Linux Server Administration Complete Guide Part 8: Log Management and Monitoring

Master Server Status Tracking

January 21, 2026Linux

Linux Server Administration Complete Guide Series

Part 7: Advanced Shell Scripts | Part 8: Log Management (Current) | Part 9: Backup & Recovery

Introduction: Logs, The Server's Black Box

Logs record everything happening on your server. Log management is essential for troubleshooting, security audits, and performance analysis.

1. Key Log Files

/var/log/syslog        # System log (Debian/Ubuntu)
/var/log/messages      # System log (RHEL/CentOS)
/var/log/auth.log      # Authentication log
/var/log/kern.log      # Kernel log
/var/log/nginx/        # Nginx logs

2. journalctl

journalctl -f                    # Follow in real-time
journalctl -u nginx              # Service logs
journalctl -p err                # Error priority
journalctl --since "1 hour ago"  # Time filter
journalctl --disk-usage          # Check disk usage

3. logrotate

# /etc/logrotate.d/nginx
/var/log/nginx/*.log {
    daily
    rotate 14
    compress
    missingok
    postrotate
        kill -USR1 `cat /var/run/nginx.pid`
    endscript
}

4. Real-time Monitoring

tail -f /var/log/syslog | grep -i error
multitail /var/log/syslog /var/log/auth.log

5. Log Analysis

# Top IPs
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head

# HTTP status codes
awk '{print $9}' access.log | sort | uniq -c | sort -rn

6. Alerting

#!/bin/bash
THRESHOLD=80
df -h | while read line; do
    usage=$(echo "$line" | awk '{print $5}' | sed 's/%//')
    if [ "$usage" -ge "$THRESHOLD" ]; then
        echo "Disk warning" | mail -s "Alert" admin@example.com
    fi
done

Conclusion

Log management and monitoring are essential for server operations. Next part covers backup and recovery strategies.

Back to List