How do you check the log?
And I have no clue what's going on (or what happened 10 hours back?).
All you sys-admins & experts, How your curious mind gets the answers?
* How do you check the log? ..not real time monitoring but checking the past events.
What stats/log app do you use on your bare-bone linode? (AWStats/ webalizer etc?) How to find currently online visitors, the real time? (is there way in PHPMYADMIN-> Status-> server?) What's the best practices? to be informed.</list>
I'm sorry but whatever I learned is via crude way (not from experts/books etc.)
Thank you, Linode community is awesome!~~
The location of the logs depends on your distribution and the type of your web server software. In Ubuntu and Debian, look inside /var/log/apache2 for Apache logs, or /var/log/nginx for nginx logs. If the log files are huge, you can use commands like "less" and "more" to scroll through them, "head" and "tail" to pull out a specific number of lines, or "grep" to find entries that match a pattern.
IMO AWStats and Webalizer are both outdated, although some people still use them. A lot of webmasters nowadays outsource visitor statistics to a third party such as Google Analytics. But if the traffic was caused by a search engine, it might not appear in Google Analytics.
The spike in the dashboard metrics could be the result of many number of things (and combinations). For example, someone is brute-forcing a public service (ssh, http, pop3, imap, so on and so forth). Other times it could be a badly configured script on your part, that has finally given up the ghost. It could also be a spam attack, trying to force feed your smtp with spam or some kind of new virus attachment. The most obvious, is usually someone hitting a wordpress site, trying to register an account, login as admin, or trying to post spam comments. Take your pick…
You could look around the logs from every single daemon running on the server, to try and pin point the exact place in time that caused the spike, maybe you'll get lucky and its something obvious, like a wordpress attack. You should also consider reading about server security, hardening the server, like removing unused things (if you don't use imap, then there is no need for it to be online and accessible), installing various tools like fail2ban, mod_evasive, etc.
Regarding monitoring a server, that is another issue entirely. If you are serious about it, you'd have something like icinga2 or another similar monitoring system, which could alert you just about anything that happens on the server.