If you want to empty large log files (aka lots of GB) without deleting the file, here’s how you can do that:
nix# > mylargelog.log
or
nix# echo " " > mylargelog.log
Tadaa!!
Category Archives: BASH
How to empty large log files
Search in archives
When using the linux shell daily we encounter situations when we need to search specific strings in one or more archives. If you are wondering how to search in archives for different patterns or strings, this tutorial will show you how.
You might have an archived log file and you want to search for the word “error”, here’s how you can do it.
Presenting zcat:
zcat is a linux console utility that takes as input compressed data files and send to stdout the results. Used with advanced utilities like cut, grep or awk, zcat becomes a very powerful application that helps the linux system administrator to search through archived files.
Here’s an example.
[root@nyx /]# zcat httpd-log_20140821.gz | awk -F ";" '($6~"error") [Wed Aug 27 11:08:27 2014] [error] [client 91.196.46.169] PHP Warning: date_default_timezone_get(): It is not safe to rely on the system's timezone settings.
The explaining:
zcat parses httpd-log_20140821.gz, outputs the lines that have the word “error” in the 6th column of the log file.
Another example:
zcat logs_2014082* | awk -F ";" '($1=="Transaction timed out") | sort -u Alert: a Transaction timed out error was received at 2014-08-20 1:33 Alert: a Transaction timed out error was received at 2014-08-21 10:03
The explanation:
zcat parses the archived files hat start with ” logs_2014082″, searches if the 1st column contains “Transaction timed out” then sorts the output and removes duplicate lines.
Introducing zgrep.
Like the similar grep command, zgrep is a linux utility that was developed for the sole purpose of matching patters or strings inside an archived file.
Example:
zgrep error httpd.log.gz [Sat Aug 23 06:12:20 2014] [error] [client 141.8.147.29] File does not exist: /www/html/nixware.net/httpdocs/index [Sat Aug 23 06:12:21 2014] [error] [client 37.58.100.76] File does not exist: /www/html/nixware.net/httpdocs/forum
The explanation: zgrep searches the httpd.log.gz file for the “error” word and sends the output to stdout.
zmore:
– allows you to filter archived or plain text files one screen a a time. As it’s name says it does basically the same thing as more but it can search.
How to run linux scripts
Scripts can be defined as a sequence of commands that are stored inside a file and are usually executed in order to automate certain tasks. In the following minutes I’m gonna show you how to run linux scripts from the shell.
In the BASH environment you can find many types of scripts. Depending on the user needs you can find BASH, Python, Perl or other type of scripts.
In some cases they might have an extension like .sh, .bsh, or .py, however this is not a rule. In Linux, files don’t need to have an extension, but they are required to have an shebang.
The shebang is the first line in a script which tells the shell what program to interpret the script with, when executed.
Here’s an example:
~ # more /root/blockip.sh #!/bin/bash
As you can see, the first line in the script tells us that this is a BASH script.
So, how can we run a script ?
First you need to check the permissions of the script:
~ # ls -l /root/blockip.sh -r--r--r 1 root root 156 Jun 1 20:12 /root/blockip.sh root@nyxware#
In order to execute a script, the user under which the script needs to be executed has to have execution permissions, and the above one doesn’t have that permissions and this is how you can fix it:
chmod + x ./blockip.sh
No check the permissions again:
~ # ls -l /root/blockip.sh -rwxrwxrwx 1 root root 156 Jun 1 20:12 /root/blockip.sh root@nyxware
The permissions are ok now.
Now you can run the script by typing:
root@nyxware ~ # ./blockip.sh OK root@nyxware
Alternatively, you can run the same script with it’s absolute path:
root@nyxware ~ # /root/blockip.sh OK root@nyxware
A python script can be run like this:
~ # python test.py Usage: test.py server [options] Test for SSL heartbeat vulnerability (CVE-2014-0160) Options: -h, --help show this help message and exit -p PORT, --port=PORT TCP port to test (default: 443) root@nyxware
~ #
In Perl:
root@nyxware#hello-world.pl Hello world!
How to save iptables
In this article you will find out how to save iptables firewall rules in Linux CentOS, Redhat, Debian and Ubuntu.
Iptables is a Linux application built for the purpose of allowing a system administrator to configure and maintain specific firewall tables/rules provided by the Linux kernel firewall module.
There are currently 3 different kernel modules build for the IPv4, IPv6 and ARP stack protocols (iptables is used for IPv4, ip6tables refferes to IPv6, arptables to Addres Resolution Protocol).
The most used and the one used in this tutorial is iptables. In order to execute iptables related commands you need root privileges or to be in the sudoers file in Debian/Ubuntu OSes.
So here’s how to save iptables and how to list existing ones:
The syntax used to check the iptables service status is:
service iptables status ##CentOS, Redhat sudo iptables -L -n -v ##Debian, Ubuntu
To start iptables:
service iptables start ##CentOS, Redhat sudo ufw enable ##Ubuntu
To list iptables rules:
iptables -L
Save iptables rules:
iptables-save #Debian sudo iptables-save #Ubuntu service iptables save #CentOS
On CentOS, for example, you would see an output like this:
To restore iptables rules:
~ # iptables-restore < /etc/sysconfig/iptables root@nyxware ~ #
Autostart services in Linux
chkconfig is a simple command-line tool that helps a Linux administrator configure, maintain, autostart and manage the configuration of the symlinks located in /etc/rc[0-6].d path.
First of all let me show you which are the most used services in a Linux distributuion.
You can find out what services can be started in your server by typing:
chkconfig --list
The output should look something like this:
~ # chkconfig --list
acpid 0:off 1:off 2:on 3:on 4:on 5:on 6:off
cgconfig 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cgred 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cmdavd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
cmdmgd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
crond 0:off 1:off 2:on 3:on 4:on 5:on 6:off
htcacheclean 0:off 1:off 2:off 3:off 4:off 5:off 6:off
httpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ip6tables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
iptables 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mailman 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mdmonitor 0:off 1:off 2:on 3:on 4:on 5:on 6:off
mysqld 0:off 1:off 2:on 3:on 4:on 5:on 6:off
named 0:off 1:off 2:on 3:on 4:on 5:on 6:off
netconsole 0:off 1:off 2:off 3:off 4:off 5:off 6:off
netfs 0:off 1:off 2:off 3:on 4:on 5:on 6:off
network 0:off 1:off 2:on 3:on 4:on 5:on 6:off
ntpd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
ntpdate 0:off 1:off 2:off 3:off 4:off 5:off 6:off
portreserve 0:off 1:off 2:on 3:on 4:on 5:on 6:off
psa 0:off 1:off 2:on 3:on 4:on 5:on 6:off
qmail 0:off 1:off 2:on 3:on 4:on 5:on 6:off
rdisc 0:off 1:off 2:off 3:off 4:off 5:off 6:off
restorecond 0:off 1:off 2:off 3:off 4:off 5:off 6:off
rsyslog 0:off 1:off 2:on 3:on 4:on 5:on 6:off
saslauthd 0:off 1:off 2:off 3:off 4:off 5:off 6:off
spamassassin 0:off 1:off 2:on 3:on 4:on 5:on 6:off
squid 0:off 1:off 2:off 3:off 4:off 5:off 6:off
sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
xinetd based services:
chargen-dgram: off
chargen-stream: off
daytime-dgram: off
daytime-stream: off
discard-dgram: off
discard-stream: off
echo-dgram: off
echo-stream: off
ftp_psa: on
poppassd_psa: on
rsync: off
smtp_psa: on
smtps_psa: on
submission_psa: on
tcpmux-server: off
time-dgram: off
time-stream: off
The left column contains the name of the process, to the right you have 7 columns, each one represents a Linux runlevel. Usually you will use runlevels 3,4,5. Runlevel 0 and 6 are related to shutdown (0) and reboot (6), so you should never use these.
The “on” and “off” reffer to the fact that a specific service will autostart (on) or will not autostart (off) after a reboot of the server.
The manual of chkconfig can be accesed via the command:
~ # chkconfig --help
chkconfig version 1.3.49.3 - Copyright (C) 1997-2000 Red Hat, Inc.
This may be freely redistributed under the terms of the GNU Public License.usage: chkconfig [--list] [--type ] [name]
chkconfig --add
chkconfig --del
chkconfig --override
chkconfig [--level ] [--type ] <on|off|reset|resetpriorities>
root@nyxware~ #
To autostart a service after each reboot you would use a command like this:
chkconfig --level 345 httpd on
or just
chkconfig httpd on
To stop a process from starting after each reboot enter the command:
chkconfig httpd off
or stop it from running at a specific runlevel:
# chkconfig --level 3 httpd off root@nyxware#
Use grep to see the status of a specific service:
~ # chkconfig --list | grep ssh sshd 0:off 1:off 2:on 3:on 4:on 5:on 6:off root@nyxware ~ #
* replace httpd with your desired service name.
Show only specific columns in Linux log files
To troubleshoot specific application errors, a sysadmin needs to check his logs for warning, errors or other useful information.
However, most server logs are quite unreadable or contain too much information. This kind of situation is unacceptable and you need to extract only specific columns from that log.
Let’s say you are checking the Apache error log and you want to extract only a specific column. I’m trying to search the log for the word error, the display the IP’s that are getting that error and count how many times the error occurs per IP.
Here’s how you can do it.
First you need to find out where the Apache log file is. In my case it is /etc/httpd/logs/error_log (Redhat, CenOS). If you use Debian or Ubuntu the location will be /var/log/apache2/error.log.
Now that you know the log location, put the path in the command below:
cat /etc/httpd/logs/error_log | grep error | cut -d" " -f8 | uniq -c | sort
You should see something like this:
[root@nyx ~]# cat /etc/httpd/logs/error_log | grep error | cut -d" " -f8 | uniq -c | sort
1 109.166.141.29]
1 111.162.148.116]
1 118.113.227.137]
1 166.78.10.25]
1 187.33.2.88]
1 207.46.13.77]
1 66.249.78.221]
1 66.249.78.3]
6 61.19.246.190]
6 95.111.68.120]
So, the command syntax is pretty simple: I concatenate the log file, match the “error” word, then print the 8th column, remove duplicates, count the occurrence per IP and sort the list. Voila!
Now you know which IPs are receiving errors when they are visiting your site. You might want to do some checks and see what the problem is. Maybe those IPs are just running bots that are searching for vulnerabilities and it might be a good idea to block them in your firewall.
How to delete files in Linux
During everyday usage of the Linux operating system, you will encounter situations when you will need to delete one or more files from the file system.
The easiest way to delete a file from BASH is to issue the rm command.
In most Linux distributions the rm command is an alias for “rm -i”, so when you enter rm in the shell, the alias points to rm -i (the “i” stands for interactive).
[root@nyx backup]# rm wordpress.sql rm: remove regular file `wordpress.sql'? y [root@nyx backup]#
Delete the file without a confirmation:
[root@nyx backup]# rm -f wordpress.sqlwordpress.sql [root@nyx backup]#
Delete all the files in the folder called “backup”. -r stand for recursively, -f is forcing the delete command without a confirmation. Be careful when you use “-r -f” !
[root@nyx backup]# rm -r -f ./backup/ [root@nyx backup]#
Find files older than x days and delete them:
find /home/backup/* -mtime +30 -exec rm {} \;
## find files older than 30 days from the /home/backup directory and delete them
View Linux BASH history
In case you are wondering how to review your latest commands entered in your favorite Unix shell, below you have more than one option to achieve this goal.
The first and most known way is using the history command:
By typing history in your Linux shell will show on your screen the latest commands you entered with the user you are currently logged in.
It is important to mention that the Unix/Linux way of storing your history is pretty simple: basically the OS just stores your commands in a text file. That file can differ from one distro to another, but you can view the exact location of that file by typing echo $HISTFILE. You can see a sample below:
Knowing the file (location) the ways you can manipulate the output are multiple. For example:
cat $HISTFILE | more #(you can use less too)
View the history in a text editor:
vim $HISTFILE
View only specific columns:
history | cut -d' ' -f 4-
View only the last 20 lines:
history | tail -n 20
Or view the:
- last 5 “yum-install” commands from your history file:
history | grep "yum-install" | tail -n 5
- First 5 commands that contain “yum”
history | grep yum | head
How to run commands from your bash history ?
Viewing your bash history is pretty easy. Type history in your shell and you will be presented with the latest 500 or 1000 (depends on distro/bash settings, ) commands you entered.
But what if you want to run one or more commands from the history file, how can that be accomplished ?
Well, the not so effective way is to type history | grep mycommand, then copy and paste in the terminal.
However, if your command expands on multiple lines the above procedure is pretty painful.
Here’s a more efficient way:
Introducing History expansion and the event designators:
| The command | Description |
| !! | Repeat last command |
| ! | Start a history substitution |
| !n | Refers to the command line n |
| !string | Invokes the command starting with “string” |
| !?string | Refers to the most recent command containing “string” |
| ^string1^string2 | Repeats the last command and replaces string1 with string2 |
Here are a couple of practical examples:
Repeats last command, in this case is whoami.
From the history file it Invokes the latest command containing hostname.
String replacement:
[root@nyx log]# tail /var/log/messages | head -n 2 #showing first 2 lines from /var/log/messages Aug 22 19:39:56 euve59329 Plesk/Courier authd[20849]: No such user 'cage@nixware.net' in mail authorization database Aug 22 20:05:26 euve59329 Plesk/Courier authd[21813]: No such user 'psychoza@nixware.net' in mail authorization database [root@nyx log]# ^messages^mysqld.log #from the last command replace messages with mysqld.log and execute the command tail /var/log/mysqld.log | head -n 2 140822 4:03:28 [ERROR] Invalid (old?) table or database name 'comment _subscribers' 140822 4:03:28 [ERROR] Invalid (old?) table or database name 'mp3-players' [root@nyx log]#
How to set the date and time in Linux
To view the current date and time, issue the date command:
Then view and set your time zone:
cd /usr/share/zoneinfo
I’m going to use the GMT time zone.
Copy the file with your timezone. (this could be ./Europe/London or whatever city you would like to use).
Change the date and time in Linux via BASH:
For this purpose we will use the following command format:
date 082314422014 ### August/23rd/14:44/2014 ## Date /month/ day/ hour/ minutes/ year
