Log Files are a Server Administrators’ hardest working assistant. So, when I had to deal with a recent “500 Internal Server Error” I turned to my hard working assistant and started my diagnostics in the Apache Log Files. The Apache HTTP Server (also known as the Apache Web Server), has its own directory, in Debian GNU/Linux, for Log Files. They can be found at:
[sourcecode]user@server: /var/log/apache2[/sourcecode]
The “500 Internal Server Error” is in fact, an error, so , my first look was at the Apache Error Log File.
[sourcecode]user@server: pico error.log[/sourcecode]
Log Files are Most Useful when they Start Empty
The issue I have with Log Files, is how much information they collect. Log Files can contain information about all kinds of system or application events, even if I wouldn’t consider the information or event to be a critical issue. Take a look at the Apache Log File, from one of my servers:
At the bottom of the image, you can see there are 187 lines of information, so the image only represents a portion of the total errors, in the Log File. You may also notice lines that seem to end abruptly, with a dollar sign ($). This means there is more information, after the dollar sign ($), which cannot be displayed, at that particular terminal/console screen size.
Server Administrators can waste a lot of time, wading through log files, for what may be a single error. Personally, I find it faster and way more efficient, to start my diagnostics with empty Log Files. Take a look at the same Apache Log File, only empty this time:
With this empty log file, I can more easily identify a specific error. The “500 Internal Server Error” mentioned above, is an error, displayed to a user, through a web browser. However, the Apache Error Log, will show information, specific to why a “500 Internal Server Error” occurred.
Log Files: Their Location and the Process to Empty
To empty the contents of the Log Files, all at once, first they have to found. My servers all run Debian GNU/Linux 6.0 (Squeeze), so the vast majority of the log files are in the log directory. Navigating to the log directory from the command line, is as simple as typing…
[sourcecode]user@server: cd /var/log/[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
From here, you view all the files and directories, at this location, by typing…
[sourcecode]user@server: ls[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
The “root” or “super user” permissions (su or sudo), will be needed (not covered in this post) to proceed past this step.
MAKE SURE YOU BACKUP the existing Log Files, before proceeding (also not covered in this post).
Now, removing all the information, contained in these Log Files, is as easy as typing…
[sourcecode]user@server: for logs in `find /var/log -type f`; do > $logs; done[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
DONE! Log Files are now empty, but can start to retain new information, immediately.
This same command could be run as a script and saved for future use. To do this, start by typing…
[sourcecode]user@server: cd /var/log/[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
Then type…
[sourcecode]user@server: pico nulllogs.sh[/sourcecode]
…and press the <Enter> key, on your keyboard.
In the new nulllogs.sh file, add the same command (from above), by typing…
[sourcecode]for logs in `find /var/log -type f`; do > $logs; done[/sourcecode]
… in the first line of the nulllogs.sh file. Then press the <Ctrl> and <X> keys, on your keyboard, to save and exit.
You’ll be presented with the following message…
Save modified buffer (ANSWERING “No” WILL DESTROY CHANGES)?
..to which you’ll want to press the <Y> key, on your keyboard.
You’ll again be presented with a message…
File Name to Write: nulllogs.sh
..which you’ll simply answer by pressing the <Enter> key, on your keyboard.
Now, you can verify that the “nulllogs.sh” script was created by typing…
[sourcecode]user@server: ls[/sourcecode]
…and pressing the <Enter> key, on your keyboard. You should see the nulllogs.sh script, in the list.
Now you need to change the permissions of the nulllogs.sh script, by typing…
[sourcecode]user@server: chmod +x nulllogs.sh[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
[sourcecode]user@server: chmod +x nulllogs.sh[/sourcecode]
is the same as
[sourcecode]user@server: chmod a+x nulllogs.sh[/sourcecode]
Then, the next time you want to clear the Log Files, you can simply execute the script, by typing…
[sourcecode]user@server: ./nulllogs.sh[/sourcecode]
…and pressing the <Enter> key, on your keyboard.
I know my steps are pretty thorough, so it may seem quite complicated. However, for an Advanced Server Administrator, these steps can all take place in less than a couple minutes time.