LAMP on CentOS: Log Management Guide
Effective log management is critical for maintaining the stability, security, and performance of a CentOS-based LAMP (Linux, Apache, MySQL, PHP) environment. This guide covers key aspects of log handling, including viewing, analyzing, rotating, and securing logs.
Understanding where logs are stored is the foundation of log management. Key log files for LAMP components in CentOS include:
/var/log/messages: General system messages (kernel, services)./var/log/secure: Security-related events (login attempts, sudo usage, SSH connections)./var/log/httpd/access_log: Records all incoming HTTP requests (access logs)./var/log/httpd/error_log: Logs Apache errors (configuration issues, module failures)./var/log/mysqld.log (or /var/log/mysql/error.log): MySQL server errors, startup/shutdown messages./var/log/mysql/slow_queries.log) for performance tuning./var/log/php-fpm/error.log (if using PHP-FPM): PHP-FPM errors./var/log/httpd/error_log (Apache-integrated PHP).Several command-line tools help monitor and search logs efficiently:
journalctl: For systemd-managed logs (CentOS 7+). Common commands:
journalctl: View all logs.journalctl -b: View logs from the current boot.journalctl -b -1: View logs from the previous boot.journalctl -k: View kernel logs.journalctl | grep 'error': Filter logs for “error” keywords.tail: Real-time log monitoring. Example:
tail -f /var/log/httpd/access_log: Follow Apache access logs as they update.grep: Search for specific patterns. Example:
grep '404' /var/log/httpd/access_log: Find all 404 (not found) errors in Apache access logs.logrotateLog rotation prevents logs from consuming excessive disk space by archiving, compressing, and deleting old logs. CentOS uses logrotate by default:
/etc/logrotate.conf, with component-specific settings in /etc/logrotate.d/ (e.g., /etc/logrotate.d/httpd for Apache)./etc/logrotate.d/myapp) to define rules. Example for Apache:/var/log/httpd/*.log {
daily # Rotate daily.
rotate 7 # Keep 7 rotated logs.
compress # Compress old logs (gzip).
missingok # Skip if log file is missing.
notifempty # Don’t rotate empty logs.
create 640 root adm # Set permissions for new logs.
}
logrotate -f /etc/logrotate.d/httpd.For large-scale or complex environments, use specialized tools to analyze and visualize logs:
/var/log/secure, PHP error logs) to authorized users only. Example:chmod 640 /var/log/secure
chown root:adm /var/log/secure
logrotate to define how long logs are kept (e.g., rotate 30 for 30 days) or use journalctl to limit log size:journalctl --vacuum-size=100M # Keep logs under 100MB.
journalctl --vacuum-time=2weeks # Delete logs older than 2 weeks.
rsyslog or syslog-ng to prevent local log tampering or loss.By implementing these practices, you can ensure efficient log management for your CentOS LAMP environment—enabling faster issue resolution, improved security, and better system visibility.