...
Analyzing logs and monitoring system activities can help in identifying issues and tracking system performance.
dmesg # allows reviewing messages stored in the Linux ring buffer, providing insights into hardware errors and startup issues. How To Use dmesg
Linux log files are stored in plain-text and can be found in the /var/log directory
Essential Linux Log Files:
/var/log/syslog or /var/log/messages - stores all activity data across the global system. Activity for Redhat-based systems, such as CentOS or Rhel, are stored in messages, while Ubuntu and other Debian-based systems are stored in Syslog.
/var/log/auth.log or /var/log/secure - Stores authentication logs, including both successful and failed logins and authentication methods. Debian/Ubuntu information is stored in /var/log/auth.log, while Redhat/CentrOS is stored in /var/log/secure.
/var/log/apt directory on Debian-based systems, we can find the logs for the apt package manager, directory contains several log files that provide important information about apt-related activities on the system.
/var/log/yum.log - Red Hat-based systems store the yum and dnf package manager logs, file provides information about the results of a specific command, such as any errors or warnings that were generated. For example, if a package update fails,
/var/log/dmesg
dmesg # allows reviewing messages stored in the Linux ring buffer, providing insights into hardware errors and startup issues. How To Use dmesg
Code Block | ||||
---|---|---|---|---|
| ||||
dmesg -T
[Wed May 29 14:46:00 2024] Run /init as init process
[Wed May 29 14:46:00 2024] with arguments:
[Wed May 29 14:46:00 2024] /init
[Wed May 29 14:46:00 2024] with environment:
| ||||
Code Block | ||||
| ||||
dmesg -T [Wed May 29 14:46:00 2024] Run /init as init processHOME=/ [Wed May 29 14:46:00 2024] with arguments:TERM=linux [Wed May 29 14:46:00 2024] /initBOOT_IMAGE=/boot/vmlinuz-5.15.0-97-generic [Wed May 29 14:46:00 2024] with environment: biosdevname=0 [Wed May 29 14:46:00 2024] HOME=/netcfg/do_not_use_netplan=true [Wed May 29 14:46:00 2024] piix4_smbus 0000:00:01.3: SMBus TERM=linuxHost Controller at 0x700, revision 0 [Wed May 29 14:46:00 2024] BOOT_IMAGE=/boot/vmlinuz-5.15.0-97-genericscsi host2: Virtio SCSI HBA [Wed May 29 14:46:00 2024] scsi 2:0:0:0: biosdevname=0Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [Wed May 29 14:46:00 2024] input: VirtualPS/2 VMware VMMouse netcfg/do_not_use_netplan=trueas /devices/platform/i8042/serio1/input/input4 [Wed May 29 14:46:00 2024] piix4_smbus 0000:00:01.3input: SMBusVirtualPS/2 HostVMware ControllerVMMouse at 0x700, revision 0as /devices/platform/i8042/serio1/input/input3 [Wed May 29 14:46:00 2024] scsi host2: Virtio SCSI HBA [Wed May 29 14:46:00 2024] scsi 2:0:0:0: Direct-Access QEMU QEMU HARDDISK 2.5+ PQ: 0 ANSI: 5 [Wed May 29 14:46:00 2024] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input4 [Wed May 29 14:46:00 2024] input: VirtualPS/2 VMware VMMouse as /devices/platform/i8042/serio1/input/input3 [Wed May 29 14:46:00 2024] cryptd: max_cpu_qlen set to 1000 |
...
cryptd: max_cpu_qlen set to 1000 |
journalctl # Views systemd logs and allows filtering Linux system logs to extract relevant information for monitoring and troubleshooting. How To Use journalctl
Code Block | ||||
---|---|---|---|---|
| ||||
journalctl
-- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:06:19 UTC. --
Jun 18 10:55:23 hostname kernel: Linux version 5.4.0-74-generic (buildd@lcy01-amd64-013) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Thu May 6 10:34:06 UTC 2021 (Ubuntu 5.4.0-74.83-generic 5.4.101)
Jun 18 10:55:23 hostname kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-74-generic root=UUID=5d7f5dcd-1234-5678-9abc-def012345678 ro quiet splash vt.handoff=7
... |
journalctl -u service_name # Views Logs for a Specific Service
Code Block | ||||
---|---|---|---|---|
| ||||
journalctl -u apache2 -- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:06:19 UTC. --18 12:05:19 UTC. -- Jun 18 11:56:19 hostname systemd[1]: Starting The Apache HTTP Server... Jun 18 1011:5556:2319 hostname kernel: Linux version 5.4.0-74-generic (buildd@lcy01-amd64-013) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Thu May 6 10:34:06 UTC 2021 (Ubuntu 5.4.0-74.83-generic 5.4.101) Jun 18 10:55:23 hostname kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-74-generic root=UUID=5d7f5dcd-1234-5678-9abc-def012345678 ro quiet splash vt.handoff=7 ... |
journalctl -u service_name # Views Logs for a Specific Service
apache2[1342]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Jun 18 11:56:19 hostname systemd[1]: Started The Apache HTTP Server. |
tail /var/log/syslog # Shows the last part of the logs, where problems usually lie.
Code Block | ||||
---|---|---|---|---|
| ||||
tail /var/log/syslog
Jun 18 16:25:01 user CRON[777810]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
Jun 18 16:27:02 user dbus-daemon[756]: [system] Activating service name='org.kde.powerdevil.backlighthelper' requested by ':1.49' (uid=1000 pid=1527 comm="/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdev" label="unconfined") (using servicehelper)
Jun 18 16:27:02 user dbus-daemon[756]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
Jun 18 16:29:08 user dbus-daemon[756]: [system] Activating service name='org.kde.powerdevil.backlighthelper' requested by ':1.49' (uid=1000 pid=1527 comm="/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdev" label="unconfined") (using servicehelper)
Jun 18 16:29:08 user dbus-daemon[756]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
| ||||
Code Block | ||||
| ||||
journalctl -u apache2
-- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:05:19 UTC. --
Jun 18 11:56:19 hostname systemd[1]: Starting The Apache HTTP Server...
Jun 18 11:56:19 hostname apache2[1342]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Jun 18 11:56:19 hostname systemd[1]: Started The Apache HTTP Server. |
CSS Stylesheet |
---|
.home-banner { background: #459df0; color: #fff; font-size: 20px; padding: 20px; } .home-banner h2 { color: #fff; } .title-box { border: 1px none #459df0; padding: 10px; } .title-box > h2 { background: #459df0; bottom: 10px; color: #fff; margin-left: -10px; margin-right: -10px; padding: 2px 10px; position: relative; } |
...