
# telnet 192.168.0.10 6789
Trying 192.168.0.10…
Connected to 192.168.0.10.
Escape character is ‘^]’.
# telnet 192.168.0.10 678
Trying 192.168.0.10…
telnet: Unable to connect to remote host: Connection refused
# telnet 192.168.0.10 6781
Trying 192.168.0.10…
telnet: Unable to connect to remote host: Connection refused
# telnet 192.168.0.10 6789
Trying 192.168.0.10…
Connected to 10.14.206.13.
Escape character is ‘^]’.
# telnet 192.168.0.10 3033
Trying 192.168.0.10..
Connected to 192.168.0.10.
Escape character is ‘^]’.
SSH-2.0-Sun_SSH_1.1.1
# telnet 192.168.0.10 21
Trying 192.168.0.10…
telnet: Unable to connect to remote host: Connection refused
5. cek DNS apakah sudah di isi dengan benar atau belum
# cat /etc/resolv.conf
nameserver 192.168.0.1
nameserver 192.168.0.253
6. cek penggunaan CPU per proses
# prstat -a
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
1308 root 3756K 2912K cpu0 49 0 0:00:00 0.1% prstat/1
1260 root 2924K 1816K sleep 49 0 0:00:00 0.0% bash/1
651 root 48M 15M sleep 59 0 0:05:56 0.0% Xorg/1
1213 share 6480K 3708K sleep 59 0 0:00:00 0.0% sshd/1
692 root 11M 7112K sleep 59 0 0:03:36 0.0% dtgreet/1
179 root 5568K 2980K sleep 59 0 0:00:31 0.0% nscd/36
714 root 3680K 432K sleep 59 0 0:01:53 0.0% ipmon/1
582 nobody 22M 5428K sleep 59 0 0:02:51 0.0% nginx/1
581 nobody 22M 5404K sleep 59 0 0:01:59 0.0% nginx/1
580 nobody 22M 5436K sleep 59 0 0:02:02 0.0% nginx/1
NPROC USERNAME SWAP RSS MEMORY TIME CPU
39 root 210M 68M 9.3% 0:18:24 0.2%
20 nobody 102M 81M 11% 0:42:30 0.1%
2 share 1612K 4680K 0.6% 0:00:00 0.0%
1 named 5120K 5208K 0.7% 0:00:00 0.0%
1 daemon 880K 2952K 0.4% 0:00:00 0.0%
10 webservd 163M 9200K 1.2% 0:00:00 0.0%
Total: 73 processes, 202 lwps, load averages: 0.00, 0.00, 0.00
7. cek I/O statistic
# iostat -xnM
extended device statistics
r/s w/s Mr/s Mw/s wait actv wsvc_t asvc_t %w %b device
0.3 1.1 0.0 0.0 0.0 0.0 27.8 5.8 0 1 c0d0
1.3 0.3 0.2 0.0 0.0 0.0 27.3 3.7 0 0 c2d0
1.3 0.3 0.2 0.0 0.0 0.0 27.7 3.8 0 0 c3d0
Capture Session di OpenSolaris
Logging atau pencatatan log / caputer session menjadi hal yang sangat penting terutama buat dokumentasi atau audit sistem. Jika kamu pengen punya catatan lengkap mengenai apa saja yang kamu lakukan di server, kamu bisa mencatat aktifitasmu dengan mensetting penyimpanan log-nya.
1. Dengan tool putty logging menjadi hal yang mudah. Yang dibutuhkan cuman service SSH yang diaktifkan, dan kita remote menggunakan putty dari windows.
Berikut cara mensetting pencatatan log di putty :
- aktifkan fitur log-nya..
- cek di putty.log dilokasi penyimpanan
2. Dengan perintah “script”
Saya copas bash scriptingnya dari Mas Achmad Mardiyansyah ..thanks to Mas Achmad Mardiyansyah
- buka file /etc/profile..ini untuk profile user global,,jadi semua aktifitas user akan di capture
# vi /etc/profile
- tambahkan script berikut pada akhir baris
# ——–
ACTIVITYDIR=/var/log/
if [ ! -d $ACTIVITYDIR ]; then
mkdir -p $ACTIVITYDIR
fi
ACTIVITY=`date +%Y%m%d-%R.%S`-`whoami`
script $ACTIVITYDIR/$ACTIVITY.log 2>&1 /dev/null
# ———-
- buat direktori activities
# mkdir /var/log/activities
- chmod 777 agar semua user bisa rwx
# chmod -R 777 /var/log/activities
- simpan perubahaan pada file /etc/profile
selesai..
sekarang exit dari OpenSolaris dan login lagi..
akan tampil seperti ini :
$ pfexec su -
Sun Microsystems Inc. SunOS 5.11 snv_111b November 2008
Script started, file is /var/log/activities/20091026-02:52.42-root.log
root@opensolaris:~#
liat hasil log
root@opensolaris:~# cat /var/log/activities/20091026-02:45.28-root.log
Script started on Mon Oct 26 02:45:28 2009
root@opensolaris:~# date
Mon Oct 26 02:46:09 WIT 2009
root@opensolaris:~# d
bash: d: command not found
root@opensolaris:~# echo %d
%d
root@opensolaris:~# echo “%d”
%d
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# ls -l /var/log/activities/
total 1301
-rw-r–r– 1 root root 0 Oct 25 07:33 20091025-07:33.32.%N-root.log
-rw-r–r– 1 root root 0 Oct 25 07:34 20091025-07:34.16.%N-root.log
-rw-r–r– 1 root root 0 Oct 25 09:18 20091025-09:18.37.%N-root.log
-rw-r–r– 1 root root 0 Oct 25 10:45 20091025-10:45.28.%N-root.log
-rw-r–r– 1 agus staff 84 Oct 25 10:47 20091025-10:47.58.%N-agus.log
-rw-r–r– 1 root root 131072 Oct 25 18:41 20091025-10:48.34.%N-root.log
-rw-r–r– 1 root root 0 Oct 25 10:59 20091025-10:59.19.%N-root.log
-rw-r–r– 1 root root 0 Oct 25 17:25 20091025-17:25.23.%N-root.log
-rw-r–r– 1 root root 0 Oct 26 00:45 20091026-00:45.53.%N-root.log
-rw-r–r– 1 agus staff 262144 Oct 26 02:33 20091026-02:28.34.%N-agus.log
-rw-r–r– 1 root root 262144 Oct 26 02:33 20091026-02:28.38.%N-root.log
-rw-r–r– 1 root root 0 Oct 26 02:45 20091026-02:45.28-root.log
root@opensolaris:~# date
Mon Oct 26 02:47:02 WIT 2009
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# pfexec su -
Sun Microsystems Inc. SunOS 5.11 snv_111b November 2008
-bash: fg: no job control
Script started, file is /var/log/activities/-root.log
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# pfexec su -
Sun Microsystems Inc. SunOS 5.11 snv_111b November 2008
date: bad conversion
Script started, file is /var/log/activities/-root.log
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# pfexec su -
Sun Microsystems Inc. SunOS 5.11 snv_111b November 2008
Script started, file is /var/log/activities/20091026-02:48.48-root.log
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# vi /etc/profile
root@opensolaris:~# exitScript done, file is /var/log/activities/20091026-02:48.48-root.log
02:52:24 root@opensolaris:~
# exit
logout
root@opensolaris:~# exitScript done, file is /var/log/activities/-root.log
02:52:27 root@opensolaris:~
# exit
logout
root@opensolaris:~# exit
exit
Script done, file is /var/log/activities/-root.log
02:52:31 root@opensolaris:~
# exit
logout
root@opensolaris:~# exit
exit
script done on Mon Oct 26 02:52:34 2009
root@opensolaris:~#
untuk melihat hasil capture session ada di dir /var/log/activities
selamat mencoba..
ref :
[1] http://r41nbuw.blogspot.com
[2] http://www.livefirelabs.com/unix_tip_trick_shell_script/aug_2003/08252003.htm
[3] http://en.wikipedia.org/wiki/Date_%28Unix%29
Capture Session Menggunakan Script Command
Command script di Solaris sangat berguna bagi admin yang ingin mencatat session ketika sedang melakukan suatu pekerjaan di terminal/console. Semua yang diketikkan di terminal akan terekam di sebuah file yang namanya typrescript. File ini secara otomatis ter-create di current directory.
Sebelumnya admin musti mengetikkan command script sebelum memulai pencatatan session :
-bash-3.00# script
Script started, file is typescript
sh-3.00# echo agus setiawan
agus setiawansh-3.00# cat /etc/hosts
#
#Internet host table
#
::1 localhost
127.0.0.1 localhost
10.14.206.x iefile2 loghost
10.14.206.1 gateway
10.14.206.7 gtxsh-3.00# svcs -a | grep ftp
disabled 23:01:04 svc:/network/ftp:defaultsh-3.00# exit
Script done, file is typescript
-bash-3.00# ls -l typescript
-rw-r–r– 1 root root 517 Aug 29 06:22 typescript
File typescript ini otomatis terbuat setelah kita exit dari command script. Sekarang kita cek, apa aktifitas kita sebelumnya :
-bash-3.00# cat typescript
Script started on Sat Aug 29 06:21:22 2009
sh-3.00# echo agus setiawanagus setiawan
sh-3.00# cat /etc/hosts
#
#Internet host table
#
::1 localhost
127.0.0.1 localhost
10.14.206.x iefile2 loghost
10.14.206.1 gateway
10.14.206.7 gtxsh-3.00# svcs -a | grep ftp
disabled 23:01:04 svc:/network/ftp:default
sh-3.00# exit
script done on Sat Aug 29 06:22:19 2009
Selamat Mencoba..
