An important part of System Administration is to make sure that all the infrastructure is always up & working fine and if problems do arise on the servers, then to resolve those problems. We use important Linux log files generated on our systems to identify the problems that occurred & then resolve the issues based on the findings from the logs.
In this tutorial, we are going to learn some of the logs that are created on the Linux machines & what they are used for.
(Recommended Read: Install ELK stack: Manage logs with Elasticsearch, Logstash & Kibana)
(Also Read: Analyzing APACHE logs in CLI (& GUI) using GoAccess )
Important Linux Log files Directory
Almost all the system log files can be found under /var/log/
Let's discuss these important Linux log files one by one.
/var/log/boot.log
It stores all the boot related messages & is helpful in identifying issues related to the booting of the system. So all the issues related to boot failures, unexpected or unplanned shutdown, or unplanned reboot of the system can be diagnosed using the boot.log.
/var/log/secure (RHEL/CentOS) & /var/log/auth.log (Debian/ubuntu)
Both files i.e. secure for RHEL & auth.log for Debian serves the same purpose. They are used to store all the events related to authentication. So if you are trying to locate an issue that’s related to the authorization of the users, these are log files to look out for. Both these files can be used to investigate failed login attempts either directly to the server or via ssh, also can be used for checking brute-force attempts & can these files also log all the successful login attempts.
/var/log/faillog
Logs all the failed attempts for login to the system. This is another important file that can help us track security breaches or brute force attacks.
/var/log /dmesg
If you suspect any issues created by hardware, then this should be the first file that you look for. This log file is useful to diagnose any issue created by a hardware part or a driver for the hardware.
/var/log/messages (RHRL/CentOS) & /var/log/syslog (Ubuntu/Debian)
Both these files for their respective operating systems, contain all the non-critical & informational messages. These files can be used to track non-kernel boot errors or application related issues. This should be the first file to check, in case you are facing any of the above-mentioned errors.
/var/log/daemon.log
Contains information related to various background daemons that run in the background of our system. Though required very less but can help in diagnosing issues created by daemons.
/var/log/kern.log
Kern.log logs all the kernel-related messages & contains all the information related to the kernel. Helps us troubleshoot the warnings or errors generated by the kernel, can also be used to diagnose connectivity & hardware issues.
/var/log/setroubleshoot
If you have SELinux enabled (we should keep it enabled), then this log file helps us track all the issues related to the security context of the files.
(Recommended Read: SELinux for Beginners)
/var/log/yum.log
Yum.log has all the information related to software installations on your server. You can check it to make sure that the packages are properly installed or not, or if an installed package is behaving in an unusual manner then use yum.log to diagnose the issue.
/var/log/mail.log /var/log/maillog
All the messages related to mail are stored in these files. It contains all the information for mails sent or received, failed & successful delivery reports, spamming attempts, etc. So any issue arising out of sending or receiving of emails can be diagnosed with these files.
/var/log/cron.log
This log-files lists all the messages created upon the execution of the scheduled cron job, whether they are successful messages or the error for the cron job.
These were some of the important Linux log files that you must be monitoring to make sure that the system is working properly. These are only some of the many log files, there are also individual files related to services like httpd.log or mysqld.log, that are used to diagnose problems related to those services.