Introduction to System Logs

Table of Contents

Introduction to System Logs

Gain insights into system logs and learn troubleshooting techniques using log files.

Types of System Logs

The following command display a list of log files in the /var/log directory. Various logs provide information about different aspects of system activity.

ls /var/log

Viewing Log Contents

The following commands prints the entire content of a log file (e.g., /var/log/syslog) and display the last few lines of a log file (e.g., /var/log/auth.log).

cat /var/log/syslog

tail -n 20 /var/log/auth.log

System Log Rotation

The following commands represent log rotation settings which are defined in /etc/logrotate.d/ and /etc/logrotate.conf contains global log rotation configurations.

ls /etc/logrotate.d/

cat /etc/logrotate.conf

Kernel Logs

The following commands display kernel-related messages.

dmesg | less

Journalctl for Systemd Logs

The following commands display logs managed by systemd. It filters logs by unit (e.g., -u ssh for SSH logs).

journalctl

journalctl -u ssh

Log Analysis with grep

The following command uses grep to search for specific keywords in log files. It is also helpful for filtering logs based on criteria (e.g., searching for “error” messages).

cat /var/log/syslog | grep "error"

Start your Career with Learn DeOps Free.

Timestamps and Log Entries

The following command extracts and displays timestamps from log entries. Understanding log timestamps helps in chronological analysis.

awk '{print $1, $2, $3}' /var/log/auth.log

Syslog Configuration

The following command contains configurations for the syslog daemon. Configurations include log forwarding and storage settings.

cat /etc/rsyslog.conf

Log File Permissions

The following command shows log file permissions. Log files must have appropriate permissions for security reasons.

ls -l /var/log/auth.log

Log Rotation Policies

The following command defines global log rotation policies. Policies include rotation intervals, compression, and retention.

cat /etc/logrotate.conf

Troubleshooting with Logs

The following command troubleshoots system issues by searching for relevant error messages in logs. The grep command allows for targeted log analysis.

grep "error" /var/log/syslog

By diving into system logs and employing various commands and techniques, users can gain valuable insights into system activities, troubleshoot issues effectively, and maintain a proactive approach to system monitoring and management.

We are providing Best DevOps Courses

what you need to know

in your inbox every morning