An introduction to Linux log files
Before you start with this guide it is recommended that you login to your VPS and follow this guide while looking at the files in there, as that is the best way to learn and memorize the things.
Learn about the log files when your system is running smoothly as understanding the log files will help you to successfully troubleshoot and fix any problems that might occur later on.
Finally, ‘Linux log files’ is a pretty extensive topic and it is unlikely to be fully covered in just one article. This article can probably serve just as a general guideline. Each application installed on the system has its own logging mechanism so whenever you need application specific information then the application documentation is the best place to look for it.
General log files
As a general standard in almost every Linux system, the log files are located in the
/var/log
directory. Any other applications that you may later install on your system will probably throw their log messages here. Once you log on your system issue the ls -l /var/log
command to view the contents of this directory./var/log/messages
– Most of the general system messages are logged here including the messages during the system startup./var/log/cron
– The cron daemon messages are logged here. Started and stoped jobs as well as failure messages./var/log/maillog
or /var/log/mail.log
– Log information from the mail server running on the server./var/log/wtmp
– Contains all login and logout history./var/log/btmp
– Records failed login attempts./var/run/utmp
– Logs the present login state of each user./var/log/dmesg
– This contains very important messages about the kernel ring buffer. In human terms this means that when the kernel spins up it logs all of the information here. The command dmesg
can be used to view the messages of this file./var/log/secure
– Security related messages will be stored here. This includes messages from the SSH daemon, failed passwords, nonexistent users etc./var/log/mariadb
– If MariaDB is installed on the system then this is the location where it will throw the logs by default/var/log/mysql
– If the MySQL database is installed this is the default logging directory.Viewing and controlling log files
The primary logging Linux daemon is the
rsyslogd
process and its configuration is located /etc/rsyslog.conf
.
For all of the plain-text log files, the logs can be viewed with the
cat
command. However, if the log file is very big then you might wish to use the tail
command which can show only the last part of the log.tail -n 500 /var/log/messages
– to view the last 500 entries of the file.
To monitor the logs in real time
tail -f
is also a very useful command which will monitor the messages as they are logged. This is particularly useful when troubleshooting mail flows and mail delivery errors.tail -f /var/log/maillog
Some Linux logs are like binary files which need to be parsed by another application specifically tailored for viewing these logs. These logs are stored in
/var/log/wtmp
/var/log/btmp
and /var/run/utmp
.
To view the contents of
To view the contents of
To view the contents of
/var/log/wtmp
use: last
To view the contents of
/var/log/btmp
use: lastb
To view the contents of
/var/run/utmp
use: who
cPanel specific log files
Apache log files:
/usr/local/apache/logs/
– General Apache logs./usr/local/apache/domlogs/
– Domain specific logs.Exim log files:
/var/log/exim_mainlog
/var/log/exim_rejectlog
cPanel log files:
/usr/local/cpanel/logs/
– All of the cPanel related messages are in this location.DirectAdmin specific log files
DirectAdmin log files
/var/log/directadmin/
– DirectAdmin related logs.Apache log files
/var/log/httpd/
– The Apache web-server are logged into the standard directory./var/log/httpd/domains/
– For all of the other domains the logs are in this sub-directory.FTP log files
/var/log/proftpd/
– If ProFTPd is used./var/log/pureftpd.log
– If PureFTPd is used.Exim log files
/var/log/exim/
– Exim mail transfer agent logs are in this directory.MySQL log files
/var/lib/mysql/server.hostname.com.err
– This is the logging directory for errors related to the MySQL databases.CentOS specific log files
/var/log/yum.log
– Logs from the Yum package manager./var/log/httpd
– On CentOS/RedHat based systems this is where the Apache web-server will store the logs by default.Ubuntu specific log files
/var/log/apache2/
– On the Ubuntu systems the Apache web-server logs are stored in this directory./var/log/apt/
– Logs from the Ubuntu’s package management.Arch Linux specific log files
/var/log/pacman
– Pacman package manager logs on the Arch Linux distros.
Nguồn: https://www.rosehosting.com/blog/linux-log-files/