Scribd
Upload
82 views

Linux Log Files That Are Located Under - Var-Log Directory

The document discusses Linux log files and their locations and purposes. The main log files are located under /var/log and include messages, dmesg, auth.log, boot.log, daemon.log, and others. Configuration of log file routing is handled by /etc/rsyslog.conf. Log types like INFO, NONE, and errors are routed to specific files. Additional subdirectories contain logs for applications like Apache, Samba, mail, and others.

Uploaded by

Manikanta Sathulurï
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
82 views

Linux Log Files That Are Located Under - Var-Log Directory

The document discusses Linux log files and their locations and purposes. The main log files are located under /var/log and include messages, dmesg, auth.log, boot.log, daemon.log, and others. Configuration of log file routing is handled by /etc/rsyslog.conf. Log types like INFO, NONE, and errors are routed to specific files. Additional subdirectories contain logs for applications like Apache, Samba, mail, and others.

Uploaded by

Manikanta Sathulurï
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Linux log files that are located under /var/log directory

/etc/rsyslog.conf is the configuration file using to manage the log file to write in
the /var/log/*.log respective log files.

[student@workstation ~]$ cat /etc/rsyslog.conf | grep -v "#"

global(workDirectory="/var/lib/rsyslog")

module(load="builtin:omfile" Template="RSYSLOG_TraditionalFileFormat")

include(file="/etc/rsyslog.d/*.conf" mode="optional")

*.info;mail.none;authpriv.none;cron.none /var/log/messages

authpriv.* /var/log/secure

mail.* -/var/log/maillog

cron.* /var/log/cron

.emerg :omusrmsg:

uucp,news.crit /var/log/spooler

local7.* /var/log/boot.log

In the above output,

 *.info indicates that all logs with type INFO will be logged.
 mail.none,authpriv.none,cron.none indicates that those error messages should
not be logged into the /var/log/messages file.
 You can also specify *.none, which indicates that none of the log messages will
be logged.

The following are the log files that are located under /var/log/ directory. Some of
these log files are distribution specific. For example, you’ll see dpkg.log on
Debian based systems (for example, on Ubuntu).

1. /var/log/messages – Contains global system messages, including the messages


that are logged during system startup. There are several things that are logged in
/var/log/messages including mail, cron, daemon, kern, auth, etc.
2. /var/log/dmesg – Contains kernel ring buffer information. When the system
boots up, it prints number of messages on the screen that displays information
about the hardware devices that the kernel detects during boot process. These
messages are available in kernel ring buffer and whenever the new message
comes the old message gets overwritten. You can also view the content of this
file using the dmesg command.
3. /var/log/auth.log – Contains system authorization information, including user
logins and authentication machinsm that were used.
4. /var/log/boot.log – Contains information that are logged when the system boots
5. /var/log/daemon.log – Contains information logged by the various background
daemons that runs on the system
6. /var/log/dpkg.log – Contains information that are logged when a package is
installed or removed using dpkg command
7. /var/log/kern.log – Contains information logged by the kernel. Helpful for you
to troubleshoot a custom-built kernel.
8. /var/log/lastlog – Displays the recent login information for all the users. This is
not an ascii file. You should use lastlog command to view the content of this file.
9. /var/log/maillog /var/log/mail.log – Contains the log information from the mail
server that is running on the system. For example, sendmail logs information
about all the sent items to this file
10. /var/log/user.log – Contains information about all user level logs
11. /var/log/Xorg.x.log – Log messages from the X
12. /var/log/alternatives.log – Information by the update-alternatives are logged
into this log file. On Ubuntu, update-alternatives maintains symbolic links
determining default commands.
13. /var/log/btmp – This file contains information about failed login attemps. Use
the last command to view the btmp file. For example, “last -f /var/log/btmp |
more”
14. /var/log/cups – All printer and printing related log messages
15. /var/log/anaconda.log – When you install Linux, all installation related
messages are stored in this log file
16. /var/log/yum.log – Contains information that are logged when a package is
installed using yum
17. /var/log/cron – Whenever cron daemon (or anacron) starts a cron job, it logs the
information about the cron job in this file
18. /var/log/secure – Contains information related to authentication and
authorization privileges. For example, sshd logs all the messages here, including
unsuccessful login.
19. /var/log/wtmp or /var/log/utmp – Contains login records. Using wtmp you can
find out who is logged into the system. who command uses this file to display
the information.
20. /var/log/faillog – Contains user failed login attemps. Use faillog command to
display the content of this file.

Apart from the above log files, /var/log directory may also contain the following
sub-directories depending on the application that is running on your system.

 /var/log/httpd/ (or) /var/log/apache2 – Contains the apache web server


access_log and error_log
 /var/log/lighttpd/ – Contains light HTTPD access_log and error_log
 /var/log/conman/ – Log files for ConMan client. conman connects remote
consoles that are managed by conmand daemon.
 /var/log/mail/ – This subdirectory contains additional logs from your mail
server. For example, sendmail stores the collected mail statistics in
/var/log/mail/statistics file
 /var/log/prelink/ – prelink program modifies shared libraries and linked
binaries to speed up the startup process. /var/log/prelink/prelink.log contains
the information about the .so file that was modified by the prelink.
 /var/log/audit/ – Contains logs information stored by the Linux audit daemon
(auditd).
 /var/log/setroubleshoot/ – SELinux uses setroubleshootd (SE Trouble Shoot
Daemon) to notify about issues in the security context of files, and logs those
information in this log file.
 /var/log/samba/ – Contains log information stored by samba, which is used to
connect Windows to Linux.
 /var/log/sa/ – Contains the daily sar files that are collected by the sysstat
package.
 /var/log/sssd/ – Use by system security services daemon that manage access to
remote directories and authentication mechanisms.

You might also like