If you are willing to spend some time on the Linux environment, you should first know where the log files are located and what they contain. Learning about these different log files while your system is working properly can help you find and solve problems in emergencies.
The following is a description of the 20 log files that are located under the/var/log/directory. Some of these are only available in specific versions, such as Dpkg.log, which can only be seen in Debian-based systems.
/var/log/messages -Includes overall system information, which also contains logs during system startup. In addition, content such as Mail,cron,daemon,kern and Auth is also recorded in the Var/log/messages log.
/VAR/LOG/DMESG -Contains kernel buffering information (kernel ring buffer). When the system starts, many hardware-related information is displayed on the screen. You can view them with DMESG.
/var/log/auth.log -Contains system licensing information, including user login and use of the permissions mechanism.
/var/log/boot.log -Contains the log at system startup.
/var/log/daemon.log -Contains various system daemon log information.
/var/log/dpkg.log – includes installation or DPKG command to clear the log of the package.
/var/log/kern.log – Contains logs generated by the kernel to help resolve issues when customizing the kernel.
/var/log/lastlog -Records the most recent information for all users. This is not an ASCII file, so you need to use the Lastlog command to view the content.
/var/log/maillog/var/log/mail.log -Contains the log information of the system running the e-mail server. For example, SendMail log information is all sent to this file.
/var/log/user.log -logs that record all levels of user information.
/var/log/xorg.x.log -log information from X.
/var/log/alternatives.log – Update replacement information is recorded in this file.
/var/log/btmp – Logs all failed login information. Use the last command to view the Btmp file. For example, "Last-f/var/log/btmp | More ".
/var/log/cups -logs that involve all printing information.
/var/log/anaconda.log -When installing Linux, all installation information is stored in this file.
/var/log/yum.log -Contains package information that is installed with Yum.
/var/log/cron -each time the cron process starts a job, the information is recorded in this file.
/var/log/secure -contains authentication and authorization aspects information. For example, SSHD will record all information (including failed logins) here.
/var/log/wtmp or/var/log/utmp -contains login information. Use Wtmp to find out who is logging into the system, who uses the command to display this file or information, and so on.
/var/log/faillog – Contains user logon failure information. In addition, the error login command is also recorded in this file.
In addition to the above log files,/var/log also contains the following subdirectories based on system-specific applications:
/var/log/httpd/or/var/log/apache2-contains server Access_log and error_log information.
The/var/log/lighttpd/-contains light httpd access_log and Error_log.
/var/log/mail/– This subdirectory contains additional logs for the mail server.
/var/log/prelink/-contains the information that the. So file was PreLink modified.
/var/log/audit/-contains information stored by the Linux audit daemon.
The/var/log/samba/– contains information stored by Samba.
The/var/log/sa/-contains the SAR files that are collected daily by the Sysstat package.
/var/log/sssd/– is used for daemon security services.
In addition to manually archiving and clearing these log files, you can use Logrotate to automatically delete files after they reach a certain size. You can try to view these log files with commands such as Vi,tail,grep and less.
Detailed description of the 20 Linux log files in the/var/log directory