Linux log files
Learning about these different log files while your system is working properly can help you find and solve problems in emergencies.
The/var/log/messages-includes overall system information, which also contains logs during system startup. In addition, content such as Mail,cron,daemon,kern and Auth is also recorded in the Var/log/messages log.
The/var/log/dmesg-contains kernel buffering information (kernel ring buffer). When the system starts, many hardware-related information is displayed on the screen. You can view them with DMESG.
/var/log/auth.log-contains system licensing information, including user login and use of the permissions mechanism.
/var/log/boot.log-contains the log at system startup.
The/var/log/daemon.log-contains various system daemon log information.
/var/log/dpkg.log– includes the installation or DPKG command to clear the log of the package.
/var/log/kern.log– contains the logs generated by the kernel to help resolve problems when customizing the kernel.
/var/log/lastlog-records the most recent information for all users. This is not an ASCII file, so you need to use the Lastlog command to view the content.
/var/log/maillog/var/log/mail.log-contains the log information of the system running the e-mail server. For example, SendMail log information is all sent to this file.
/var/log/user.log-logs all levels of user information.
/var/log/xorg.x.log-the log information from X.
/var/log/alternatives.log– Update replacement information is recorded in this file.
/var/log/btmp– Logs all failed login information. Use the last command to view the Btmp file. For example, "Last-f/var/log/btmp | More ".
/var/log/cups-A log that involves all printing information.
/var/log/anaconda.log-when installing Linux, all installation information is stored in this file.
The/var/log/yum.log-contains package information that is installed with Yum.
/var/log/cron-each time the cron process starts a job, the information is recorded in this file.
The/var/log/secure-contains authentication and authorization aspects information. For example, SSHD will record all information (including failed logins) here.
/var/log/wtmp or/var/log/utmp-contains login information. Use Wtmp to find out who is logging into the system, who uses the command to display this file or information, and so on.
/var/log/faillog– contains user logon failure information. In addition, the error login command is also recorded in this file.
In addition to the above log files,/var/log also contains the following subdirectories based on system-specific applications:
/var/log/httpd/or/var/log/apache2-contains server Access_log and error_log information.
The/var/log/lighttpd/-contains light httpd access_log and Error_log.
/var/log/mail/– This subdirectory contains additional logs for the mail server.
/var/log/prelink/-contains the information that the. So file was PreLink modified.
/var/log/audit/-contains information stored by the Linux audit daemon.
The/var/log/samba/– contains information stored by Samba.
The/var/log/sa/-contains the SAR files that are collected daily by the Sysstat package.
/var/log/sssd/– is used for daemon security services.
In addition to manually archiving and clearing these log files, you can use Logrotate to automatically delete files after they reach a certain size. You can try to view these log files with commands such as Vi,tail,grep and less.
Linux log files