Logs in Linux

Introduction

Logs are very helpful while troubleshooting as it contains the relevant information whenever disaster appear on server or any service is not working properly. So these logs saves time in troubleshooting.

List logs

By default most Linux logs can be found in the directory /var/log/.

# ls -l /var/log
total 5756
drwxr-xr-x. 2 root root 4096 Feb 25 13:14 anaconda
drwxr-x---. 2 root root 94 Apr 20 20:16 audit
-rw-r--r--. 1 root root 0 Feb 25 13:13 boot.log
-rw-------. 1 root utmp 1808256 Apr 22 07:34 btmp
-rw-r--r--. 1 root root 1134 Apr 10 03:08 choose_repo.log
drwxr-xr-x. 2 chrony chrony 6 Feb 5 2014 chrony
-rw-r--r--. 1 root root 2534 Apr 10 03:08 cloud-init.log
-rw-r--r--. 1 root root 27149 Apr 22 07:01 cron
-rw-r--r--. 1 root root 24134 Apr 12 03:22 cron-20150412
-rw-r--r--. 1 root root 99515 Apr 20 03:43 cron-20150420
-rw-r--r--. 1 root root 32598 Apr 10 03:08 dmesg
-rw-------. 1 root root 2003 Apr 21 07:27 grubby
drwx------. 2 root root 4096 Apr 20 03:43 httpd
-rw-r--r--. 1 root root 292292 Apr 22 00:57 lastlog
-rw-------. 1 root root 0 Apr 20 03:43 maillog
-rw-------. 1 root root 198 Apr 10 03:08 maillog-20150412
-rw-------. 1 root root 1093 Apr 16 06:59 maillog-20150420
-rw-------. 1 root root 259933 Apr 22 07:32 messages
-rw-------. 1 root root 303675 Apr 12 03:22 messages-20150412
-rw-------. 1 root root 932940 Apr 20 03:43 messages-20150420
-rw-r-----. 1 mysql mysql 31400 Apr 22 01:30 mysqld.log
drwx------. 2 root root 6 Jan 26 2014 ppp
drwxr-xr-x. 2 root root 69 Apr 20 03:43 rhsm
-rw-------. 1 root root 313890 Apr 22 07:34 secure
-rw-------. 1 root root 584361 Apr 12 03:05 secure-20150412
-rw-------. 1 root root 1343433 Apr 20 03:35 secure-20150420
-rw-------. 1 root root 0 Apr 20 03:43 spooler
-rw-------. 1 root root 0 Feb 25 13:05 spooler-20150412
-rw-------. 1 root root 0 Apr 12 03:22 spooler-20150420
-rw-------. 1 root root 0 Feb 25 13:02 tallylog
drwxr-xr-x. 2 root root 22 Apr 10 03:08 tuned
-rw-rw-r--. 1 root utmp 9600 Apr 22 00:57 wtmp
-rw-------. 1 root root 6126 Apr 21 07:28 yum.log

Following are some important logs files in linux.

/var/log/audit/
/var/log/auth.log
/var/log/boot.log
/var/log/cron
/var/log/daemon.log
/var/log/dpkg.log
/var/log/messages
/var/log/dmesg
/var/log/kern.log
/var/log/lastlog
/var/log/maillog
/var/log/mail.log
/var/log/wtmp
/var/log/utmp
/var/log/faillog
/var/log/httpd/
/var/log/apache2
/var/log/user.log
/var/log/Xorg.x.log
/var/log/alternatives.log
/var/log/btmp
/var/log/cups
/var/log/anaconda.log
/var/log/yum.log
/var/log/lighttpd/
/var/log/conman/
/var/log/mail/
/var/log/prelink/
/var/log/sa/
/var/log/secure
/var/log/sssd
/var/log/samba/
/var/log/vsftpd/

Logwatch

To watch the run time logs execute the logwatch command:

# logwatch /path/of/log/file

Real Time Logs

To get all newly added lines from a log file in real time on the shell, use the command:

# tail -f /var/log/mail.log
# tail -f /var/log/vsftpd.log
1 reply

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *