Linux view system log

Viewing and monitoring log files

The Linux operating system, and many applications that run on it, do a lot of logging. These logs are invaluable for monitoring and troubleshooting your system.

What you’ll learn

• Viewing logs with a simple GUI tool
• Basic command-line commands for working with log files

What you’ll need

Originally authored by Ivan Fonseca.

How will you use this tutorial?

What is your current level of experience?

2. Log files locations

There are many different log files that all serve different purposes. When trying to find a log about something, you should start by identifying the most relevant file. Below is a list of common log file locations.

System logs

System logs deal with exactly that — the Ubuntu system — as opposed to extra applications added by the user. These logs may contain information about authorizations, system daemons and system messages.

Authorization log

Keeps track of authorization systems, such as password prompts, the sudo command and remote logins.

Daemon Log

Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.

Debug log

Provides debugging information from the Ubuntu system and applications.

Kernel log

Logs from the Linux kernel.

System log

Contains more information about your system. If you can’t find anything in the other logs, it’s probably here.

Application logs

Some applications also create logs in /var/log . Below are some examples.

Apache logs

Location: /var/log/apache2/ (subdirectory)

Apache creates several log files in the /var/log/apache2/ subdirectory. The access.log file records all requests made to the server to access files. error.log records all errors thrown by the server.

X11 server logs

The X11 server creates a seperate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log . The next display (display 1) would log to Xorg.1.log , and so on.

Non-human-readable logs

Not all log files are designed to be read by humans. Some were made to be parsed by applications. Below are some of examples.

Login failures log

Contains info about login failures. You can view it with the faillog command.

Last logins log

Contains info about last logins. You can view it with the lastlog command.

Login records log

Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who command.

This is not an exhaustive list!
You can search the web for more locations relevant to what you’re trying to debug. There is also a longer list here.

3. Viewing logs using GNOME System Log Viewer

The GNOME System Log Viewer provides a simple GUI for viewing and monitoring log files. If you’re running Ubuntu 17.10 or above, it will be called Logs. Otherwise, it will be under the name System Log.

System Log Viewer interface

The log viewer has a simple interface. The sidebar on the left shows a list of open log files, with the contents of the currently selected file displayed on the right.

The log viewer not only displays but also monitors log files for changes. The bold text (as seen in the screenshot above) indicates new lines that have been logged after opening the file. When a log that is not currently selected is updated, it’s name in the file list will turn bold (as shown by auth.log in the screenshot above).

Clicking on the cog at the top right of the window will open a menu allowing you to change some display settings, as well as open and close log files.

There is also a magnifying glass icon to the right of the cog that allows you to search within the currently selected log file.

More information

If you wish to learn more about the GNOME System Log Viewer, you may visit the official documentation.

4. Viewing and monitoring logs from the command line

It is also important to know how to view logs in the command line. This is especially useful when you’re remotely connected to a server and don’t have a GUI.

The following commands will be useful when working with log files from the command line.

Viewing files

The most basic way to view files from the command line is using the cat command. You simply pass in the filename, and it outputs the entire contents of the file: cat file.txt .

This can be inconvenient when dealing with large files (which isn’t uncommon for logs!). We could use an editor, although that may be overkill just to view a file. This is where the less command comes in. We pass it the filename ( less file.txt ), and it will open the file in a simple interface. From here, we can use the arrow keys (or j/k if you’re familiar with Vim) to move through the file, use / to search, and press q to quit. There are a few more features, all of which are described by pressing h to open the help.

Viewing the start or end of a file

We may also want to quickly view the first or last n number of lines of a file. This is where the head and tail commands come in handy. These commands work much like cat , although you can specify how many lines from the start/end of the file you want to view. To view the first 15 lines of a file, we run head -n 15 file.txt , and to view the last 15, we run tail -n 15 file.txt . Due to the nature of log files being appended to at the bottom, the tail command will generally be more useful.

Monitoring files

To monitor a log file, you may pass the -f flag to tail . It will keep running, printing new additions to the file, until you stop it (Ctrl + C). For example: tail -f file.txt .

Searching files

One way that we looked at to search files is to open the file in less and press / . A faster way to do this is to use the grep command. We specify what we want to search for in double quotes, along with the filename, and grep will print all the lines containing that search term in the file. For example, to search for lines containing “test” in file.txt , you would run grep «test» file.txt .

If the result of a grep search is too long, you may pipe it to less , allowing you to scroll and search through it: grep «test» file.txt | less .

Editing files

The simplest way to edit files from the command line is to use nano . nano is a simple command line editor, which has all the most useful keybindings printed directly on screen. To run it, just give it a filename ( nano file.txt ). To close or save a file, press Ctrl + X. The editor will ask you if you want to save your changes. Press y for yes or n for no. If you choose yes, it will ask you for the filename to save the file as. If you are editing an existing file, the filename will already be there. Simply leave it as it is and it will save to the proper file.

5. Conclusion

Congratulations, you now have enough knowledge of log file locations, usage of the GNOME System Log Viewer and basic command line commands to properly monitor and trouble-shoot problems that arise on your system.

Further reading

• The Ubuntu Wiki has an article that goes more in-depth into Ubuntu log files.
• This DigitalOcean Community article covers viewing Systemd logs

Источник

How to View System Log Files on Ubuntu 20.04 LTS

A Linux Administrator should be able to read and understand the various types of messages generated by all Linux systems to troubleshoot an issue. These messages, named logs, are initiated by Linux and the applications running on it. Linux continuously creates, stores, and recycles these logs through various configuration files, programs, commands, and daemons. If you know how to read these files and make optimal use of the various commands we will mention in this tutorial, you can troubleshoot your issues like a pro!

It is important to note that Linux keeps its log files in the /var/log directory in text format.

Viewing System Logs on Ubuntu

To reach the core of an issue, or to see if your application or system is behaving in the desired manner, you can view the system log files either graphically or through the command line in the following ways:

• Gnome Logs utility (Graphic)
• Log File Viewer utility (Graphic)
• Linux Terminal (Command Line)

View Log Files Through Gnome Logs

‘Logs’ is the default utility that comes with the latest versions of Ubuntu e.g., Ubuntu 20.04 LTS (Focal Fossa). To access it,

Type Logs in the Ubuntu dash:

You will be able to see the Logs utility open, with the option to view logs for Applications, System, Security and Hardware.

Click on the System tab to view system logs:

Here you can view all the system logs along with the time they were generated. You can perform the following actions through this window:

• Display the contents of a log by clicking on it.
• Search for a log by clicking the search icon and then providing keywords in the search bar. The search bar also offers several filters that you can apply to exactly specify What(Select a Journal field to filter the logs according to it) and When(Select the timestamp range of the log entries to be shown) you want to see:

• You can also export logs to a file by clicking the export button located at the top right corner of the Logs window. You can then save the log file by specifying a name and location.

Through Log File Viewer

The Log File Viewer is the default utility that comes with the older versions of Ubuntu. If your edition of Ubuntu does not have this application by default, you can download and install it through Ubuntu Software.

To access the Log File Viewer:

• If you have installed this program through Ubuntu Software, you can launch it by searching for it in the Ubuntu Software as follows and then clicking the Launch button:

The Log File Viewer will appear as follows:

The left panel of the window shows several default log categories and the right panel shows a list of logs for the selected category.

Click on the Syslog tab to view system logs. You can search for a specific log by using ctrl+F control and then enter the keyword. When a new log event is generated, it is automatically added to the list of logs and you can see it in bolded form. You can also filter your logs through the Filters menu located in the top menu bar.

To view a log for a specific application, click the Open option from the File menu. The following Open Log window will open for you to choose the log from:

Click on a log file and click Open. You will now be able to see logs from the selected log file in the Log File Viewer.

View Log Files Through the Terminal

You can also view system logs through the command line, i.e., the Ubuntu Terminal.

Open the Terminal and enter the following command:

This command fetches all the messages from the kernel’s buffer. You can see the output as follows:

You will see that this is a lot of information. This information will only be useful if we apply some filters to view what we want to see.

Customizing dmesg output

This command will display only a specific number of messages per screen. You can press Enter to move to the next message or press Q to exit the command.

For example, if you want to search for all the messages containing the word core, you can use the following command:

The Terminal will now display only those messages containing the word “core” in red color.

Open a Log File with cat Command

The dmesg command opens all the logs from the /var/log directory. To open the logfile from some other location, use the following command:

This command will print logs from the syslog file to the screen. Again, you will observe that this command prints all the information and is not easy to skim through. Here again, you can use the ‘grep’ and ‘less’ filters to display the desired output as follows:

$ cat |grep Linux view system log [location]

Writing To the System Log

Sometimes we need to write custom messages to our system log during the troubleshooting process. Both the Gnome Log and the Log File Viewer programs are built to display a customized message that you can write through the Terminal.

Open the Ubuntu Terminal and type the following command:

$ logger “This is a custom message”

At the end of the above log list, you can see the custom log message displayed in the graphical log file viewer.

You can also use the logger command within a script for providing additional information. In that case, please use the following command within your script:

$ logger -t scriptname “This is a custom message”

By practicing along with this tutorial, you can learn to troubleshoot your system and application issues by accessing and understanding system logs.

Search

About This Site

Vitux.com aims to become a Linux compendium with lots of unique and up to date tutorials.

Latest Tutorials

Источник