{"id":582,"date":"2024-09-04T08:58:26","date_gmt":"2024-09-04T05:58:26","guid":{"rendered":"https:\/\/itgen.itbumper.com\/?page_id=582"},"modified":"2024-09-09T09:57:05","modified_gmt":"2024-09-09T06:57:05","slug":"ubuntu-server-log-files-overview","status":"publish","type":"page","link":"https:\/\/itgen.itbumper.com\/?page_id=582","title":{"rendered":"0012_Linux Log Files Overview"},"content":{"rendered":"\n\n

Log files on Ubuntu Server are crucial for monitoring system activities, troubleshooting issues, and ensuring security. They store information about system events, user activities, and application behavior.<\/p>\n

Common Log Locations and Descriptions<\/h4>\n
    \n
  1. \n

    \/var\/log\/syslog<\/code><\/strong><\/p>\n

      \n
    • Description<\/strong>: The main system log file records general system events, including boot messages, service start-ups, and shutdowns.<\/li>\n<\/ul>\n<\/li>\n
    • \n

      \/var\/log\/auth.log<\/code><\/strong><\/p>\n

        \n
      • Description<\/strong>: Logs all authentication-related events, such as login attempts, sudo usage, and SSH connections.<\/li>\n<\/ul>\n<\/li>\n
      • \n

        \/var\/log\/kern.log<\/code><\/strong><\/p>\n

          \n
        • Description<\/strong>: Contains messages from the kernel, including hardware errors, device detection, and kernel panics.<\/li>\n<\/ul>\n<\/li>\n
        • \n

          \/var\/log\/dmesg<\/code><\/strong><\/p>\n

            \n
          • Description<\/strong>: Captures kernel ring buffer messages, which include boot-time hardware detection and initialization logs.<\/li>\n<\/ul>\n<\/li>\n
          • \n

            \/var\/log\/apt\/history.log<\/code><\/strong><\/p>\n

              \n
            • Description<\/strong>: Records a history of package installations, upgrades, and removals via the APT package manager.<\/li>\n<\/ul>\n<\/li>\n
            • \n

              \/var\/log\/apt\/term.log<\/code><\/strong><\/p>\n

                \n
              • Description<\/strong>: Contains detailed terminal output from package installations, including errors and warnings during APT operations.<\/li>\n<\/ul>\n<\/li>\n
              • \n

                \/var\/log\/faillog<\/code><\/strong><\/p>\n

                  \n
                • Description<\/strong>: Stores failed login attempts data, tracking how many failed attempts occurred for each user.<\/li>\n<\/ul>\n<\/li>\n
                • \n

                  \/var\/log\/boot.log<\/code><\/strong><\/p>\n

                    \n
                  • Description<\/strong>: Logs the system boot process, including messages from various services and daemons that start during boot.<\/li>\n<\/ul>\n<\/li>\n
                  • \n

                    \/var\/log\/daemon.log<\/code><\/strong><\/p>\n

                      \n
                    • Description<\/strong>: Logs messages from system daemons (background services) that run in the background, such as cron<\/code>, ntpd<\/code>, etc.<\/li>\n<\/ul>\n<\/li>\n
                    • \n

                      \/var\/log\/messages<\/code><\/strong> (if available)<\/p>\n

                        \n
                      • Description<\/strong>: Another general system log file, similar to \/var\/log\/syslog<\/code>, that, records various system events.<\/li>\n<\/ul>\n<\/li>\n
                      • \n

                        \/var\/log\/mail.log<\/code><\/strong><\/p>\n

                          \n
                        • Description<\/strong>: Log messages related to the mail system, including emails sent and received by the server.<\/li>\n<\/ul>\n<\/li>\n
                        • \n

                          \/var\/log\/ufw.log<\/code><\/strong><\/p>\n

                            \n
                          • Description<\/strong>: Logs firewall (Uncomplicated Firewall – UFW) events, including allowed and blocked connections.<\/li>\n<\/ul>\n<\/li>\n
                          • \n

                            \/var\/log\/apache2\/<\/code><\/strong> (for Apache web server)<\/p>\n

                              \n
                            • Description<\/strong>: Contains logs for the Apache web server. Key files include:\n
                                \n
                              • access.log<\/code><\/strong>: Records all requests made to the server.<\/li>\n
                              • error.log<\/code><\/strong>: Logs server errors, warnings, and other diagnostic information.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
                              • \n

                                \/var\/log\/mysql\/<\/code><\/strong> (for MySQL\/MariaDB database server)<\/p>\n

                                  \n
                                • Description<\/strong>: Contains logs for the MySQL or MariaDB database server. Key files include:\n
                                    \n
                                  • error.log<\/code><\/strong>: Logs errors encountered by the database server.<\/li>\n
                                  • slow-query.log<\/code><\/strong>: Records queries that take longer than a specified time to execute.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
                                  • \n

                                    \/var\/log\/nginx\/<\/code><\/strong> (for Nginx web server)<\/p>\n

                                      \n
                                    • Description<\/strong>: Contains logs for the Nginx web server. Key files include:\n
                                        \n
                                      • access.log<\/code><\/strong>: Records all requests made to the server.<\/li>\n
                                      • error.log<\/code><\/strong>: Logs server errors, warnings, and other diagnostic information.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
                                      • \n

                                        \/var\/log\/btmp<\/code><\/strong><\/p>\n

                                          \n
                                        • Description<\/strong>: Logs failed login attempts, similar to \/var\/log\/faillog<\/code>, but in a binary format.<\/li>\n
                                        • \u0427\u0442\u043e \u043c\u043e\u0436\u043d\u043e \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c<\/strong>: \u041d\u0435\u0443\u0434\u0430\u0447\u043d\u044b\u0435 \u043f\u043e\u043f\u044b\u0442\u043a\u0438 \u0432\u0445\u043e\u0434\u0430 \u0432 \u0441\u0438\u0441\u0442\u0435\u043c\u0443 \u0432 \u0431\u0438\u043d\u0430\u0440\u043d\u043e\u043c \u0444\u043e\u0440\u043c\u0430\u0442\u0435.<\/li>\n<\/ul>\n<\/li>\n
                                        • \n

                                          \/var\/log\/wtmp<\/code><\/strong><\/p>\n

                                            \n
                                          • Description<\/strong>: Logs successful login attempts, user logouts, and system boot\/reboots in a binary format.<\/li>\n<\/ul>\n<\/li>\n
                                          • \n

                                            \/var\/log\/cron.log<\/code><\/strong><\/p>\n

                                              \n
                                            • Description<\/strong>: Logs messages related to cron<\/code> jobs, including execution times and any errors.<\/li>\n<\/ul>\n<\/li>\n
                                            • \n

                                              \/var\/log\/journal\/<\/code><\/strong><\/p>\n

                                                \n
                                              • Description<\/strong>: Contains logs from systemd-journald<\/code>, which includes detailed system logs in a binary format.<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n

                                                1. cat<\/code><\/h3>\n
                                                  \n
                                                • Description:<\/strong> A simple utility to display the contents of files on the screen.\n

                                                  Note :<\/strong> cat<\/code> Outputs the file content without any filtering or formatting.<\/p>\n<\/li>\n<\/ul>\n

                                                  Example Usage:<\/strong><\/p>\n\n

                                                  \ncat \/var\/log\/syslog\n<\/pre><\/div>\n\n
                                                  2. less<\/code><\/h3>\n
                                                    \n
                                                  • Description:<\/strong> An interactive file viewer that allows scrolling and searching within the file.<\/li>\n<\/ul>\n
                                                    Useful Keys:<\/strong><\/p>\n
                                                      \n
                                                    • \/string<\/code><\/strong> \u2014 Search for a string in the file.<\/li>\n
                                                    • n<\/code><\/strong> \u2014 Go to the next search match.<\/li>\n
                                                    • q<\/code><\/strong> \u2014 Quit the viewer.<\/li>\n<\/ul>\n
                                                      Example Usage:<\/strong><\/p>\n\n
                                                      \nless \/var\/log\/syslog\n<\/pre><\/div>\n\n
                                                      3. tail<\/code><\/h3>\n