Linux logs record system events, errors, and application activities.
Most system log files are stored in the /var/log/ directory and are essential for troubleshooting and auditing.
Important log files include:
Display log file contents using basic commands.
cat /var/log/syslog
less /var/log/auth.log
Watch log entries as they are written.
tail -f /var/log/syslog
Filter specific keywords to identify problems.
grep -i error /var/log/syslog
grep -i failed /var/log/auth.log
View recent log entries.
tail -n 50 /var/log/syslog
Search logs by date (example):
grep "Jan 10" /var/log/syslog
Modern Linux systems use systemd journal.
View all logs:
journalctl
View logs for current boot:
journalctl -b
View logs for a specific service:
journalctl -u ssh
Check failed and successful login attempts.
grep "Failed password" /var/log/auth.log
last
lastb
Many applications create their own log directories.
Example (Apache):
/var/log/apache2/access.log
/var/log/apache2/error.log
View Apache errors:
tail -f /var/log/apache2/error.log
Linux uses logrotate to manage log size and history.
Check logrotate configuration:
/etc/logrotate.conf
/etc/logrotate.d/
Force log rotation:
sudo logrotate -f /etc/logrotate.conf
Log files are usually readable only by root.
sudo ls -l /var/log
sudo chmod 640 /var/log/syslog
Compress or remove old logs to save space.
sudo du -sh /var/log/*
sudo journalctl --vacuum-time=7d
Log analysis in Linux is a critical skill for diagnosing system, security, and application issues. Using tools like grep, tail, and journalctl allows efficient monitoring and troubleshooting of system behavior.