Getting Began With System Logging in Linux

System logs under Linux give you a comprehensive insight into the core activities on your PC or your server infrastructure. They are critical to the stability and security of your system. System logs also allow you to monitor various activities that have taken place in the past.

This guide introduces you to the Linux logging system. All of the major activities performed by core system applications and services are recorded in the form of logs, and at the heart of it all is a system known as a Syslog.

Why are system logs important?

Imagine your Linux PC recently had startup errors, or you suspect that someone tried to log into your system. These events are easy to track because your system keeps track of such activity in the form of logs.

On Linux, system logs are readable records of the core system activity performed by services, daemons, and system applications. Some of the important activities logged on a Linux computer include user logins and login failures, operating system booting, system errors, and so on.

Linux has a dedicated service called Syslog that is specifically responsible for creating logs about the System Logger. Syslog is made up of several components such as the syslog message format, the syslog protocol, and the syslog daemon: popularly known as syslogd or rsyslogd in newer versions of Linux.

The / var / log The directory stores most of the logs on a Linux system. The / var The directory mainly contains variable files and directories, i. H. Data that has to change frequently. There is no standard format for logs, but logs should at least include a timestamp and the details of the activity to be logged.

List files managed by syslog

All general logs on your system are stored in the / var / log / syslog File on Debian-based Linux distributions. Other distributions use the / var / log / messages File for saving logs.

Note: Different Linux distributions may use different files to log certain messages. For example, on Debian-based Linux distributions that have /var/log/auth.log The file contains authentication protocols used by RedHat systems / var / log / Secure File for saving such logs.

For more information on all of the files responsible for storing logs, see /etc/rsyslog.d Directory that contains important syslog configuration files. For example, to list standard log files, you can look at them /etc/rsyslog.d/50-default.conf File.

cat /etc/rsyslog.d/50-default.conf

The file shows you the names of the system applications and the associated log files.

How to review log files

Most log files are quite long. Hence, one of the most important commands for examining log files on Linux is the Fewer Command that outputs the file content in easily navigable sections.

For example, to view the content of the / var / log / syslog Use the less command as follows.

less / var / log / syslog

Use the F. Keyboard key for scrolling forward and the B. Button to scroll backwards.

The syslog file contains logs of some of the most important activities such as system errors and service activities on your system.

If you just want to check the latest logs, you can use that tail Command that by default only lists the last 10 log messages.

tail / var / log / syslog

You can also specify the number of log messages that you want the tail utility to display. The command has the following format Tail-n-file-to-inspect, Where n is the number of lines you want to display. For example, to view the last 7 log messages in the syslog file, you can use the following command.

Tail -7 / var / log / syslog

To see the latest logs in real time, you can use the tail command with the command -f Option as below.

tail -f / var / log / syslog

Another important command for checking log messages is the head Command. Unlike the tail command, which displays the last log messages in a file, the head command displays the first few lines in a file. By default, the command only prints the first 10 lines.

head / var / log / syslog

Authentication protocols

If you are looking for information about user logins on your system, this is the place to go /var/log/auth.log File. Information about user logins, login failures and the authentication method used can be found here.

Kernel protocols

When your Linux system starts up, important information about the kernel ring buffer is recorded in the file / var / log / dmesg File. Additional information about hardware drivers, kernel, and boot status are recorded in this file.

Instead of checking the startup log messages with the less or cat command, you can view these log files with dmesg.


Note: Log messages in the / var / log / dmesg Files are reset every time the system starts.

Another important log file related to kernel problems is the /var/log/kern.log.

Logging Messages With the command logger

In addition to viewing log messages logged by system applications or services, the logging system on Linux allows you to manually log messages using Logger Command. A user can log messages at the / var / log / syslog File by default. For example, to log a simple message, you can run the following command.

Logger hello world!

You can now use the tail command to view the most recently logged message.

Tail -3 / var / log / syslog

You can even log the output of other commands with the logger command by pasting the command in the box Back tick ((`) Character.

Logger `whoami`

You can also use the logger command in your scripts to log important events. Refer to the man pages for more information about the logger command and its options.

Man logger

Manage log files

As you may have noticed, a lot of data is logged on a Linux computer. Therefore, a suitable system must be in place to manage the space used by the log files. In addition, a logging system ensures that you can easily find the log messages you are looking for. Linux's solution to this problem is this logrotate Usefulness.

Use the logrotate utility to configure which log file to keep, how long to keep it, manage log sending, compress old log files, and more.

You can configure the logrotate utility using any text editor of your choice. The configuration file for logrotate can be found under /etc/logrotate.conf.

Keep your system robust with logs

System logs on Linux are a great way to get a glimpse of key activities on your system, which can include system security and overall system stability. Knowing how to view and analyze log messages on a server or PC can help keep your system robust in the long run.

Sometimes, the low availability of system resources makes it difficult for users to use certain applications on their system. In such situations, closing unresponsive programs can free space in your system's main memory.

7 ways to end unresponsive programs on Linux

How can you quit a Linux app if it stops responding and crashes? Try one of these tricks to quit a stuck program on Linux.

Continue reading

About the author

Mwiza Kumwenda
(4 articles published)

Mwiza is a professional developer of software and writes extensively on Linux and front-end programming. Some of his interests include history, economics, politics, and enterprise architecture.

By Mwiza Kumwenda

Subscribe to our newsletter

Sign up for our newsletter to receive tech tips, reviews, free e-books, and exclusive offers!

One more step …!

Please confirm your email address in the email we just sent you.

Leave a Reply

Your email address will not be published. Required fields are marked *