Important Linux Log Files and Their Uses

Important Linux Log Files and Their Uses

The log file is a file that records either events that occur in an operating system or other software runs. In here, the Linux servers have log files which keep messages about the server, including the kernel, services, and applications running on it. And the log files are located at the /var/log directory.

Mainly there are four types of log files generated in a Linux based environment and they are:

  • Application Logs.
  • Event Logs.
  • Service Logs.
  • System Logs.

What are the uses of Linux log files

From the log files, one can observe and find the details on server performance, security, error messages, and underlying issues. Hence any issue that the server is undergoing one can get the clue by detailed view on the log files.

Hence by reviewing the log files one can solve the existing issues and can take precautions for the issues that may cause in future!

 

/var/log/messages

  • This file contains the information of generic system activity.
  • This is the log file which stores informational and non-critical system messages.
  • This files stores mainly the non-kernel boot errors, application related service errors and the messages that are logged during system startup.
  • If something goes wrong, then one should have to check this file first! Like you are facing some issues with the sound card. To check if something went wrong during the system startup process, you can have a look at the messages stored in this log file.

 

/var/log/secure

  • This file contains the information about all user authentication details.
  • This log file is mainly used to get the usage of the authorization system.
  • This file stores all security related messages including the authentication failure.
  • This file saves the sudo logins, SSH logins and other errors logged by system security service daemon.
  • This file is very useful to detect the hacking attempts.
  • Also, this file stores the information about successful logins and can be used to verify the activities of valid users.

 

/var/log/boot.log

  • This file contains the information of all bootup message details.
  • This file saves the messages of issues related to the improper shutdown, unplanned reboots or booting failures.
  • Log entries from this file are useful to detect the duration of system downtime caused by an unexpected shutdown.

 

/var/log/kern.log

  • This file contains the information logged by the kernel.
  • Entries of this file are useful for solving kernel related errors and warnings.
  • Log entries of this file are really helpful to detect the issues with the custom-built kernel and also used for debugging hardware and connectivity issues.

/var/log/faillog

  • This file contains the information of all failed login attempts.
  • Entries of this log file are used to find out any attempted security breaches involving username/password hacking and brute-force attacks.

/var/log/cron

  • This file contains the information of all cron jobs.
  • If any of your cron have issues, then related entry you can find from this file.
  • When a cron job runs, this log file records all relevant information including successful execution and error messages in case of failures.

/var/log/mail.log

  • This file contains the information of all mail server related details.
  • This file saves the entries or information about postfix, smtp, MailScanner, SpamAssassin or any other email related services running on the mail server.
  • One can track all the emails that were sent or received during a particular period.
  • One can check failed mail delivery issues from the entries of this file.
  • Details regarding any possible spamming attempts blocked by the mail server can be obtained from this file.
  • One can detect the origin of an incoming email by detailed checking the entries of this file.

/var/log/httpd/

  • This directory contains the information about the logs recorded by the Apache server.
  • This directory has two files – error_log and access_log which saves the information from Apache server.
  • The error_log contains messages related to httpd errors such as memory issues and other system related errors.
  • If something goes wrong with the Apache web server, check this log for diagnostic information.

/var/log/mysqld.log

  • This file contains the information of all mail debug, failure and success messages related to the [mysqld] and [mysqld_safe] daemon.
  • Entries of this file are used to identify problems while starting, running, or stopping mysqld.
  • One can get the details about client connections to the MySQL data directory from this file.

 

If you need any further assistance please contact our support department.

 

Leave a Reply