Mission 11

Log triage

Inspect access, error, auth, and service logs in a cautious order.

Text and logs
9 minutes Beginner Lesson 11 of 360
tailjournalctlgrep
Lesson 11 of 360 0/360 lessons 0/17 missions Text and logs · 9 minutes
0%
Continue View profile
Ops lab terminal Training lab
New learnerrank 0XP 0%complete
learner@clairos:/home/learner $ Unix ops lab: type a command, press Enter
Instructions 9 minutes

Click any instruction for the command details, the why, and the common mistake to avoid.

Tail web access

Run tail -n 2 /var/log/nginx-access.log.

tail -n 2 /var/log/nginx-access.log
Read service journal

Run journalctl -u nginx.

journalctl -u nginx
Search auth denials

Run grep denied /var/log/auth.log.

grep denied /var/log/auth.log
Lesson support

What to notice while you play.

Objective

Compare app, service, and auth evidence.

Hint

Tail nginx access, then read the simulated nginx journal.

Why it matters

Incident triage is evidence gathering before action.

Common mistakes
  • Restarting a service before reading logs.
  • Only checking one log source.
Reference

Commands in this lesson.

grep [-i] <text> <file>

Find literal text inside a file.

journalctl -u <service>

Read simulated service journal entries.