Troubleshooting /var/log files for a recent series of crashes, what should I look for in the files if I believe low memory or disk space are to blame? Is there a general term used in the Linux error-throwing lingo for hardware faults of this kind? And, what system processes would be effected, such as the kernel, by a critical shortage of memory?
Just as background, I was working on a Drupal site hosted on my Fedora 17 sandbox project laptop when I experienced these system crashes. Recently I've downloaded some rather large files (I've since moved to media) and was down to about 1.8G of HD space.
I found some useful posts here about monitoring memory usage with top
or current disk usage with du
. This question, however, is specifically about log files. I found a similar post at Fedora Forums searching for an explanation of FPrintObject
which lead me to do Memtest, but nothing is reported bad there.
Best Answer
The information you are looking for is not found in usual syslog logs. For viewing performance history from the command line, sysstat is an excellent tool.
With sysstat, the
sadc
collects system information and writes them to a log file. The log file is a binary format, but can be viewed with thesar
command.Here is an example of sar output with no options:
The information you see is the same information provided by
top
, but is historical data. You can also see detailed information about RAM, network, and disk utilization. Here is an example for RAM usage:Outside of running sar locally, there are many monitoring systems that show performance trending data. Munin, cacti, and zabbix are some examples. These have the benefit of graphing and keeping the data for multiple servers in a centralized location.
Update to answer from comments:
The
sar
command will tell you if you ran out of RAM prior to the crash. This will be obvious as kbbuffers and kbcached will drop dramatically. You can also check dmesg for OOM (out of memory) killer, but dmesg is only written to logs if klogd is installed. You won't see any logs about out of disk space, unless an application specifically reports its failure to write to disk. However, if the disk is full, syslog won't be able to write the log to disk either.