What is system logging? How to read log files in Linux?


Everything from a kernel event to user actions is recorded (mostly in a plain ASCII text file) by Linux operating system which is known as system logging. The log files in a Linux system are stored in /var/log directory.

The information in these log files can be very helpful in monitoring and troubleshooting system issues. The events that get logged by an operating system include system errors, warnings, hardware changes, abnormal shutdowns, etc.

A system log can be used in –

  • Detecting and solving a system issue
  • Warnings in system logs can be used to predict the system issues
  • It can help in better resource usage and reduced production infrastructure cost
  • It can be used for security auditing

What is Syslog?

Syslog is standard for creating, capturing, storing, and analyzing logs on a system. It is similar to journald but it has the advantage that the logs are generally saved in a plain text file which can be easily manipulated by using tools like cat, grep, head, tail, etc.

The term Syslog can be used for the following things –

  • Syslog daemon – Syslog daemon creates sockets, listens for events, and writes them to a specific location on a system the rsyslogd and syslog-ng are two different implementations of Syslog daemon for a Linux or UNIX system.
  • Syslog protocol – Over a network Syslog uses a client-server architecture, the Syslog protocol which is a TCP defines how to create and transmit logs over a network.
  • Syslog message format – This refers to the syntax of the Syslog message which is defined by the standard RFC5424

How to view logs on a Linux system

All the log files on Linux are stored in the /var/log directory. This includes system logs, application logs, user action logs, etc.

To view logs on a Linux system first move to the /var/logs directory by using –

cd /var/log

Next, use the given command to list all the log files –

ls

This will display the output as given in the image below.

/var/log

You can view all the information of a log file by using any text utility, for example –

sudo less kern.log

This will display output as given in the image below.

kern log

If a log file is in compressed form i.e. with .gz extension then you can use zcat or zmore commands –

For example –

zmore syslog.2.gz

You can find specific text by using grep in log files and zgrep in compressed log files.

Some important system log files

The system log files show important information about system functionality and its performance. Some of the important system log files are –

  • /var/log/boot.log – This includes all the information related to the booting operation of the system
  • /var/log/auth.log – This includes all the information of system login i.e. failed and successful attempts
  • /var//log/kern.log – This log file stores kernel events, errors, and warning logs
  • /var/log/cron – This stores information on the scheduling of tasks i.e. cron jobs
  • /var/log/gpu-manager.log– This includes the information of events, errors, and warning logs of a system GPU manager.

Conclusion

So we hope now you have a basic understanding of logging on to a Linux system. Now if you have a query then write us in the comments below.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.