Solutons Lounge

The Linux log files you should know and how to use them


Michelle Ding (Unsplash)/ZDNET

Log files. They’re there for a reason — to keep track of what goes on behind the velvet curtain of your operating system. When things go wrong, entries are added to those log files, so you can view them and troubleshoot what’s happening. Even when something goes right, valuable information might be tacked onto the end of that log file, which can also be useful.

The thing is, Linux keeps a lot of log files. Some are useful to users, while others might not be so helpful. Many apps also install their own log files, so you can troubleshoot a single app.

Also: The first 5 Linux commands every new user should learn

But which log files should you pay attention to, and what are they for? Let’s dive in and unpack this.

Types of logs

First, let’s consider the four types of log files found on any given Linux system:

  • System Logs: These are log files that contain kernel messages, boot logs, and general system activity.
  • Application Logs: These logs are generated by specific applications and are often found in a subdirectory of the main log location.
  • Service Logs: These are logs generated by system services, daemons, and background processes and are also stored in subdirectories of the main location.
  • User Logs: These logs are related to user activities, such as login/logout records and command histories, and are also stored in subdirectories of the main location.

As for the primary log location, you’ll find it in /var/log/.

And now, the logs.

syslog

This log file saves general messages and information about your system. This file retains all activity across the system, which means it can be fairly dense and challenging to read. Because of that, I often use the grep command to search for specific keywords. For example, I might need to troubleshoot the CUPS printer server, so I could issue the command grep cups /var/log/syslog and see only those entries that include the word “cups.” Syslog also saves all cron-related events, which are automated jobs that happen in the background.

Also: 5 Linux commands you need to know to troubleshoot problems

The syslog file is found in two different places, depending on your distribution. In Ubuntu-based distributions, that file is /var/log/syslog. In Fedora-based distributions, that file is /var/log/messages.

boot.log

The boot.log file saves startup messages and boot information. If you need to troubleshoot anything related to your OS bootup, this is where you’ll look. Keep in mind that this log file requires admin permissions to view, so you’ll need to use sudo, like this:

sudo less /var/log/boot.log

Unless there’s an issue, you’ll find that file is often empty.

faillog

The faillog log file keeps track of all failed login attempts. The only caveat to this log is that it cannot be viewed with the usual commands (such as cat or less). Instead, you’ll use the faillog command like so:

Faillog can also lock user accounts. For example, you want to lock the user account olivia for sixty minutes. To do that, you’d issue the command:

sudo faillog -l 60 olivia

Faillog has a few other tricks up its sleeve, so make sure to read the man page with man faillog.

auth.log/secure

The auth.log and secure log files keep track of all authentication attempts (successful or failed) on your system. In these log files, you’ll likely find a large number of entries for the root user; that’s because auth.log and secure also track system logins, such as those for daemons and cron jobs, as well as jobs run with sudo. This is a great place to check for unauthorized access to your system or to determine if the root user is being used for malicious purposes.

Also: Why I use the Linux tree command daily

On Ubuntu-based systems, the file is /var/log/auth.log, and on Fedora-based systems, the file is /var/log/secure.

apt history

If you ever need to view the history of the apt package manager, you’ll find it in /var/log/apt/history.log. This file keeps a log of every action that occurs with the apt command (such as installations, updates, removals, etc). These entries will list what applications were installed, updated, or removed, who used the command, and when it was used.

dnf history

If you use a Fedora-based distribution and want to check on what has been done via the dnf package manager, that file is /var/log/dnf.log and contains similar information to the Ubuntu-based /var/log/apt/history.log file.

Also: Do you need antivirus on Linux?

Within the /var/log directory, you’ll also find sub-directories for various apps and services that are installed on the system, such as Apache, MySQL, Openvpn, Samba, CUPS, and more. And remember, there are several ways to view these log files, such as with cat, less, and tail.



Source link

Exit mobile version