It is difficult to know how to tune a running system if you have no idea how a system “normally” runs. By asking careful questions of the system (and interpreting the answers correctly), you can avoid poking around at variables in the dark and make effective changes exactly where they need to be made.
This is where log files can be your best friend. Treat them well, and pay them the attention they’re due; you will learn volumes about how your system is being used. But if you simply let them fill up your disks, they can be a source of much confusion. With the proper tools and techniques, your system logs will be concise and detailed enough to tell you exactly what you need to know.
But sometime, the information you’re after doesn’t get logged anywhere, but is expressed in the running Linux system, either as a pinpoint check of system resources or data on the network itself. Incidentally, we won’t examine full-blown system monitoring and trending packages (such as Nagios or MRTG) in this chapter but instead will look at ways to interrogate your system to get specific information about what’s going on right now. We’ll also see a couple of ways of to detect potential problems before they happen and even how to automatically deal with catastrophic failures when they do occur.
Make syslog work harder, and spend less time looking through huge log files
The default syslog installation on many distributions doesn’t do a very good job of ...