X
    Categories: Guides

An introduction to Linux log files

Before you start with this guide it is recommended that you login to your VPS and follow this guide while looking at the files in there, as that is the best way to learn and memorize the things.

Learn about the log files when your system is running smoothly as understanding the log files will help you to successfully troubleshoot and fix any problems that might occur later on.

Finally, ‘Linux log files’ is a pretty extensive topic and it is unlikely to be fully covered in just one article. This article can probably serve just as a general guideline. Each application installed on the system has its own logging mechanism so whenever you need application specific information then the application documentation is the best place to look for it.

General log files

As a general standard in almost every Linux system, the log files are located in the /var/log directory. Any other applications that you may later install on your system will probably throw their log messages here. Once you log on your system issue the ls -l /var/log command to view the contents of this directory.

/var/log/messages – Most of the general system messages are logged here including the messages during the system startup.
/var/log/cron – The cron daemon messages are logged here. Started and stoped jobs as well as failure messages.
/var/log/maillog or /var/log/mail.log – Log information from the mail server running on the server.
/var/log/wtmp – Contains all login and logout history.
/var/log/btmp – Records failed login attempts.
/var/run/utmp – Logs the present login state of each user.
/var/log/dmesg – This contains very important messages about the kernel ring buffer. In human terms this means that when the kernel spins up it logs all of the information here. The command dmesg can be used to view the messages of this file.
/var/log/secure – Security related messages will be stored here. This includes messages from the SSH daemon, failed passwords, nonexistent users etc.
/var/log/mariadb – If MariaDB is installed on the system then this is the location where it will throw the logs by default
/var/log/mysql – If the MySQL database is installed this is the default logging directory.

 

Viewing and controlling log files

The primary logging Linux daemon is the rsyslogd process and its configuration is located /etc/rsyslog.conf.

For all of the plain-text log files, the logs can be viewed with the cat command. However, if the log file is very big then you might wish to use the tail command which can show only the last part of the log.

tail -n 500 /var/log/messages – to view the last 500 entries of the file.

To monitor the logs in real time tail -f is also a very useful command which will monitor the messages as they are logged. This is particularly useful when troubleshooting mail flows and mail delivery errors.
tail -f /var/log/maillog

Some Linux logs are like binary files which need to be parsed by another application specifically tailored for viewing these logs. These logs are stored in /var/log/wtmp /var/log/btmp and /var/run/utmp.

To view the contents of /var/log/wtmp use: last
To view the contents of /var/log/btmp use: lastb
To view the contents of /var/run/utmp use: who

 

cPanel specific log files

Apache log files:

/usr/local/apache/logs/ – General Apache logs.
/usr/local/apache/domlogs/ – Domain specific logs.

Exim log files:

/var/log/exim_mainlog
/var/log/exim_rejectlog

cPanel log files:

/usr/local/cpanel/logs/ – All of the cPanel related messages are in this location.

 

DirectAdmin specific log files

DirectAdmin log files

/var/log/directadmin/ – DirectAdmin related logs.

Apache log files

/var/log/httpd/ – The Apache web-server are logged into the standard directory.
/var/log/httpd/domains/ – For all of the other domains the logs are in this sub-directory.

FTP log files

/var/log/proftpd/ – If ProFTPd is used.
/var/log/pureftpd.log – If PureFTPd is used.

Exim log files

/var/log/exim/ – Exim mail transfer agent logs are in this directory.

MySQL log files

/var/lib/mysql/server.hostname.com.err – This is the logging directory for errors related to the MySQL databases.

 

CentOS specific log files

/var/log/yum.log – Logs from the Yum package manager.
/var/log/httpd – On CentOS/RedHat based systems this is where the Apache web-server will store the logs by default.

 

Ubuntu specific log files

/var/log/apache2/ – On the Ubuntu systems the Apache web-server logs are stored in this directory.
/var/log/apt/ – Logs from the Ubuntu’s package management.

 

Arch Linux specific log files

/var/log/pacman – Pacman package manager logs on the Arch Linux distros.

 


If you have any questions feel free to comment below or sign up for our hosting services and contact our EPIC Support Team. They are available 24/7 and they will take care of your request immediately.

PS. If you liked this post please share it with your friends on the social networks using the sharing buttons or simply leave a reply below. Thanks.