Analyzing Log Files on Linux for Security and Performance

Listen to this Post

Featured Image
Log analysis is a critical task for system administrators and security professionals. By examining log files, you can detect unauthorized access attempts, identify performance bottlenecks, and troubleshoot system issues efficiently. Below are essential Linux commands and techniques for effective log processing.

You Should Know: Essential Linux Log Analysis Commands

1. Viewing Logs in Real-Time

tail -f /var/log/syslog 
journalctl -f  For systems using systemd 

2. Filtering Logs by Keyword

grep "Failed password" /var/log/auth.log  Find failed login attempts 
grep -i "error" /var/log/syslog  Case-insensitive error search 

3. Analyzing Logs with `awk`

awk '/Failed password/ {print $11}' /var/log/auth.log | sort | uniq -c | sort -nr 

Extracts and counts IPs with failed SSH attempts.

4. Parsing Logs with `sed`

sed -n '/May 19/p' /var/log/syslog  Filter logs by date 

5. Monitoring Logins & User Activity

last -a  View recent logins 
who /var/log/wtmp  Check logged-in users 

6. Checking Disk & System Performance

dmesg | grep -i "error"  Kernel errors 
df -h  Disk usage 
top -b -n 1 | head -n 20  System resource usage 

7. Automated Log Analysis with `logwatch`

sudo apt install logwatch 
sudo logwatch --detail High --range Today 

8. Advanced Log Correlation with `goaccess`

goaccess /var/log/nginx/access.log --log-format=COMBINED 

9. Extracting Suspicious IPs

cat /var/log/auth.log | grep -oP '([0-9]{1,3}.){3}[0-9]{1,3}' | sort | uniq -c 

10. Log Rotation & Management

ls -l /var/log  Check log files 
sudo logrotate -vf /etc/logrotate.conf  Force log rotation 

What Undercode Say

Log analysis is a fundamental skill for cybersecurity and system administration. Mastering these commands helps in proactive threat detection and performance optimization. Automation tools like `logwatch` and `goaccess` enhance efficiency, while manual inspection with grep, awk, and `sed` provides granular control. Always monitor `/var/log/auth.log` for intrusion attempts and `/var/log/syslog` for system-wide issues.

Expected Output:

[/bash]
May 19 10:15:01 server sshd[bash]: Failed password for root from 192.168.1.100 port 22
May 19 10:15:05 server kernel: [bash] CPU usage exceeding threshold
[bash]

Prediction
As cyber threats evolve, log analysis will increasingly rely on AI-driven tools, but CLI commands will remain indispensable for real-time diagnostics and forensic investigations.

URL: https://study-notes.org

References:

Reported By: Xmodulo Analyzing – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

Join Our Cyber World:

💬 Whatsapp | 💬 Telegram