Introduction to Linux log files

Before starting with this tutorial, it is recommended that you log into your Linux and follow this tutorial looking directly at the files, as this is the best way to learn and remember the topic.

Learn about log files, when your system is running smoothly, how this understanding of log files can help you successfully diagnose and fix any problems that may arise later.

Finally, ‘Linux log files’ is a fairly broad topic and is unlikely to be fully covered in a single article. This article can probably only serve as a general guide. Every application installed on the system has its own logging mechanism. Whenever you need specific information about an application, the application documentation is the best place to look for it.

Common log files

As a general standard on almost every Linux system, the log files are located in the directory /var/log… Any other applications that you can later install on your system are likely to drop their log files here. After logging into your system, type the command

ls -l /var/log

to view the contents of this directory.

/var/log/messages – Most of the general system messages are logged here, including messages during system startup./var/log/cron – Messages from the cron daemon are logged here. Tasks are created and stopped, and error messages are reported./var/log/maillog или /var/log/mail.log – Registration of information of the mail server running on the server./var/log/wtmp – Contains a history of all entrances and exits./var/log/btmp – Records of unsuccessful login attempts./var/run/utmp – Logging of the present entry into the state of each user./var/log/dmesg – Contains very important messages about the ring buffer core. In human terms, this means that when the core unwinds, it writes all the information here. Command dmesg can be used to view the messages of this file./var/log/secure – Security related messages will be stored here. This includes messages from the SSH daemon, bad password entry, non-existent users, etc./var/log/mariadb – If MariaDB is installed on the system then this is where it will drop logs by default/var/log/mysql– If the MySQL database is installed, this is the default data recording directory.

Viewing and managing log files

Linux daemon initial registration process rsyslogd and its configuration is in /etc/rsyslog.conf

For all plaintext log files, the logs can be viewed using the command cat… However, if the log file is very large, then you might want to use the command tailwhich can only show the last part of the log.

To view the last 500 records of a file, enter the following command:

tail -n 500 /var/log/messages

To monitor logs in real time tail -f also a very useful command that will keep track of messages as they entered. This is especially useful when troubleshooting mail flows and mail delivery errors.

tail -f /var/log/maillog

Some Linux logs are like binaries that need to be parsed by another application, specially adapted to view these logs. These logs are saved in /var/log/wtmp/var/log/btmp and /var/run/utmp

To view content /var/log/wtmp used: last
To view content /var/log/btmp используется: lastb
To view content /var/run/utmp используется: who

Cpanel specific log files

Apache log files:

/usr/local/apache/logs/– General Apache logs./usr/local/apache/domlogs/– Domain specific logs.

Exim log files:


Cpanel log files:

/usr/local/cpanel/logs/ – All cPanel related posts in this location.

DirectAdmin Specific Log Files

DirectAdmin Log Files

/var/log/directadmin/ – DirectAdmin related logs.

Apache log files

/var/log/httpd/– Apache web server entered the standard directory./var/log/httpd/domains/– For all other domains, the logs are in this subdirectory.

FTP log files

/var/log/proftpd/– If using ProFTPd./var/log/pureftpd.log – If PureFTPd is used.

Exim log files

/var/log/exim/ – Exim mail forwarding agent logs in this directory.

MySQL log files

/var/lib/mysql/ – This is a directory logging for errors related to MySQL databases.

CentOS log files

/var/log/yum.log – Logging package manager Yum./var/log/httpd – On / RedHat CentOS based systems, this is where the Apache web server will store logs by default.

Ubuntu log files

/var/log/apache2/ – On Ubuntu systems, Apache web server logs are stored in this directory./var/log/apt/ – Logs from package management in Ubuntu.

Arch Linux log files

/var/log/pacman – Pacman package manager is included on Arch Linux distributions.