System Logs and Performance Tuning

Questions and Answers

Which command is used to monitor log files in real-time?

• tail -f (correct)
• grep
• journalctl
• logrotate

What is the purpose of adjusting 'swappiness' in performance tuning?

• To optimize the file system size
• To manage the balance between RAM and swap usage (correct)
• To increase the speed of disk reads
• To prioritize CPU allocation among processes

Which of the following commands is used to remove a package in Debian-based distributions?

• yum remove package_name
• apt delete package_name
• dnf uninstall package_name
• apt remove package_name (correct)

What does the command 'ping' primarily test?

Check for network connectivity (C)

Which tool is enhanced for user-friendly interaction compared to 'top'?

htop (B)

Which tool is primarily used for managing firewall rules and network traffic?

iptables (C)

What type of backup includes only the changes made since the last full backup?

Differential Backup (B)

Which command is used for querying DNS records?

nslookup (B)

Which backup strategy ensures that you backup all changes made since the last full backup?

Differential Backup (D)

What should be checked to verify DNS server configuration?

/etc/resolv.conf (A)

Flashcards are hidden until you start studying

Study Notes

System Logs Analysis

• Location of Logs:

  • /var/log/: Primary directory for system logs.
  • Common log files:
    • syslog: General system messages.
    • dmesg: Boot and kernel messages.
    • auth.log: Authentication logs.
    • kern.log: Kernel messages.

• Log Management Tools:

  • journalctl: Command to query and display logs from systemd journal.
  • logrotate: Tool to manage log file sizes and archival.

• Analyzing Logs:

  • Use grep for searching specific entries.
  • tail -f: Monitor log files in real-time.
  • Check for patterns indicating issues (e.g., repeated errors).

Performance Tuning

• Monitoring Tools:

  • top: Displays real-time system statistics.
  • htop: Enhanced version of top with a user-friendly interface.
  • vmstat: Reports on virtual memory, processes, and CPU activity.
  • iostat: Monitors input/output device and CPU performance.

• Common Tuning Techniques:

  • Adjust swappiness: Controls the balance between RAM and swap usage.
  • Optimize file system: Use tune2fs for ext2/3/4 filesystems.
  • Configure caching: Adjust settings for cachepressure and dirty_ratio.

• CPU and Memory Management:

  • Use nice and renice to prioritize processes.
  • Monitor memory usage with free and adjust applications accordingly.

Package Management

• Package Managers:

  • apt: Used in Debian-based distributions (e.g., Ubuntu).
  • yum/dnf: Used in Red Hat-based distributions (e.g., CentOS, Fedora).

• Common Commands:

  • Install: apt install package_name or yum install package_name.
  • Update: apt update and apt upgrade or yum update.
  • Remove: apt remove package_name or yum remove package_name.

• Dependency Management:

  • Package managers handle dependencies automatically but may require manual resolution in some cases.

Network Troubleshooting

• Basic Tools:

  • ping: Tests network connectivity.
  • traceroute: Traces the path packets take to a network destination.
  • ifconfig/ip addr: Displays and configures network interfaces.
  • netstat: Shows active connections and routing tables.

• DNS Troubleshooting:

  • nslookup/dig: Queries DNS records.
  • Check /etc/resolv.conf for DNS server configuration.

• Firewall Configuration:

  • iptables/firewalld: Tools to manage firewall rules and network traffic.

Backup And Recovery

• Backup Tools:

  • rsync: Efficient file transfer and synchronization tool.
  • tar: Archive and compress files.
  • dd: Used for disk cloning and backup.

• Backup Strategies:

  • Full Backup: Complete system backup.
  • Incremental Backup: Backs up only the changes since the last backup.
  • Differential Backup: Backs up changes since the last full backup.

• Recovery Process:

  • Ensure backup integrity by regularly testing recovery procedures.
  • Use live CD/USB for recovery in case of system failure.
  • Keep backups in a separate location to protect against hardware failure or disasters.

System Logs Analysis

• System logs are primarily located in the /var/log/ directory, which includes essential log files:
  • syslog for general system messages
  • dmesg for boot and kernel messages
  • auth.log for authentication logs
  • kern.log for kernel messages
• journalctl is used to query logs from the systemd journal, while logrotate helps manage log sizes and archival.
• Analyzing logs can involve:
  • The grep command for searching specific entries
  • tail -f for real-time log monitoring
  • Identifying patterns that indicate recurring issues, such as repeated error messages

Performance Tuning

• Monitoring system performance can be accomplished using:
  • top for real-time system statistics
  • htop for a user-friendly interface version of top
  • vmstat for insights on virtual memory, processes, and CPU activity
  • iostat to monitor device and CPU performance
• Common tuning techniques include:
  • Adjusting swappiness to balance RAM and swap usage
  • Optimizing the file system with tune2fs for ext2/3/4 filesystems
  • Modifying caching settings like cachepressure and dirty_ratio
• CPU and memory management can be handled with:
  • nice and renice for prioritizing processes
  • free command to monitor memory usage and adjust application resource utilization

Package Management

• Key package managers include:
  • apt for Debian-based distributions (e.g., Ubuntu)
  • yum and dnf for Red Hat-based distributions (e.g., CentOS, Fedora)
• Essential commands for package management:
  • Installation: apt install package_name or yum install package_name
  • Updates: apt update and apt upgrade or yum update
  • Removal: apt remove package_name or yum remove package_name
• Package managers typically handle dependencies automatically but may require manual intervention in some instances.

Network Troubleshooting

• Basic networking tools include:
  • ping for testing network connectivity
  • traceroute to identify the path packets take to a destination
  • ifconfig or ip addr for displaying and configuring network interfaces
  • netstat to show active connections and routing tables
• For DNS troubleshooting:
  • nslookup and dig are used to query DNS records
  • Verify DNS server configurations in /etc/resolv.conf
• Firewall configuration can be managed with:
  • iptables or firewalld for setting firewall rules and controlling network traffic

Backup And Recovery

• Key backup tools consist of:
  • rsync for efficient file transfer and syncing
  • tar for archiving and compressing files
  • dd for disk cloning and backup
• Common backup strategies include:
  • Full Backup: Comprehensive system backup
  • Incremental Backup: Captures only the changes since the last backup
  • Differential Backup: Backs up changes since the last full backup
• Recovery processes should ensure backup integrity through regular testing of recovery procedures, utilizing live CD/USB for recovery efforts, and storing backups in separate locations to mitigate risks of hardware failures or disasters.