Linux System Logs
Where are system logs stored in Linux and how do you view them?
Linux System Logs
Where are system logs stored in Linux and how do you view them?
System logs in Linux are typically stored in /var/log. Key log files include: /var/log/syslog or /var/log/messages for general system logs, /var/log/auth.log for authentication events, /var/log/kern.log for kernel messages, and /var/log/dmesg for boot messages. Use commands like tail, cat, less, or journalctl (for systemd) to view logs.
Log analysis is a fundamental skill for troubleshooting issues in production systems. Understanding where logs are stored and how to efficiently search through them helps you quickly diagnose application crashes, security incidents, and system failures.
Common log locations and viewing commands
Log rotation and management
- Not checking timestamps when correlating events across services
- Forgetting that older logs may be compressed (.gz files)
- Not using grep flags like -i for case-insensitive search
- What is logrotate and why is it important?
- How does journalctl differ from traditional log files?
- How would you set up centralized logging for multiple servers?