Log File in Linux: Everything about View & Setup Linux Logs
As a Linux administrator, you must be able to troubleshoot system issues. So, log files that are created and stored by your Linux system, bring you all the helpful information about applications and boot processes. Log File in Linux will be explained in this article, and in the end, you will know everything about View & Setup Linux Logs.
Checking the log files must be routine for a sysadmin. The log messages that have been generated by Linux, are created, stored, and recycled using a variety of configuration files, folders, programs, commands, and daemons in it. Therefore, being aware of the location of the system’s log files and how to execute relevant commands will help you expedite the troubleshooting process.
Prerequisites to View and Read Log Files in Linux
To let this tutorial works correctly, provide the options below and move on.
- A system running Linux.
- A non-root user with
sudo
privileges.
What is Log File in Linux & why do Linux Administrators Monitor it?
For administrators to keep track of and monitor significant events regarding the server, kernel, services, and apps operating on it, Linux keeps records in log files. Linux logs are a useful tool for troubleshooting when you run into problems because they provide a timeline of events for the Linux operating system, applications, and system. An administrator needs to look over log files as soon as problems appear. Logs on a Linux server can assist in identifying problems when they occur. It is possible to locate errors, warnings, and other messages that suggest what went wrong by looking through system logs, application logs, and service logs.
Also, system logs can be used to find speed problems like memory leaks or slow disk I/O. Application log analysis can also be used to find performance problems with particular applications. Linux logs can be used to keep track of system health and find problems before they get out of hand. Administrators can spot trends and patterns in system records that might point to an impending issue.
As you noticed, you can get in-depth knowledge of server speed, security, error messages, and root causes by closely watching Linux log files. Regular log file analysis is 100% necessary if you want to handle servers proactively rather than reactively.
How to Check Linux Logs
The majority of Linux log files are located in the /var/log directory and its subdirectories and are kept in plain ASCII text files. Let’s go through this guide and learn the related commands to view Linux Logs. The data required for the operating system to operate properly is contained in Linux logs.
Open your Linux terminal and run the command below to switch to the directory and view the log files.
cd /var/log
Also, to see the logs, type:
ls
When you use the above command, you will receive all Linux log files such as kern.log and boot.log. Therefore, you can view the information you need to help your desired operating system to function properly. Keep in mind that you can just access the log files if you use root privilege. So, to access the related file, run the following command:
sudo less [log name here].log
To view a timeline of all information that is related to that operation, you can use the above command. Log files in Linux are stored in plain text to be viewed by using the standard commands below:
zcat
– Displays the logfile.gz file’s whole contents.
zmore
– Lookup inside a zipped file.
grep
– Find all occurrences of a search term in a file or filter a log file.
tail
– Output the last few lines of files.
head
– View the text files’ beginnings.
As we mentioned, most Linux log files are located in the /var/log directory. To view log file contents, you can use the below common log files which are under /var/log.
wtmp
utmp
dmesg
messages
maillog
ormail.log
spooler
auth.log
orsecure
Users’ logins and logouts are recorded in the wtmp
and utmp
files. There are other specific commands for this, some of which you will need, and you cannot directly read the contents of these files using cat commands in the terminal.
Most Important Log File in Linux
The operations of your system could be interpreted by Logs. It will be easier to discern between the various logs if you have a solid understanding of each type of file. Directories can be grouped into one of the System Logs, Event Logs, Application Logs, or Service Logs categories.
Since most Linux log files are in the /var/log directory and subdirectory, it is possible to locate the logs in the var/log subdirectory. Let’s see what these four categories are.
1. System Logs
Linux requires systems log files in order to function. It contains the most significant amount of data about system functionality all by itself. Among the most popular log files are:
/var/log/boot.log
_ The boot log stores all information related to booting operations./var/log/auth.log
_ All authentication logs, including successful and unsuccessful tries, are kept in the authentication log./var/log/httpd/
_ Apache access and error logs./var/log/mysqld.log
_ The log file of the MySQL database server./var/log/debug
_ The debug log keeps track of all debugging-related messages and is helpful for troubleshooting particular system processes./var/log/daemon.log
_ Information about events connected to operating the Linux operation can be found in the daemon log./var/log/maillog
_ Information about mail servers and email archiving is kept in the mail log./var/log/kern.log
_ Information from the Ubuntu Linux kernel is kept in the kernel file./var/log/yum.log
_ Logs of Yum command.
2. System Logging Daemon
An application that operates in the background and is essential for system functionality is known as a daemon log. These logs, which have their own category of logs, are regarded as the core of any system’s logging processes.
/etc/syslog.conf
is the location for the configuration of the system login daemon. A selector and an action entry field are both present in every file. Log messages can also be forwarded by the syslogd
daemon. For the purpose of debugging, this may be helpful.
3. Application Logs
Any application that is executed is recorded in application logs. Error messages, indicators of system compromise, and browser-identifying strings are examples of this. This group of log files also includes CUPS Print System logs, Rootkit Hunter logs, Apache HTTP server logs, Samba SMB server logs, and X11 server logs.
4. Logs that humans can’t read
Not all logs are created in a format that is readable by humans. Some are created specifically for system programs to read. These documents frequently contain login information. They consist of login records, last login logs, and login failure logs. For reading Linux log files, there are programs and utilities available. Since the majority of files may be read straight from the Linux terminal, they are not required to read files.
5. Service Logs
These logs include details about daemons and network services that are currently active on the machine. In order to monitor service activity and improve service efficiency, service logs are used.
6. Event Logs
These logs include details about system occurrences like user logins, system shutdowns, and security incidents. The use of event logs for system activity auditing, user activity monitoring, and security issue investigation. All developers must manage and monitor their logs, but which logs you choose to monitor will rely on your objectives or other factors.
How to Monitor System Logs
The Log file in Linux could be better viewed if you use the help of a system log viewer. It is a GUI that provides a number of log management features, including a log statistics display. It is an intuitive GUI for log monitoring.
Ones that are helpful are:
- A live view of logs
- Number of lines in the log
- Log size
- Most recent log dates
- Modifications made to logs
- Filters
- Keyboard Shortcuts
Read and Configure Linux logs on Debian, Ubuntu, and CentOS
The Log file in Linux is possible to be viewed and configured on all Linux distros. You can use some mechanism to configure log files. For example, on CentOS, you can use the following command to view users currently logged onto a Linux server:
who
Likewise, remember to enter the command as a root user. However, it also includes a user’s login history. Enter the command below to display the system administrator’s login history:
last reboot
Use the following command to view information of the last login:
lastlog
How to Generate your own Log Message
To create your loge file, follow the path below:
- Add a log file specification in
/etc/rsyslog.conf
file. - Restart the
rsyslog
daemon. - Test the configuration using the logger utility.
For example, if you are running CentOS, you can add two new lines in your Linux system’s rsyslog.conf
file.
vi /etc/rsyslog.conf
The Output will be something like this:
…
# New lines added for testing log message generation
local4.crit /var/log/local4crit.log
local4.=info /var/log/local4info.log
As you see, all of them are coming from a facility called local4 and they have different priorities.
Now, restart the service to let the config file data reload.
/etc/init.d/rsyslog restart
Then, run the following command to create the log message:
logger -p local4.info " This is a info message from local 4"
There are two new lines under the /var/log
directory
<span style="color: #3366ff;">Output</span>
…
-rw------- 1 root root 0 Jan 3 11:21 local4crit.log
-rw------- 1 root root 72 Jan 3 11:22 local4info.log
…
Since the size of the local4info.log
is non-zero, you will see the message has been recorded when you open it.
cat /var/log/local4info.log
The Output is like below:
Jan 15 10:29:02 TestLinux root: This is a info message from local 4
Rotating Log File in Linux
Managing the files when they get huge is important. Because the more information is written to log files, the more it gets bigger. Rotated files are log files that have zeroes added at the end. That indicates that the system has automatically modified the names of the log file in Linux. Log rotation is used to compact unused logs that are taking up space. The logrotate
command can be used to rotate logs. System logs are compressed, rotated, and mailed using this command.
Using rotating log files helps you to not delete them since the oldest log file will be erased when a fresh log rotation is initiated after a predetermined number of backlogs have been generated.
Systems that generate a lot of log files are handled by logrotate
. The command reads the /etc/logrotate.conf
logrotate configuration file and is utilized by the cron scheduler. Files in the logrotate configuration directory can also be read using it.
Run the following command to include additional functionality to logrotate:
var/log/log name here].log {
Missingok
Notifempty
Compress
Size 20k
Daily
Create 0600 root root
}
In this way, the log file will be compressed and resized.
Where is the Apache server logging information stored?
It is stored in two different log files:
- error_log
- access_log
What are the categories of log files in Linux?
- System Logs
- Event Logs
- Application Logs
- Service Logs
How to Analyze a Log File in Linux?
To conduct plain text searches, you can use a command-line utility like grep. These are typically included by default in most Linux distributions and can be used to examine log files.
Conclusion
In this article, you learned all about Log File in Linux. Linux logs are a crucial monitoring and security problem detection tool. Application logs can be used to spot suspicious behavior within particular apps, while system logs can be used to spot unauthorized access attempts. Administrators can swiftly locate and address security incidents by keeping an eye on logs.
This content helps you to support your production systems by teaching you all about the location of the log files and their configuration settings. The commands in this tutorial work on CentOS, Ubuntu, and Debian. You are recommended to simplify troubleshooting a Linux system by learning how to View and Setup Linux Logs.