This post contains the Linux common log file locations and what they log.
Table of Contents
Linux Common Log File Locations
Authentication info – auth.log
Boot info – boot.log
Scheduled cron tasks – crond
Daemon specific alerts like, dhcpd, gnome-session, ntfs-3g – daemon.log
Kernal specific messages – dmesg
Errors log – errors.log
Miscellaneous catch-all log – everything.log
Apache access and error logs – httpd
Mail server logs – mail.log
General system alerts – messages.log
MySQL database log – mysqld.log
Security log – secure
Log system – syslog.log
FTP server, vsftpd – vsftpd.log
X log – Xorg.0.log
Linux Common Log File Commands
First we’ll start off with my favorite log file command, grep. This command allows you to search log files containing a specified word.
grep "word"
Change directory – cd
View a log file – less
View first 10 lines of log file – head
View last 10 lines of log file – tail
Editing log files with basic editor – nano
Update: Importance of Syslog
Since the natty update of Ubuntu (v11 I beleive), the general system alerts (messages.log) were deemed redundant and rolled into the log system (syslog).
- Syslog contains all the messages except auth type so for a complete look, you’ll need to view both
/var/log/syslog
and/var/log/auth.log
. - These messages are only generic non-critical messages (
info
,notice
andwarn
). - More detail can be found in
/etc/syslog.conf
. Seesyslog(3)
for more info.
Conclusion
For more information on Linux log files, head over to the Ubuntu Documentation page. Even though it’s labeled as incomplete, it’s still a great resource and is well written.
You should learn how to lookup logs manually using the locations and commands above. However, it becomes a nightmare with multiple systems or a highly active system. You may wish to use something like syslog-ng to get a handle on the logs.
So what other Linux common log file locations do you think is missing?