Linux System Logs

Question

Where are system logs stored in Linux and how do you view them?

Answer

System logs in Linux are typically stored in /var/log. Key log files include: /var/log/syslog or /var/log/messages for general system logs, /var/log/auth.log for authentication events, /var/log/kern.log for kernel messages, and /var/log/dmesg for boot messages. Use commands like tail, cat, less, or journalctl (for systemd) to view logs.

Why This Matters

Log analysis is a fundamental skill for troubleshooting issues in production systems. Understanding where logs are stored and how to efficiently search through them helps you quickly diagnose application crashes, security incidents, and system failures.

Code Examples

Common log locations and viewing commands

bash

Log rotation and management

bash

Common Mistakes

Not checking timestamps when correlating events across services
Forgetting that older logs may be compressed (.gz files)
Not using grep flags like -i for case-insensitive search

Follow-up Questions

Interviewers often ask these as follow-up questions

What is logrotate and why is it important?
How does journalctl differ from traditional log files?
How would you set up centralized logging for multiple servers?