b.stefanuk.caUsing Linux Logs
Linux logs provide a timeline of events. When issues arise when using the Linux operating system, and application, or when conducting general troubleshooting, analyzing the log files is the first place to start to pinpoint the isse.
Linux specific log files are found in the /var/log directory. The syslog is one of the most important logs because it's where everything required for authentication is logged (confirm).
TODO: Expand on what syslog is
To view a specific log file you can use
sh
$ dmesg # Prints the kernel ring buffer
$ cat /var/log/syslog # Prints everything to stdout
$ less /var/log/syslog # Scrollable stdout
$ tail /var/log/syslog # Shows most recent 10 logs
$ tail -f /var/log/syslog # Follows/watches most recent 10 logs
$ tail -f -n 25 /var/log/syslog # Follows most recent 25 logs$ dmesg # Prints the kernel ring buffer
$ cat /var/log/syslog # Prints everything to stdout
$ less /var/log/syslog # Scrollable stdout
$ tail /var/log/syslog # Shows most recent 10 logs
$ tail -f /var/log/syslog # Follows/watches most recent 10 logs
$ tail -f -n 25 /var/log/syslog # Follows most recent 25 logsTypes of Linux Logs
- Application logs
- Event logs
- Service logs
- System logs
Must Monitor Logs
- /var/log/syslog (Ubuntu and Debian) or /var/log/messages (Redhat and CentOS): General and system-related logs.
- /var/log/auth.log or /var/log/secure: Authenication related logs such as successful and failed logins.
- /var/log/boot.log: Messages logged during system startup.
- /var/log/maillog: Mail-related logs from email, postfix, or smtpd.
- /var/log/kern: Kernel-related logs and warnings. Especially valuable for monitoring custom kernels.
- /var/log/dmesg: Device driver and hardware-related messages. Use
dmesgto view the contents of this file. - /var/log/faillog: Logs related to failed loging attempts. Useful for diagnosing hacks and brute-force attacks.
- /var/log/cron: Crond-related logs.
Additional Resources