System Log Files
Most log files are found in
Checking logs are critical to see if things are working correctly
- Checking logs is critical to see if things are working correctly.
- Take a look at all the log files on scratch
Kernel Ring Buffer
The kernel ring buffer is something like a log file for the kernel; however, unlike other log files, it’s stored in memory rather than in a disk file.
You can use the
dmesg command to view it. Many times it is logged to
/var/log/dmesg as well. It requires sudo privileges to read the /var/log/dmesg file, but not to run the dmesg command.
Viewing log files
There are a number of commands to view log files.
Anytime a new entry is added to a log file, it is appended to the end of the file. This is one of those times where
tail is particularly useful. Usually when we want to look at log files we want to look at the most recent entries.
When organizing our viewing command - order matters. Most of the following commands produce different results. And all are useful depending on what type of results you want. Go through the thought process and figure out what each command does. Can you figure out which three produce identical results?
cat /var/log/syslog | grep daemon
cat /var/log/syslog | grep daemon | tail -n 10
cat /var/log/syslog | tail -n 10
cat /var/log/syslog | tail -n 10 | grep daemon
less /var/log/syslog | tail -n 10 | grep daemon
head -n 10 /var/log/syslog
head -n 10 /var/log/syslog | grep daemon
tail -n 10 /var/log/syslog
tail -n 10 /var/log/syslog | grep daemon
If you add the -f option to the tail command it provides a live watch of the log file. This is helpful when trying to watch any error messages produced as you test certain functionality, such as logging in or running a specific program.
ctrl-cto cancel the
Note that log files show info for all users and processes. If you are looking for something specific you may want refine your results with
The log files
- holds general purpose log files for many daemons and logs for processes that don’t have their own log files. It contains General Message and system related stuff.
- If you are doing general troubleshooting start here first.
- (after installing a package like Apache web server, you would look in /var/log/apache2 to diagnose issues related to it.
- There are other log files that are important to troubleshoot other issues.
Log files are frequently rotated or archived to keep the log files from getting too big and time-conuming to read. Meaning that the oldest log file is deleted, the latest log file is renamed with a date or number, and a new log file is created. For instance, if it’s rotated on December 1, 2012, /var/log/messages will become /var/log/messages-20121201, /var/log/messages-1.gz, or something similar, and a new /var/log/messages will be created. This practice keeps log files from growing too large.
Types of Log Files
Log Files found on Scratch
- /var/log/syslog - General message and system related stuff
- /var/log/dmesg - Kernel ring buffer log file
- /var/log/auth.log - authentication log
- /var/log/kern.log - kernel log
- /var/log/wtmp - login records file
- /var/log/dist-upgrade/ - distribution logs directory
- /var/log/dpkg.log - dpkg command log file
- /var/log/apt/ - apt command logs directory
- /var/log/fsck/ - file system check logs directory
- /var/log/upstart/ - upstart command logs directory (plug and play)
- /var/log/apache2 - apache2 access and error logs directory
Other log files not found on Scratch
- /var/log/cron.log - cron daemon log
- /var/log/boot.log - system boot log
- /var/log/messages - General message and system related stuff (CENTOS)
- /var/log/maillog - Mail server log
- /var/log/qmail/ - Qmail logs directory
- /var/log/httpd/ - Apache access and error logs directory
- /var/log/lightpd/ - Lighttpd access and error logs directory
- /var/log/mysqld.log - MySQL database server log file
- /var/log/secure - Authentication log
- /var/log/utmp - Login records file
- /var/log/yum.log - yum command log file (CENTOS)
There is no textbook reading for this section
Last Updated 12/15/2017