This post contains the Linux common log file locations and what they log.

Linux Common Log File Locations

Authentication info – auth.log

Boot info – boot.log

Scheduled cron tasks – crond

Daemon specific alerts like, dhcpd, gnome-session, ntfs-3g – daemon.log

Kernal specific messages – dmesg

Errors log – errors.log

Miscellaneous catch-all log – everything.log

Apache access and error logs – httpd

Mail server logs – mail.log

General system alerts – messages.log

MySQL database log – mysqld.log

Security log – secure

Log system – syslog.log

FTP server, vsftpd – vsftpd.log

X log – Xorg.0.log

Linux Common Log File Commands

First we’ll start off with my favorite log file command, grep. This command allows you to search log files containing a specified word.

grep "word"

Change directory – cd

View a log file Рless

View first 10 lines of log file – head

View last 10 lines of log file – tail

Editing log files with basic editor – nano

Update: Importance of Syslog

Since the natty update of Ubuntu (v11 I beleive), the general system alerts (messages.log) were deemed redundant and rolled into the log system (syslog).

  • Syslog contains all the messages except auth type so for a complete look, you’ll need to view both¬†/var/log/syslog and /var/log/auth.log.
  • These messages are only generic non-critical messages (info , notice and warn).
  • More detail can be found in /etc/syslog.conf. See syslog(3) for more info.


For more information on Linux log files, head over to the Ubuntu Documentation page. Even though it’s labeled as incomplete, it’s still a great resource and is well written.

You should learn how to lookup logs manually using the locations and commands above. However, it becomes a nightmare with multiple systems or a highly active system. You may wish to use something like syslog-ng to get a handle on the logs.

So what other Linux common log file locations do you think is missing?

Pin It on Pinterest