See log file in linux

Viewing and monitoring log files

The Linux operating system, and many applications that run on it, do a lot of logging. These logs are invaluable for monitoring and troubleshooting your system.

What you’ll learn

• Viewing logs with a simple GUI tool
• Basic command-line commands for working with log files

What you’ll need

Originally authored by Ivan Fonseca.

How will you use this tutorial?

What is your current level of experience?

2. Log files locations

There are many different log files that all serve different purposes. When trying to find a log about something, you should start by identifying the most relevant file. Below is a list of common log file locations.

System logs

System logs deal with exactly that — the Ubuntu system — as opposed to extra applications added by the user. These logs may contain information about authorizations, system daemons and system messages.

Authorization log

Keeps track of authorization systems, such as password prompts, the sudo command and remote logins.

Daemon Log

Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.

Debug log

Provides debugging information from the Ubuntu system and applications.

Kernel log

Logs from the Linux kernel.

System log

Contains more information about your system. If you can’t find anything in the other logs, it’s probably here.

Application logs

Some applications also create logs in /var/log . Below are some examples.

Apache logs

Location: /var/log/apache2/ (subdirectory)

Apache creates several log files in the /var/log/apache2/ subdirectory. The access.log file records all requests made to the server to access files. error.log records all errors thrown by the server.

X11 server logs

The X11 server creates a seperate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log . The next display (display 1) would log to Xorg.1.log , and so on.

Non-human-readable logs

Not all log files are designed to be read by humans. Some were made to be parsed by applications. Below are some of examples.

Login failures log

Contains info about login failures. You can view it with the faillog command.

Last logins log

Contains info about last logins. You can view it with the lastlog command.

Login records log

Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who command.

This is not an exhaustive list!
You can search the web for more locations relevant to what you’re trying to debug. There is also a longer list here.

3. Viewing logs using GNOME System Log Viewer

The GNOME System Log Viewer provides a simple GUI for viewing and monitoring log files. If you’re running Ubuntu 17.10 or above, it will be called Logs. Otherwise, it will be under the name System Log.

System Log Viewer interface

The log viewer has a simple interface. The sidebar on the left shows a list of open log files, with the contents of the currently selected file displayed on the right.

The log viewer not only displays but also monitors log files for changes. The bold text (as seen in the screenshot above) indicates new lines that have been logged after opening the file. When a log that is not currently selected is updated, it’s name in the file list will turn bold (as shown by auth.log in the screenshot above).

Clicking on the cog at the top right of the window will open a menu allowing you to change some display settings, as well as open and close log files.

There is also a magnifying glass icon to the right of the cog that allows you to search within the currently selected log file.

More information

If you wish to learn more about the GNOME System Log Viewer, you may visit the official documentation.

4. Viewing and monitoring logs from the command line

It is also important to know how to view logs in the command line. This is especially useful when you’re remotely connected to a server and don’t have a GUI.

The following commands will be useful when working with log files from the command line.

Viewing files

The most basic way to view files from the command line is using the cat command. You simply pass in the filename, and it outputs the entire contents of the file: cat file.txt .

This can be inconvenient when dealing with large files (which isn’t uncommon for logs!). We could use an editor, although that may be overkill just to view a file. This is where the less command comes in. We pass it the filename ( less file.txt ), and it will open the file in a simple interface. From here, we can use the arrow keys (or j/k if you’re familiar with Vim) to move through the file, use / to search, and press q to quit. There are a few more features, all of which are described by pressing h to open the help.

Viewing the start or end of a file

We may also want to quickly view the first or last n number of lines of a file. This is where the head and tail commands come in handy. These commands work much like cat , although you can specify how many lines from the start/end of the file you want to view. To view the first 15 lines of a file, we run head -n 15 file.txt , and to view the last 15, we run tail -n 15 file.txt . Due to the nature of log files being appended to at the bottom, the tail command will generally be more useful.

Monitoring files

To monitor a log file, you may pass the -f flag to tail . It will keep running, printing new additions to the file, until you stop it (Ctrl + C). For example: tail -f file.txt .

Searching files

One way that we looked at to search files is to open the file in less and press / . A faster way to do this is to use the grep command. We specify what we want to search for in double quotes, along with the filename, and grep will print all the lines containing that search term in the file. For example, to search for lines containing “test” in file.txt , you would run grep «test» file.txt .

If the result of a grep search is too long, you may pipe it to less , allowing you to scroll and search through it: grep «test» file.txt | less .

Editing files

The simplest way to edit files from the command line is to use nano . nano is a simple command line editor, which has all the most useful keybindings printed directly on screen. To run it, just give it a filename ( nano file.txt ). To close or save a file, press Ctrl + X. The editor will ask you if you want to save your changes. Press y for yes or n for no. If you choose yes, it will ask you for the filename to save the file as. If you are editing an existing file, the filename will already be there. Simply leave it as it is and it will save to the proper file.

5. Conclusion

Congratulations, you now have enough knowledge of log file locations, usage of the GNOME System Log Viewer and basic command line commands to properly monitor and trouble-shoot problems that arise on your system.

Further reading

• The Ubuntu Wiki has an article that goes more in-depth into Ubuntu log files.
• This DigitalOcean Community article covers viewing Systemd logs

Источник

How to View System Log Files in Linux

This article will explain how to view various log files scattered throughout the Linux file system. Log files are useful for finding out system anomalies and can help in developing fixes for them. All the commands listed below are tested in Ubuntu 20.04 LTS version, but they should work in other Linux distributions as well. In case you are not able to find certain log files, you can use the “Locate” command, which can be installed in your system through the package manager.

GNOME Logs

GNOME Logs is a graphical log viewer shipped by default in most GNOME Shell based Linux distributions. It shows all logs generated for systemd journals. Systemd manages all services running on your system and it is responsible for starting, stopping and monitoring various services that are launched at boot. GNOME Logs neatly categorises logs in various headings and you can export these logs to text files. It also allows you to search and refine log messages using various filters.

To install GNOME Logs in Ubuntu, run the command below:

You can install GNOME Logs in other Linux distributions by searching for it in the package manager shipped with your distribution. Alternatively, you can compile it from source code.

Linux Kernel Logs

To view kernel logs in terminal, run the command below:

You can also open the log file in any text editor of your choice. The screenshot above shows the usage of “tail” command after the pipe symbol. It ensures that only the last few lines are shown as the output (two lines in this case).

To view kernel logs for previous boot, run the command below:

X11 Logs

Logs for X11 Xorg display server can be found at two locations depending on your Linux distribution. The logs can be located at either “/var/log/” or “$HOME/.local/share/xorg/” directories. You can find correct location of Xorg log files by running the command below:

The “0” part in the file name denotes identification number for the connected monitor. If you have only one display connected to your system, the file name should be “Xorg.0.log”. In case of multi-monitor setups, multiple log files will be recorded, one for each monitor. For instance, in multi-monitor setups, file names could be “Xorg.0.log”, “Xorg.1.log” and so on.

To view these logs using “less” command, use the following command:

“Less” command shortens terminal output and allows you to interactively navigate to the next line of the terminal output using key.

Dmesg

Dmesg prints kernel log messages or “ring buffer” of the Linux kernel. It is used to examine and debug all the output generated by the kernel, especially messages related to connected hardware and their drivers.

Run the following commands to view dmesg log:

You can check all command line arguments for dmesg by running the following command in a terminal:

Boot Messages

To view boot messages log, run the command below:

To view logs for previous boot, run the command below:

System Logs

System log files record a variety of messages useful for debugging. If you cannot find certain log messages in other files, chances are that they could be in syslog files.

To view current and previous syslog files respectively, run the following commands:

Authorization Logs

Authorization Logs or simply “Auth” logs record remote login attempts and password prompts requested by sudo command. To view these logs, use the following commands:

Login Logs

“Faillog” records failed login attempts while “Lastlog” shows information about last login. Run the following commands to see login records:

Third Party Application Logs

User installed third party applications do not have root access. In case they are recording any logs, they should be in the directory of the executable file or at the following locations:

Conclusion

Examining various log files can help in debugging system freeze and crash issues, especially when new and unsupported hardware is present in the PC. These log files are also useful for finding out security breaches or security loopholes if there are any. If you are getting unexpected behavior from software installed on your system or frequent reboots and crashes, the first thing you should do is to examine various system log files.

About the author

Nitesh Kumar

I am a freelancer software developer and content writer who loves Linux, open source software and the free software community.

Источник