...
Essential Linux Log Files:
1. System logs:
/var/log/syslog or /var/log/messages - Stores all activity data across the global system. Activity for Redhat-based (CentOS or Rhel) stored in messages, while Debian-based (Ubuntu) systems are stored in syslog.
/var/log/auth.log or /var/log/secure - Stores authentication logs, including both successful and failed logins and authentication methods. Debian/Ubuntu information is stored in /var/log/auth.log, while Redhat/CentrOS is stored in /var/log/secure.
/var/log/dmesg
dmesg allows reviewing messages stored in the Linux ring buffer, providing insights into hardware errors and startup issues. How To Use dmesg
dmesg
dmesg allows reviewing messages stored in the Linux ring buffer, providing insights into hardware errors and startup issues. How To Use dmesg
Code Block | ||||
---|---|---|---|---|
| ||||
dmesg -T
[Wed May 29 14:46:00 2024] Run /init as init process
[Wed May 29 14:46:00 2024] with arguments:
[Wed May 29 14:46:00 2024] /init
[Wed May 29 14:46:00 2024] with environment:
[Wed May 29 14:46:00 2024] HOME=/
[Wed May 29 14:46:00 2024] TERM=linux
[Wed May 29 14:46:00 2024] BOOT_IMAGE=/boot/vmlinuz-5.15.0-97-generic
[Wed May 29 14:46:00 2024] biosdevname=0
[Wed May 29 14:46:00 2024] netcfg/do_not_use_netplan=true
[Wed May 29 14:46:00 2024] piix4_smbus 0000:00:01.3: SMBus Host Controller at 0x700, revision 0
|
journalctl # Views systemd logs and allows filtering Linux system logs to extract relevant information for monitoring and troubleshooting. How To Use journalctl
2. Service Logs
/var/log/auth.log or /var/log/secure - Stores authentication logs, including both successful and failed logins and authentication methods. Debian/Ubuntu information is stored in /var/log/auth.log, while Redhat/CentrOS is stored in /var/log/secure.
/var/log/daemon.log - Tracks services running in the background that perform important tasks, but has no graphical output
3. Application Logs (examples)
/var/log/apache2/ - Apache HTTP server logs (access, error).
/var/log/mysql/ - MySQL database server logs.
/var/log/apt directory - contains several log files that provide important information about apt-related activities on Debian-based systems.
/var/log/yum.log - Red Hat-based systems store the yum and dnf package manager logs, file provides information about the results of a specific command, such as any errors or warnings that were generated. For example, if a package update fails.
journalctl # Views systemd logs and allows filtering Linux system logs to extract relevant information for monitoring and troubleshooting. How To Use journalctl
Code Block | ||||
---|---|---|---|---|
| ||||
journalctl
-- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:06:19 UTC. -- | ||||
Code Block | ||||
| ||||
journalctl -- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:06:19 UTC. -- Jun 18 10:55:23 hostname kernel: Linux version 5.4.0-74-generic (buildd@lcy01-amd64-013) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Thu May 6 10:34:06 UTC 2021 (Ubuntu 5.4.0-74.83-generic 5.4.101) Jun 18 10:55:23 hostname kernel: CommandLinux line: BOOT_IMAGE=/boot/vmlinuz-5.4.version 5.4.0-74-generic root=UUID=5d7f5dcd-1234-5678-9abc-def012345678 ro quiet splash vt.handoff=7 ... |
journalctl -u service_name # Views Logs for a Specific Service
(buildd@lcy01-amd64-013) (gcc version 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)) #83-Ubuntu SMP Thu May 6 10:34:06 UTC 2021 (Ubuntu 5.4.0-74.83-generic 5.4.101)
Jun 18 10:55:23 hostname kernel: Command line: BOOT_IMAGE=/boot/vmlinuz-5.4.0-74-generic root=UUID=5d7f5dcd-1234-5678-9abc-def012345678 ro quiet splash vt.handoff=7
... |
journalctl -u service_name # Views Logs for a Specific Service
Code Block | ||||
---|---|---|---|---|
| ||||
journalctl -u apache2
-- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:05:19 UTC. -- | ||||
Code Block | ||||
| ||||
journalctl -u apache2 -- Logs begin at Tue 2024-06-18 10:55:23 UTC, end at Tue 2024-06-18 12:05:19 UTC. -- Jun 18 11:56:19 hostname systemd[1]: Starting The Apache HTTP Server... Jun 18 11:56:19 hostname apache2[1342]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message Jun 18 11:56:19 hostname systemd[1]: StartedStarting The Apache HTTP Server. |
tail /var/log/syslog # Shows the last part of the logs, where problems usually lie.
..
Jun 18 11:56:19 hostname apache2[1342]: AH00558: apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.1.1. Set the 'ServerName' directive globally to suppress this message
Jun 18 11:56:19 hostname systemd[1]: Started The Apache HTTP Server. |
tail /var/log/syslog # Shows the last part of the logs, where problems usually lie.
Code Block | ||||
---|---|---|---|---|
| ||||
tail /var/log/syslog
| ||||
Code Block | ||||
| ||||
tail /var/log/syslog Jun 18 16:25:01 user CRON[777810]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Jun 18 16:27:02 user dbus-daemon[756]: [system] Activating service name='org.kde.powerdevil.backlighthelper' requested by ':1.49' (uid=1000 pid=1527 comm="/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdev" label="unconfined") (using servicehelper) Jun 18 16:2725:0201 user dbus-daemonCRON[756777810]: [system] Successfully activated service (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1) Jun 18 16:27:02 user dbus-daemon[756]: [system] Activating service name='org.kde.powerdevil.backlighthelper' |
/var/log/apt directory - contains several log files that provide important information about apt-related activities on Debian-based systems.
...
requested by ':1.49' (uid=1000 pid=1527 comm="/usr/lib/x86_64-linux-gnu/libexec/org_kde_powerdev" label="unconfined") (using servicehelper)
Jun 18 16:27:02 user dbus-daemon[756]: [system] Successfully activated service 'org.kde.powerdevil.backlighthelper'
|
CSS Stylesheet |
---|
.home-banner { background: #459df0; color: #fff; font-size: 20px; padding: 20px; } .home-banner h2 { color: #fff; } .title-box { border: 1px none #459df0; padding: 10px; } .title-box > h2 { background: #459df0; bottom: 10px; color: #fff; margin-left: -10px; margin-right: -10px; padding: 2px 10px; position: relative; } |
...