Linux Logs that an Administrator need to Monitor

Linux maintains a record of a various logs that helps a administrator to keep track of important events including system error messages, system startups, and system shutdowns. The logs are in ASCII text format and hence can be viewed with a text editor. The centralized logging is provided by two daemons are syslogd and klogd. Almost all the logfiles generated by applications like apache, squid etc and server itself are located under /var/log directory (and subdirectory).

Some of the more important log files that a administrator should follow are :

/var/log/dmesg – This log file is written upon system boot. It contains messages from the kernel that appears during the boot process. You can also view them using the command:

# dmesg

It makes easy to view the log messages related to the most recent system startup. If your system is behaving unusually, use dmesg to quickly see if something went wrong during the system startup sequence. This log file can be viewed by any users.

If you have a problem for example with your sound card in your computer and you want to see if everything is working fine during start up, you can check this by dmesg | grep sound or cat /var/log/messages | grep sound commands.

/var/log/messages – This is standard system log file where various system applications and daemons record messages also messages from non-kernel boot issues, and messages that go to ‘dmesg‘. This is probably the first file that a administrator should check to see if anything is going wrong . By default, the messages of emergency or higher (more severe) are broadcast to all users, and most other messages are written to /var/log/messages file, which is where you should look for non-kernel boot errors, error messages from most application-level services, such as automount, login services etc.

Run the command

# tail -f /var/log/messages

to get a real time display of the messages logged by the syslogd daemon. Thus an administrator will be able to keep track of any system wide errors that may be generated.

/var/log/secure – This log file contains messages and errors from security related systems such as login, tcp_wrappers, and xinetd. This log file is very useful in detecting and investigating network abuse. It focuses on such services as in.telnetd and in.ftpd, both of which serve files to and accept files from the Internet.

Other log files name and usage

  • /var/log/auth.log: Authenication logs

  • /var/log/kern.log: Kernel logs

  • /var/log/cron.log: Crond logs (cron job)

  • /var/log/maillog: Mail server logs

  • /var/log/boot.log : System boot log

  • /var/log/utmp or /var/log/wtmp : Login records file

About Sandeep kalathil

Iam a System Engineer working in Cochin , Interested in Linux and Windows servers and happy to share knowledge that i have gained through my day to day work.

Check Also

applock whatsapp

Password lock for whatsapp android messenger

Worried about your privacy of chat messages ? nowadays whatsapp is most common messaging application …