Linux log files explained. Learn how to check log files in Unix Systems; command to check log file in Linux Ubuntu. Log files are files that contain messages about the system, including the kernel, services, and applications running on it. There are different log files for different information.
Log files are very helpful when trying to troubleshoot a problem with the system such. For example, it can help when a user is trying to load a kernel driver or when looking for unauthorized log in attempts to the system. Logfile records events that occur in an operating system or other software runs, or messages between different users of a communication software. It is like a mirror that shows each and every activity of the system. Also note that some log files are controlled by a daemon called syslogd. A list of log messages maintained by syslogd can be found in the /etc/syslog.conf configuration file.
Some of the most common logfiles are:
- Authorization Log
- Daemon Log
- Debug Log
- Kernel Log
- Kernel Rig Buffer
- System Log
- Apache HTTP Server Logs
- CUPS Print System Logs
- Rootkit Hunter Log
- Samba SMB Server Logs
- X11 Server Log
There are also few non-human-readable Logs such as Login Failures Log, Last Logins Log and Login Records Log.
The system log typically contains the greatest deal of information by default about your Ubuntu system. It is located at /var/log/syslog, and may contain information other logs do not. Consult the System Log when you can’t locate the desired log information in another log. It also contains everything that used to be in /var/log/messages.
The debug log at /var/log/debug and provides detailed debug messages from the Ubuntu system and applications which log to syslogd at the DEBUG level.
The kernel log at /var/log/kern.log provides a detailed log of messages from the Ubuntu Linux kernel. These messages may prove useful for trouble-shooting a new or custom-built kernel, for example.
Viewing Log Files
Most log files are located in the /var/log/ directory. Some applications such as httpd and samba have a directory within /var/log/ for their log files. Most log files are in plain text format. You can view them with any text editor such as Vi or Emacs. Some log files are readable by all users on the system; however, root privileges are required to read most log files.
The easiest way to view logfiles are using comamndline terminal command or using GUI systemlog viewer.
Open Terminal and run the following commands:
Find system log app from Ubuntu Dash. Click on it to view System Log.
Notice the multiple files in the log file directory with numbers after them. These are created when the log files are rotated. Log files are rotated so their file sizes do not become too large. The logrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory. By default, it is configured to rotate every week and keep four weeks worth of previous log files.
Many logfiles are very long and it gets quite hard to view them in a go. In such situations we can use tail command. The tail command is a command-line utility for outputting the last part of files given to it via standard input. It writes results to standard output. By default tail returns the last ten lines of each file that it is given.
For example, to view the last five lines of syslog, run the command:
tail -f -n 5 /var/log/syslog