Linux system logged all the tasks performed during the operations in the different log files. It is the best practice to go through the logs of the system everyday by system administrator. This will help to find out the system activities carried out by user and troubleshooting issues if any. Third party applications might write in different log directory.
Table of Contents
Normally logrotate happens in regular interval and it is pre-configured for all the log files so the report generated will be only as per the date log file started storing log files. /etc/rsyslog.conf file is the global directives and controls the path and includes what contains should goes into the log files. Following are the log files with path and it’s detailsdescription.
/var/log/messages
This is the first place to look in case of any problem. This is the most important log file in Linux system which records system activities like system error messages, system startup and shutdown, services up & down, network configuration etc. This is the normal text file and can be view with cat, less, more and tail command. You can use tail command to display current running log as below.
“Ctrl + c” to exist from running console.
Output of the above command shows the date and time, hostname, service that is generated the message.
/var/log/boot.log
System startup message and contains booting information.
/var/log/maillog
Mail server, smtpd or any other related to mails are stored in this file. All the mail sent, received, blocked, spamming activities captures in this log file.
/var/log/dnf.log or /var/log/yum.log
Contains all the activities carried out by yum or dnf command. Captures all the yum or dnf command history like update, install, remove etc.
/var/log/lastlog
Captures the most recent login activity of system users. It shows the details of username, port, login from and Latest login. Below is the command to read /var/log/lastlog file. $ lastlog
/var/log/dmesg
This file contains information of server hardware devices and it’s drivers. It has the information of hardware detected and installed properly or not during boot up. You can refer this file in case of any hardware is not functioning or not getting detected.
dmesg is the command to see and read this file. $ dmesg
/var/log/secure
This file is to keep track of successful SSH, Sudo login and other errors logged by system. It also stores messages related to authentication or failed login attempts.
/var/log/audit/audit.log
This file records every activity on the server. With the help of this file we can detect unauthorized activities, it helps to find any security breaches of system policies and you can take additional security measures to prevent them. The file is logged in plain ASCCI format. ausearch, aureport are the tools to extract for readable format. /etc/audit/auditd.conf is the configuration file.
/var/log/cron
The cron related logs are stored in /var/log/cron, keep tracks of cron and anacron job executed and failed.
/var/log/btmp
This is the binary file and cannot see what is inside in the file with command cat, less and tail etc. or any text editor. The ‘b’ in btmp is ‘bad’. This file records only bad login attempts. You can track brute force attack to gain access in this file so you can take corrective action to block the source IP in firewall to defend. last and lastb is the command to read this file. Note: You need to keep eye on this file as sometime the file size might increases rapidly, that means someone is trying to brute-force your passwords.
/var/log/wtmp
This is also a binary file. we can use who and last command to pull the information from /var/log/wtmp file . The ‘w‘ in wtmp is ‘who‘. This file keep login and logout history of users.
What is the difference between pts and tty?
In the output above, we can see pts and tty. Below are the differences.
2. pty – (pseudo terminal device) emulated program i.e putty, xterm or screen etc.
Conclusion: In this tutorial, We have covered some of the important log files which a Linux System admin should monitor daily basis. If i have missed out any other important log file which need to be monitored daily basis, please do mention in comment box below so that we can add those as well. Big thanks for reading all the way to the end. Please share it with Your Friends & Help Someone… and alsoLike Our Facebook Page.
0 thoughts on “Basic Understanding of Log Files in Linux.”
Very informative. Helped me 🙂 thumbs up
Thanks for sharing the most valuable article!