This post contains the Linux common log file locations and what they log.
Linux Common Log File Locations
Authentication info – auth.log
Boot info – boot.log
Scheduled cron tasks – crond
Daemon specific alerts like, dhcpd, gnome-session, ntfs-3g – daemon.log
Kernal specific messages – dmesg
Errors log – errors.log
Miscellaneous catch-all log – everything.log
Apache access and error logs – httpd
Mail server logs – mail.log
General system alerts – messages.log
MySQL database log – mysqld.log
Security log – secure
Log system – syslog.log
FTP server, vsftpd – vsftpd.log
X log – Xorg.0.log
Linux Common Log File Commands
First we’ll start off with my favorite log file command, grep. This command allows you to search log files containing a specified word.
Change directory – cd
View a log file – less
View first 10 lines of log file – head
View last 10 lines of log file – tail
Editing log files with basic editor – nano
Update: Importance of Syslog
Since the natty update of Ubuntu (v11 I beleive), the general system alerts (messages.log) were deemed redundant and rolled into the log system (syslog).
- Syslog contains all the messages except auth type so for a complete look, you’ll need to view both
- These messages are only generic non-critical messages (
- More detail can be found in
syslog(3)for more info.
For more information on Linux log files, head over to the Ubuntu Documentation page. Even though it’s labeled as incomplete, it’s still a great resource and is well written.
You should learn how to lookup logs manually using the locations and commands above. However, it becomes a nightmare with multiple systems or a highly active system. You may wish to use something like syslog-ng to get a handle on the logs.
So what other Linux common log file locations do you think is missing?