All Linux systems create and store information log files for boot processes, applications, and other events. These files can be a helpful resource for troubleshooting system issues.
Last update: 2022-06-04
Table of Content
General log files#
Log files are a set of records that Linux maintains for the administrators to keep track of important events. They contain messages about the server, including the kernel, services and applications running on it.
Most Linux log files are stored in a plain ASCII text file and are in the
/var/log directory and subdirectory. Logs are generated by the Linux system daemon log,
The log files generated in a Linux environment can typically be classified into four different categories:
- Application Logs
- Event Logs
- Service Logs
- System Logs
Common Linux log files names and usage:
/var/log/boot.log: System boot log
/var/log/kern.log: Kernel logs
/var/log/messages: General message and system related stuff
/var/log/auth.log: Authentication log
Log files are accessed using
root privileges. By definition,
root is the default account that has access to all Linux files.
Use the following example line command to access the respective file:
sudo less [log name here].log
Note that log files are stored in plain text, so they can be viewed by using the following standard commands:
zcat– Displays all the contents of .gz files
zmore– See the file in pages, without decompressing the files
zgrep– Search inside a compressed file
grep– Find all occurrences of a search term in a file or filter a log file
tail– Output the last few lines of files
Linux kernel log#
dmesg command lets you peer into the hidden world of the Linux startup processes to review and monitor hardware device and driver messages from the kernel’s own ring buffer.
To see the timestamp:
sudo dmesg -T
Watching live events:
sudo dmesg --follow
Every message logged to the kernel ring buffer has a level attached to it. The level represents the importance of the information in the message. The levels are:
emerg: System is unusable.
alert: Action must be taken immediately.
crit: Critical conditions.
err: Error conditions.
warn: Warning conditions.
notice: Normal but significant condition.
debug: Debug-level messages.
We can make
dmesg extract messages that match a particular level by using the
-l (level) option and passing the name of the level as a command-line parameter.
sudo dmesg -l info,notice
dmesg messages are grouped into categories called facilities or categories. The list of facilities is:
kern: Kernel messages.
user: User-level messages.
daemon: System daemons.
auth: Security/authorization messages.
syslog: Internal syslogd messages.
lpr: Line printer subsystem.
news: Network news subsystem.
We can ask
dmesg to filter its output to only show messages in a specific facility. To do so, we must use the
-f (facility) option:
sudo dmesg -f syslog,daemon
-x (decode) option makes dmesg show the facility and level as human-readable prefixes to each line.
sudo dmesg -x
Write an application that simply generates an exception (such as divided by 0).
Check the log generated in
appportto understand about generate events.
Configure system to generate a coredump file when an exception happens.