The system logs show the timeline and details of the program’s events, which are very helpful for tracking the changes in the system. For example, the apt log files contain the information for the packages in the default apt repository. The log files show the program’s events, such as updates, upgrades, installation, and removal details from the system. The log files help the users to find the errors and problems within the systems, which can be resolved later.
This article will explain the methods to check system logs on Linux with the help of these topics:
- Where are the Log Files Stored in Linux?
- Check All System Log Messages
- Check the Latest System Logs
- Check Run Time System Logs
- apt Package Manager’s System Logs
- Check Kernel-Level Logs
- Check Systemd and Service Commands Logs
Where are the Log Files Stored in Linux?
The /var/log directory contains all the log files in Linux OS. To list the logs files stored in the/var//log directory, use the below-stated ls command:
$ ls /var/log
The above output shows different log files storing specific programs’ time-based event details. The output contains several Linux operating system logs, such as:
- /var/log/syslog: This log file contains the system-level activity data. These activities include startup messages, reboots, and other system-level activities. The “/var/log/syslog” in Ubuntu while “/var/log/messages” in CentOS and RHEL stores these system-level event details.
- /var/log/auth.log: This file contains information related to security events. The root user actions and login details are stored in /var/log/auth.log file.
- /var/log/kern.log: This file contains Kernel-level events such as errors or warning logs.
- /var/log/dmesg: This file shows the Kernel ring buffer and details of the command issued from the terminal.
- /var/log/apt: It shows the details of the apt packages, such as installation, removal, updation, and upgradation of the apt packages.
- /var/log/dpkg: It stores the information related to dpkg package activities.
The /var/log directory log files can be categorized into the following types of log files in Linux:
- System Logs: The logs store the event’s details for the system/Kernel level operations.
- Event Logs: The event logs contain information about the system events.
- Application Logs: These logs store the application details, such as error messages for specific applications.
- Service Logs: These show the event details of the services available, such as systemd and service packages.
How to Check All System Log Messages in Linux?
This file contains large activity data for the system; we can use the “less” or “more” commands to view system logs for the “/var/log/sys” file using the following command:
$ less /var/log/syslog
Note: The “less” command will show few messages while the “more” command will show more system logs messages on the terminal screen.
The output shows the details of the events that happened recently in the system. A single event of the above log file shows the following details:
- Date and Time
- Host Name (Computer’s Name)
- Process Name
- Process Details
How to Check the Latest System Logs in Linux?
We can use the tail command to read the latest system logs. The tails show the last 10 logs by default with this command:
$ tail /var/log/syslog
The output lists the last 10 system-level activities in the computer.
How to Check Run Time System Logs in Linux?
We can check for continuous logs on Linux using the “f” option of the tail command. Run this command to check the system logs in real time:
$ tail -f /var/log/syslog
The output will continuously update the new logs in real time.
How to Check apt Package Manager’s System Logs in Linux?
We can view the Ubuntu default apt package manager logs from the “/var/log/apt” directory. Change to the apt system log directory with this command:
$ cd /var/log/apt $ ls
To view the apt package manager logs, we can use the “cat” command with the “history.log” file that stores the apt log details:
$ cat history.log
The output shows the activities that occurred for the apt package manager.
How to Check Kernel-Level Logs in Linux?
To view the Kernel-level system logs on Linux, use the “cat” command with the “kern.log” file as shown below:
$ cat /var/log/kern.log
The above output lists the Kernel-level system logs.
How to Check Systemd and Service Commands Logs?
The systemd and service command information is collected in a file that is called a journal. This journalctl command allows the users to view the logs generated by the systemd (Kernel-level) and service manager with the following command:
$ journalctl
It shows the journal details of the systemd and service managers in Linux.
Conclusion
The system logs help the users to track the changes or errors that occurred in the system, which is stored in the “/var/log” directory. All the system logs files are available in the /var/log directory, including Syslog, auth.log, kern, log, and others. This write-up has provided a complete usage guide to checking the system logs on Linux.