Linux Logs tools and location

  1. less command
  2. more command
  3. cat command
  4. grep command
  5. tail command
  6. zcat command
  7. zgrep command
  8. zmore command

How do I view log files on Linux?

Open the Terminal or login as root user using ssh command. Go to /var/logs directory using the following cd command:
# cd /var/logs

To list files use the following ls command:
# ls
Sample outputs from RHEL 6.x server:

 anaconda.ifcfg.log boot.log-20111225 cron-20131110.gz maillog-20111218 messages-20131103.gz secure-20131027.gz spooler-20131117.gz up2date-20131117.gz anaconda.log btmp cron-20131117.gz maillog-20111225 messages-20131110.gz secure-20131103.gz squid uptrack.log anaconda.program.log btmp-20120101 cups maillog-20120101 messages-20131117.gz secure-20131110.gz swinstall.d uptrack.log.1 btmp-20131101.gz dkms_autoinstaller maillog-20131027.gz mysqld.log secure-20131117.gz tallylog uptrack.log.2 anaconda.syslog collectl dmesg maillog-20131103.gz ntpstats setroubleshoot UcliEvt.log varnish anaconda.yum.log ConsoleKit dmesg.old maillog-20131110.gz prelink spooler up2date wtmp arcconfig.xml cron dracut.log maillog-20131117.gz rhsm spooler-20111211 up2date-20111211 yum.log atop cron-20111211 dracut.log-20120101 messages sa spooler-20111218 up2date-20111218 yum.log-20120101 audit cron-20111218 dracut.log-20130101.gz messages-20111211 secure spooler-20111225 up2date-20111225 yum.log-20130101.gz boot.log cron-20111225 httpd messages-20111218 secure-20111211 spooler-20120101 up2date-20120101 boot.log-20111204 cron-20120101 lastlog messages-20111225 secure-20111218 spooler-20131027.gz up2date-20131027.gz boot.log-20111211 cron-20131027.gz maillog messages-20120101 secure-20111225 spooler-20131103.gz up2date-20131103.gz boot.log-20111218 cron-20131103.gz maillog-20111211 messages-20131027.gz secure-20120101 spooler-20131110.gz up2date-20131110.gz 

To view a common log file called /var/log/messages use any one of the following command:
# less /var/log/messages
# more -f /var/log/messages
# cat /var/log/messages
# tail -f /var/log/messages
# grep -i error /var/log/messages

Sample outputs:

 Jul 17 22:04:25 router dnsprobe[276]: dns query failed Jul 17 22:04:29 router last message repeated 2 times Jul 17 22:04:29 router dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server Jul 17 22:05:08 router dnsprobe[276]: Switching Back To Primary DNS server Jul 17 22:26:11 debian -- MARK -- Jul 17 22:46:11 debian -- MARK -- Jul 17 22:47:36 router -- MARK -- Jul 17 22:47:36 router dnsprobe[276]: dns query failed Jul 17 22:47:38 debian kernel: rtc: lost some interrupts at 1024Hz. Jun 17 22:47:39 debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC= DST= LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Common Linux log files names and usage

  • /var/log/messages : General message and system related stuff
  • /var/log/auth.log : Authenication logs
  • /var/log/kern.log : Kernel logs
  • /var/log/cron.log : Crond logs (cron job)
  • /var/log/maillog : Mail server logs
  • /var/log/qmail/ : Qmail log directory (more files inside this directory)
  • /var/log/httpd/ : Apache access and error logs directory
  • /var/log/lighttpd/ : Lighttpd access and error logs directory
  • /var/log/boot.log : System boot log
  • /var/log/mysqld.log : MySQL database server log file
  • /var/log/secure or /var/log/auth.log : Authentication log
  • /var/log/utmp or /var/log/wtmp : Login records file
  • /var/log/yum.log : Yum command log file.
By vichhaiy Posted in Linux

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s