What system logs might tell me if a server lost its internet connection?

linux centos networking rhel syslog

Solution 1

Check the ring kernel buffer (dmesg) - you should see information for network connectivity events.

Solution 2

Your kernel logs (the most recent viewable by dmesg, older by journalctl -k or wherever configured in /etc/rsyslog.conf) will probably contain messages if a NIC loses its link. And of course you can easily find what those messages look like by unplugging the cable. Example:

Jan 13 11:16:33 Zia kernel: r8169 0000:07:01.0 lan: link down

Loss of Internet connectivity is harder, and typically you'd set something up to detect this (either external monitoring, or monitoring of outside machines from your machine). It's also not really a binary state—you can have partial Internet connectivity (can reach some hosts, but not all). You can look for clues, though:

messages from NTP in the journal/logs (e.g., about losing peers), or check the NTP peer stats (if enabled).
messages in journal/logs about failed network connections (e.g., if you had fetchmail running routinely, it'd complain it couldn't connect to your POP3 server)
VPN connections going down (I get plenty of OpenVPN logs when the Internet connection goes down).
sudden 0 load on web (etc.) servers. Many servers log all requests received to some server-specific log.
similarly, if you log system load (load average, run queue, etc.), quick drop to 0 is a clue.
lack of noise in firewall logs (at least, if you log blocked packets)
sudden lack of random worm attacks (I get plenty of failed authentication messages from various services I'm running, and not getting any for hours would be a good clue there was no Internet connectivity)
traffic levels, if you're monitoring (e.g., using Cacti, MRTG, collectd, etc.). If you're not, your ISP probably is—maybe they'd be willing to share?
if you have other machines that talk to this machine, check those machine's logs. Might have failure messages
if you offer services to other people, they might have logs.
if you have a support desk, they probably know (from all the calls they got).

Basically, you're doing detective work: you need to look for clues. Without monitoring, there isn't going to be an teh Interwebs is down log message.

jqdc2224

Updated on September 18, 2022

Comments

jqdc2224 over 1 year
I'm writing a function to interpolate polynomials with the Newton method, but I'm having some trouble.
```
function n = newtonInter(x, y)
n = length(x);
a = zeros(n,1);

for k = 0:n-1
       a(k) = y(k);
       for i = k + 1:n
           y(i) = (y(i) - y(k))/(x(i)-x(k));
       end
end
a(n) = y(n);
```
I get an error code in line 5, "Subscript indices must either be real positive integers or logicals."

I set x = [1 2 3 4] and y = [2 0 -10 -34]
- Арсений Черенков over 7 years
  
  unless application, such as mail use internet, and if your local network was OK, I doubt there could be log somewhere to see that.
- user1028270 over 7 years
  
  bummer, just curious if there was any sneaky forensics nix nerds know about.
13dimitar over 7 years

dmesg displays information about hardware (connect/disconnect devices, drivers etc)
thrig over 7 years

OTOH Mac OS X spams the system.log with Internet connection appears to be offline messages when it is so.