Practice and reference
Read the concept, then use a quiz, builder or checklist to make it stick.
First response goal
The goal is to reduce uncertainty quickly. Confirm the symptom, gather evidence, avoid risky assumptions and create a clear next action.
Do not make destructive changes just to see what happens. That is not troubleshooting. That is jazz with root access.
Checklist
- Find the correct domain log
- Check recent 500 errors
- Compare access and error times
- Look for bot patterns
- Separate WAF blocks from PHP errors
- Summarise evidence
Useful commands
$ tail -f /usr/local/apache/domlogs/example.com
$ grep " 500 " /usr/local/apache/domlogs/example.com | tail
$ awk '{print $1}' access.log | sort | uniq -c | sort -nr | head
What good notes include
- The exact symptom and timestamp.
- The command or tool used to verify it.
- Relevant output, trimmed and sanitised.
- What was ruled out.
- Recommended next action or escalation reason.
Customer-safe summary
Explain what was checked, what was found, and what the customer can do next. Avoid dumping raw logs unless they help. Clear beats clever.