Log files on linux and how to read them

Log file

Reading log files is an essential skill for every system administrator, for many facts that we will go through in this post.

Linux gives the administrator a great advantage over other operating systems, this advantage is the detailed log and having full control on the log files.

Logs must be controlled though, I have logged in to some servers with 100% disk usage due to unmanaged logs that just keeps adding up.

One most important log in the linux world is “dmesg” Or debugging message, this command will output all the information in the ring buffer of your memory real time.

Afterwards these messages end up in the following path for you to have a look at them late:

/var/log/messages

If this is your first time trying to read log files, I would recommend “tail” command.

Also we can combine it with grep or limit the output lines.

Here’s an example, if you would like to view only the last 10 lines from a log file:

tail -10 /var/log/messages

What if you don’t want to limit the output and you want it to keep scrolling? No problem:

tail -f /var/log/messages

For more information about tail, check out the tail man pages, and the unix “tail” Wikipedia page here.

If you would like to see only the errors on the screen, you can combine tail with grep.

For example I will try to show only the lines with the word “error”:

tail -f /var/log/messages | grep error

Now you can open and display the log files, let’s go through the important log file locations on linux.

Apache web server on ubuntu should be located at:

/var/log/apache2/

On CentOS:

/var/log/httpd/

MySQL database server:

/var/log/mysql/

Did you notice that the majority of them are sharing the same path?

/var/log/

In the next posts I will cover the linux log rotate that keeps the logs under your control.