Learn log files on Ubuntu
Linux and the applications that run on it can generate all different types of messages, which are recorded in various log files. Linux uses a set of configuration files, directories, programs, commands and daemons to create, store and recycle these log messages.
The default location for log files in Linux is /var/log
View the list of log files in this directory
#ls -l /var/log
#Log file, you can use cat, head or tail commands to read the contents.
Here are some common log files you will find under /var/log
- wtmp
- utmp
- dmesg
- messages
- maillog or mail.log
- spooler
- auth.log or secure
The heart of the logging mechanism is the rsyslog daemon
The rsyslog Configuration File
#cat /etc/rsyslog.conf
#cat /etc/rsyslog.d/
#cat 50-default.conf
auth or authpriv: Messages coming from authorization and security related events
kern: Any message coming from the Linux kernel
mail: Messages generated by the mail subsystem
cron: Cron daemon related messages
daemon: Messages coming from daemons
news: Messages coming from network news subsystem
lpr: Printing related log messages
user: Log messages coming from user programs
local0 to local7: Reserved for local useHere is a list of priorities in ascending order
debug: Debug information from programs
info: Simple informational message - no intervention is required
notice: Condition that may require attention
warn: Warning
err: Error
crit: Critical condition
alert: Condition that needs immediate intervention
emerg: Emergency conditionViewing and monitoring log files on Ubuntu
System logs:- System logs deal with exactly that – the Ubuntu system – as opposed to extra applications added by the user.
Authorization log:- Keeps track of authorization systems, such as password prompts, the sudo command and remote logins.
Location: /var/log/auth.log
Daemon Log:- Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.
Location: /var/log/daemon.log
Debug log:- Provides debugging information from the Ubuntu system and applications.
Location: /var/log/debug
Kernel log:- Logs from the Linux kernel.
Location: /var/log/kern.log
System log:- Contains more information about your system. If you can’t find anything in the other logs, it’s probably here.
Location: /var/log/syslog
Application logs:- Some applications also create logs in /var/log.
Apache logs:- Apache creates several log files in the /var/log/apache2/ subdirectory. The access.log file records all requests made to the server to access files. error.log records all errors thrown by the server.
Location: /var/log/apache2/ (subdirectory)
X11 server logs:- The X11 server creates a seperate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log. The next display (display 1) would log to Xorg.1.log, and so on.
Location: /var/log/Xorg.0.log
Non-human-readable logs:- Not all log files are designed to be read by humans. Some were made to be parsed by applications. Below are some of examples.
Login failures log:- Contains info about login failures. You can view it with the faillog command.
Location: /var/log/faillog
Last logins log:- Contains info about last logins. You can view it with the lastlog command.
Location: /var/log/lastlog
Login records log:- Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who command.
Location: /var/log/wtmp
*Daemon means a daemon (pronounced DEE-muhn) is a program that runs continuously as a background process and wakes up to handle periodic service requests, which often come from remote processes.