Everything from a kernel event to user actions is recorded (mostly in a plain ASCII text file) by Linux operating system which is known as system logging. The log files in a Linux system are stored in /var/log
directory.
The information in these log files can be very helpful in monitoring and troubleshooting system issues. The events that get logged by an operating system include system errors, warnings, hardware changes, abnormal shutdowns, etc.
A system log can be used in –
- Detecting and solving a system issue
- Warnings in system logs can be used to predict the system issues
- It can help in better resource usage and reduced production infrastructure cost
- It can be used for security auditing
What is Syslog?
Syslog is standard for creating, capturing, storing, and analyzing logs on a system. It is similar to journald
but it has the advantage that the logs are generally saved in a plain text file which can be easily manipulated by using tools like cat, grep, head, tail, etc.
The term Syslog can be used for the following things –
- Syslog daemon – Syslog daemon creates sockets, listens for events, and writes them to a specific location on a system the
rsyslogd
andsyslog-ng
are two different implementations of Syslog daemon for a Linux or UNIX system. - Syslog protocol – Over a network Syslog uses a client-server architecture, the Syslog protocol which is a TCP defines how to create and transmit logs over a network.
- Syslog message format – This refers to the syntax of the Syslog message which is defined by the standard RFC5424
How to view logs on a Linux system
All the log files on Linux are stored in the /var/log
directory. This includes system logs, application logs, user action logs, etc.
To view logs on a Linux system first move to the /var/logs
directory by using –
cd /var/log
Next, use the given command to list all the log files –
ls
This will display the output as given in the image below.
You can view all the information of a log file by using any text utility, for example –
sudo less kern.log
This will display output as given in the image below.
If a log file is in compressed form i.e. with .gz
extension then you can use zcat
or zmore
commands –
For example –
zmore syslog.2.gz
You can find specific text by using grep
in log files and zgrep
in compressed log files.
Some important system log files
The system log files show important information about system functionality and its performance. Some of the important system log files are –
/var/log/boot.log
– This includes all the information related to the booting operation of the system/var/log/auth.log
– This includes all the information of system login i.e. failed and successful attempts/var//log/kern.log
– This log file stores kernel events, errors, and warning logs/var/log/cron
– This stores information on the scheduling of tasks i.e. cron jobs/var/log/gpu-manager.log
– This includes the information of events, errors, and warning logs of a system GPU manager.
Conclusion
So we hope now you have a basic understanding of logging on to a Linux system. Now if you have a query then write us in the comments below.