This article covers logs, where they are stored, and which Linux distributions use the log. Logs are an essential part of managing your server, and most all applications will come with their own logging as well.
• Server running a Linux operating system.
How do I view log files on Linux?
Login to your server as root or a sudo user using SSH or the console. Most logs are kept in the same location, so we’ll navigate there by going to /var/log. We’ll navigate there by using the following command:
# cd /var/log
Now that we’ve switched to the /var/log directory, we’ll list the files within it using the following command:
Within this directory, we’ll find a number of different log files. Below is a list that gives the name of the log file, or the subdirectory which is resides in by default, which Linux operating system it is found on, and what is logged to it.
last -f /var/log/btmp |more
/var/log/alternatives.log (Ubuntu®, Debian®)
Information by the update-alternatives are logged into this log file.
/var/log/apache2/access.log (Ubuntu, Debian)
Stores requests, such as GET and POST requests, that are processed by the Apache® service.
/var/log/apache2/error.log (Ubuntu, Debian)
Stores Apache errors and diagnostic information found while serving requests.
Stores information from the Linux audit daemon auditd. This log contains information about the files on which users have performed reads or writes.
Contains authorization information, such as user logins and what the authentication method was.
Contains information about the boot process once the kernel has loaded. This includes information such as system file checks, mounting a file system, starting a firewall, starting network devices, and starting services.
Contains failed login attempts. You’ll have to use the last command to view this log.
Stores information from crondaemon and anachron after they start a cron job.
Contains kernel related information about hardware and devices it detects during the boot process. This file is overwritten upon each reboot.
/var/log/dpkg.log (Ubuntu, Debian)
Stores information that is logged when a new package is installed or removed by using the dpkg command.
Contains failed user login attempts. Use the command faillog to retrieve the contents.
/var/log/kern.log (Ubuntu, Debian, and can be configured for Centos® and RHEL®)
Contains log details from the kernel during system bootup, as well as any kernel errors or messages sent from the kernel.
Displays recent login information.
/var/log/maillog.log (Centos, RHEL)
Stores information from the mail server that is running on your system, such as Postfix logging information.
/var/log/mail.log (Ubuntu, Debian)
Stores information from the mail server that is running on your system, similar to what maillog.log does for the Centos and RHEL flavors.
This is a subfolder that contains any additional logs created for use by your mail server.
Contains global system messages, including the messages logged during boot.
Contains daily sar files collected by the sysstat package.
Stores information related to authentication and authorization privileges. For example, sshd logs information here, including unsuccessful attempts.
var/log/wtmp or /var/log/utmp
Contains login records and shows who is currently logged into the system. The command ‘who‘ uses this file to display the information.
Stores information logged when a package is installed or removed.