Log Analysis Tools
- Log Analysis Tools
This article details the various log analysis tools available on our servers, and provides guidance on their use for troubleshooting and monitoring. Proper log analysis is crucial for maintaining a stable and performant MediaWiki installation. This guide is aimed at new system administrators and those unfamiliar with our logging infrastructure.
Overview
Our servers generate a significant volume of log data. Analyzing these logs is essential for identifying errors, performance bottlenecks, security incidents, and general system health. We employ a combination of tools to collect, store, and analyze these logs. This document covers the primary tools and techniques used for log analysis. Understanding Server Administration is fundamental to effectively using these tools.
Log Locations
Logs are typically stored in the following locations:
- `/var/log/apache2/`: Apache web server logs (access and error logs). These are vital for understanding web requests and identifying web-related errors. See Apache Configuration for more details.
- `/var/log/mysql/`: MySQL/MariaDB database server logs. These logs are critical for identifying database performance issues and errors. Refer to Database Maintenance for database-specific documentation.
- `/var/log/php/`: PHP error logs. These logs capture errors generated by PHP scripts, including MediaWiki's PHP code.
- `/var/log/syslog/`: System-level logs, recording events from various system components. Understanding System Logging is important for interpreting these logs.
- `/var/log/mediawiki/`: Custom MediaWiki logs (if configured - see Custom Logging).
Primary Log Analysis Tools
We utilize several tools for analyzing log data. The following table summarizes the most commonly used tools:
| Tool | Description | Primary Use Cases |
|---|---|---|
| `grep` | A command-line utility for searching plain-text data sets for lines matching a regular expression. | Quick searches for specific errors, IP addresses, or keywords. Fundamental for Command Line Interface use. |
| `awk` | A programming language designed for processing text-based data, often used for extracting and manipulating log data. | Parsing log files, generating reports, and performing complex data analysis. |
| `sed` | A stream editor used for performing basic text transformations on log files. | Replacing text, deleting lines, and performing simple modifications to logs. |
| `tail -f` | Displays the last part of a file and continues to monitor it for new lines added. | Real-time monitoring of log files for immediate error detection. |
| `GoAccess` | A real-time web log analyzer and interactive viewer that runs in a terminal or through your browser. | Analyzing Apache access logs to understand website traffic patterns. See Web Server Analytics. |
Advanced Log Analysis with ELK Stack
For more sophisticated log analysis, we utilize the ELK stack (Elasticsearch, Logstash, Kibana). This provides a centralized logging solution with powerful search and visualization capabilities.
- Elasticsearch: A distributed search and analytics engine. It stores and indexes the log data.
- Logstash: A data processing pipeline that ingests log data from various sources, transforms it, and sends it to Elasticsearch.
- Kibana: A visualization dashboard that allows you to explore and analyze the data stored in Elasticsearch.
The following table outlines the ELK stack configuration:
| Component | Version | Configuration File | Notes |
|---|---|---|---|
| Elasticsearch | 8.11.3 | `/etc/elasticsearch/elasticsearch.yml` | Requires significant RAM and disk space. See Elasticsearch Configuration. |
| Logstash | 8.11.3 | `/etc/logstash/conf.d/` | Uses configuration files to define input, filter, and output pipelines. |
| Kibana | 8.11.3 | `/etc/kibana/kibana.yml` | Provides a web interface for exploring and visualizing logs. |
Example Log Analysis Scenarios
Here are some common scenarios and how to address them using the tools described above.
- Identifying Slow Queries: Analyze the MySQL slow query log (`/var/log/mysql/mysql-slow.log`) using `grep` to find queries taking an excessive amount of time. Then review the query in Database Optimization.
- Detecting Web Attacks: Monitor the Apache access logs (`/var/log/apache2/access.log`) for unusual patterns, such as a high number of requests from a single IP address or attempts to access sensitive files. Utilize ELK for correlation of events. See Security Best Practices.
- Troubleshooting PHP Errors: Examine the PHP error logs (`/var/log/php/error.log`) for errors related to MediaWiki's PHP code. Use `tail -f` for real-time monitoring during development or testing. Refer to PHP Error Handling.
Table of Common Error Messages and Solutions
| Error Message | Possible Cause | Solution |
|---|---|---|
| "PHP Fatal error: Uncaught Error: Class '...' not found" | Missing PHP extension or incorrect MediaWiki configuration. | Install the required PHP extension or update the `LocalSettings.php` file. Consult PHP Extensions. |
| "MySQL error: Can't connect to MySQL server on 'localhost'" | MySQL server is down or unreachable. | Restart the MySQL server or check network connectivity. See Database Troubleshooting. |
| "Apache error: File does not exist: /var/www/html/..." | Incorrect file path or missing file. | Verify the file path and ensure the file exists. Check Apache Configuration. |
Further Resources
Intel-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Core i7-6700K/7700 Server | 64 GB DDR4, NVMe SSD 2 x 512 GB | CPU Benchmark: 8046 |
| Core i7-8700 Server | 64 GB DDR4, NVMe SSD 2x1 TB | CPU Benchmark: 13124 |
| Core i9-9900K Server | 128 GB DDR4, NVMe SSD 2 x 1 TB | CPU Benchmark: 49969 |
| Core i9-13900 Server (64GB) | 64 GB RAM, 2x2 TB NVMe SSD | |
| Core i9-13900 Server (128GB) | 128 GB RAM, 2x2 TB NVMe SSD | |
| Core i5-13500 Server (64GB) | 64 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Server (128GB) | 128 GB RAM, 2x500 GB NVMe SSD | |
| Core i5-13500 Workstation | 64 GB DDR5 RAM, 2 NVMe SSD, NVIDIA RTX 4000 |
AMD-Based Server Configurations
| Configuration | Specifications | Benchmark |
|---|---|---|
| Ryzen 5 3600 Server | 64 GB RAM, 2x480 GB NVMe | CPU Benchmark: 17849 |
| Ryzen 7 7700 Server | 64 GB DDR5 RAM, 2x1 TB NVMe | CPU Benchmark: 35224 |
| Ryzen 9 5950X Server | 128 GB RAM, 2x4 TB NVMe | CPU Benchmark: 46045 |
| Ryzen 9 7950X Server | 128 GB DDR5 ECC, 2x2 TB NVMe | CPU Benchmark: 63561 |
| EPYC 7502P Server (128GB/1TB) | 128 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/2TB) | 128 GB RAM, 2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (128GB/4TB) | 128 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/1TB) | 256 GB RAM, 1 TB NVMe | CPU Benchmark: 48021 |
| EPYC 7502P Server (256GB/4TB) | 256 GB RAM, 2x2 TB NVMe | CPU Benchmark: 48021 |
| EPYC 9454P Server | 256 GB RAM, 2x2 TB NVMe |
Order Your Dedicated Server
Configure and order your ideal server configuration
Need Assistance?
- Telegram: @powervps Servers at a discounted price
⚠️ *Note: All benchmark scores are approximate and may vary based on configuration. Server availability subject to stock.* ⚠️