Log files contain messages about the system, including the kernel, services, and applications. If you are a seasoned Linux user, its easy to understand their importance. However, for those who are new, this is where you can find them /var/log. Try it right now:
# cd /var/logs
and then ls
See all those files? those are where system messages, warning, critical and updates are kept. When troubleshooting, the log files are the best place to start… whether its a kernel issue, or unauthorized access to a system. This post is more about where log files are located and the common commands used to view the contents of a log file.
Common Commands use to view contents or break contents into smaller chunks.
less and more, are very similar programs used to filter the content of a file in Linux. These to commands display files in smaller more manageable chunks. One of the biggest differences being that less does not have to read the input file before displaying it. So when viewing larger files its best. More on the other hand does view the input file before displaying it. It also comes with more options than less does, check out the man page for either of them. The commands will look like this:
# less -f [filename]
# more -f [filename]
The cat command, will display all the contents of a file. Everything will be displayed on the page. Unlike the Less or More commands that actually display files in smaller pieces.
# cat [filename]
The head command will allow you to view the top ten lines of a file
# head [filename]
The tail command will allow you to view the last ten lines of a file.
# tail [filename]
The grep command is used to search files for the occurrence of a string of characters that matches a specified pattern.
# ip addr | grep hardware
Common log files and their locations.
/var/log/messages : General message and system related things
/var/log/kern.log : Kernel logs
/var/log/cron.log : Crond logs or cron job
/var/log/maillog : Mail server logs
/var/log/qmail/ : Qmail log directory ( be aware there are more files inside this directory)
/var/log/httpd/ : Apache access and error logs directory
/var/log/lighttpd/ : Lighttpd access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log : MySQL database server log file
/var/log/secure or /var/log/auth.log : Authentication log
/var/log/auth.log : Authentication logs
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log : Yum command log file.
/var/log/lastlog : Displays the recent login information for all the users
/var/log/daemon.log : Contains information logged by the various background daemons that runs on the system
/var/log/dpkg.log : Contains information that are logged when a package is installed or removed using dpkg command
/var/log/faillog : Contains user failed login attempts
/var/log/anaconda.log : When you install Linux, all installation related messages are stored in this log file
/var/log/cups : All printer and printing related log messages