Log File in Linux

General Linux Topic

January 22, 2023 by Ashley

Log File in Linux

As a Linux administrator, you must be able to troubleshoot system issues. So, log files that are created and stored by your Linux system, bring you all the helpful information about applications and boot processes. Log File in Linux will be explained in this article, and in the end, you will know everything about View & Setup Linux Logs.

Checking the log files must be routine for a sysadmin. The log messages that have been generated by Linux, are created, stored, and recycled using a variety of configuration files, folders, programs, commands, and daemons in it. Therefore, being aware of the location of the system’s log files and how to execute relevant commands will help you expedite the troubleshooting process.

Prerequisites to View and Read Log Files in Linux

To let this tutorial works correctly, provide the options below and move on.

  • A system running Linux.
  • A non-root user with sudo privileges.

Tutorial Log File in Linux

The majority of Linux log files are located in the /var/log directory and its subdirectories and are kept in plain ASCII text files. Let’s go through this guide and learn the related commands to view Linux Logs.

Firstly, open your Terminal as a root user and run the command below to view the log files:

cd /var/log

Also, to see the logs, type:

ls

When you use the above command, you will receive all Linux log files such as kern.log and boot.log. Therefore, you can view the information you need to help your desired operating system to function properly. Keep in mind that you can just access the log files if you use root privilege. So, to access the related file, run the following command:

sudo less [log name here].log

To view a timeline of all information that is related to that operation, you can use the above command. Log files in Linux are stored in plain text to be viewed by using the standard commands below:

zcat – Displays the logfile.gz file’s whole contents.

zmore – Lookup inside a zipped file.

grep – Find all occurrences of a search term in a file or filter a log file.

tail – Output the last few lines of files.

head – View the text files’ beginnings.

As we mentioned, most of Linux log files are located in the /var/log directory. To view log file contents, you can use the below common log files which are under /var/log.

  • wtmp
  • utmp
  • dmesg
  • messages
  • maillog or mail.log
  • spooler
  • auth.log or secure

Users’ logins and logouts are recorded in the wtmp and utmp files. There are other specific commands for this, some of which you will need, and you cannot directly read the contents of these files using cat commands in the terminal.

Most Important Log File in Linux

The operations of your system could be interpreted by Logs. It will be easier to discern between the various logs if you have a solid understanding of each type of file. Directories can be grouped into one of the System Logs, Event Logs, Application Logs, or Service Logs categories.

Since most Linux log files are in the /var/log directory and subdirectory, it is possible to locate the logs in the var/log subdirectory. Let’s see what these four categories are.

1. System Logs

Linux requires systems log files in order to function. It contains the most significant amount of data about system functionality all by itself. Among the most popular log files are:

  • /var/log/boot.log
  • /var/log/auth.log
  • /var/log/httpd/
  • /var/log/debug
  • /var/log/daemon.log
  • /var/log/maillog
  • /var/log/kern.log
  • /var/log/yum.log

2. System Logging Daemon

An application that operates in the background and is essential for system functionality is known as a daemon log. These logs, which have their own category of logs, are regarded as the core of any system’s logging processes.

/etc/syslog.conf is the location for the configuration of the system login daemon. A selector and an action entry field are both present in every file. Log messages can also be forwarded by the syslogd daemon. For the purpose of debugging, this may be helpful.

3. Application Logs

Any application that is executed is recorded in application logs. Error messages, indicators of system compromise, and browser-identifying strings are examples of this. This group of log files also includes CUPS Print System logs, Rootkit Hunter log, Apache HTTP server logs, Samba SMB server logs, and X11 server log.

4. Logs that human can’t read

Not all logs are created in a format that is readable by humans. Some are created specifically for system programs to read. These documents frequently contain login information. They consist of login records, last login logs, and login failure logs. For reading Linux log files, there are programs and utilities available. Since the majority of files may be read straight from the Linux terminal, they are not required to read files.

How to Monitor System Logs

Log file in Linux could be better viewed if you use the help of a system log viewer. It is a GUI that provides a number of log management features, including a log statistics display. It is an intuitive GUI for log monitoring.

Ones that are helpful are:

  1. A live view of logs
  2. Number of lines in the log
  3. Log size
  4. Most recent log dates
  5. Modifications made to logs
  6. Filters
  7. Keyboard Shortcuts

Read and Configure Linux logs on Debian, Ubuntu, and CentOS

Log file in Linux possible to be viewed and configured on all Linux distros. You can use some mechanism to configure log files. For example, on CentOS, you can use the following command to view users currently logged onto a Linux server:

who

Likewise, remember to enter the command as a root user. However, it also includes a user’s login history. Enter the command below to display the system administrator’s login history:

last reboot

Use the following command to view information of the last login:

lastlog

How to Generate your own Log Message

To create your loge file, follow the path below:

  1. Add a log file specification in /etc/rsyslog.conf file.
  2. Restart the rsyslog daemon.
  3. Test the configuration using the logger utility.

For example, if you are running CentOS, you can add two new lines in your Linux system’s rsyslog.conf file.

vi /etc/rsyslog.conf

The Output will be something like this:

…
# New lines added for testing log message generation  
	   
local4.crit                                             /var/log/local4crit.log  
local4.=info                                            /var/log/local4info.log

As you see, all of them are coming from a facility called local4 and they have different priorities.

Now, restart the service to let the config file data reload.

/etc/init.d/rsyslog restart

Then, run the following command to create the log message:

logger -p local4.info " This is a info message from local 4"

There are two new lines under the /var/log directory

<span style="color: #3366ff;">Output</span>
…
-rw-------  1 root root      0 Jan  3 11:21 local4crit.log  
-rw-------  1 root root     72 Jan  3 11:22 local4info.log
…

Since the size of the local4info.log is non-zero, you will see the message has been recorded when you open it.

cat /var/log/local4info.log

The Output is like below:

Jan 15 10:29:02 TestLinux root: This is a info message from local 4

Rotating Log File in Linux

Managing the files when they get huge is important. Because the more information is written to log files, the more it gets bigger. Rotated files are log files that have zeroes added at the end. That indicates that the system has automatically modified the names of the log file in Linux. Log rotation is used to compact unused logs that are taking up space. The logrotate command can be used to rotate logs. System logs are compressed, rotated, and mailed using this command.

Using rotating log files helps you to not delete them since the oldest log file will be erased when a fresh log rotation is initiated after a predetermined number of backlogs have been generated.

Systems that generate a lot of log files are handled by logrotate. The command reads the /etc/logrotate.conf logrotate configuration file and is utilized by the cron scheduler. Files in the logrotate configuration directory can also be read using it.

Run the following command to include additional functionality to logrotate:

var/log/log name here].log {
Missingok
Notifempty
Compress
Size 20k
Daily
Create 0600 root root
}

In this way, the log file will be compressed and resized.

Conclusion

In this article, you learned all about Log File in Linux. This content helps you to support your production systems by teaching you all about the location of the log files and their configuration settings. The commands in this tutorial work on CentOS, Ubuntu, and Debian.

You are recommended to simplify troubleshooting a Linux system by learning how to View and Setup Linux Logs. If you encounter any problems, please do not hesitate to contact us. Our technical support team will try their best to solve your problems.

Helpful

​ ​ ​ ​

About the Author Ashley

Leave a Reply

Your email address will not be published. Required fields are marked *