Linux Logs
๐ Log Storage Location
Directory: Logs in Linux are stored in the
/var/logdirectory. The/vardirectory stands for "variable," indicating it contains files that frequently change. Since logs are continuously updated, they are kept here. ๐
๐ Common Log Files
/var/log/auth.log: Logs authorization and security-related events. ๐/var/log/kern.log: Contains kernel messages. ๐ ๏ธ/var/log/dmesg: Stores system startup messages. Useful for troubleshooting boot-up issues. ๐/var/log/syslog: A comprehensive log file that captures almost all system events except some off events. This file is typically the first place to check for detailed system information. ๐
๐๏ธ Log Management
Log Rotation: To manage disk space, Linux uses a process called log rotation, handled by the
logrotateutility. This process ensures older log files are archived or deleted to make room for new logs. ๐Customizing Log Rotation: You can adjust settings to keep logs for a longer period if needed for troubleshooting. ๐๏ธ
๐ Centralized Logging
Purpose: For managing multiple systems, centralized logging allows you to aggregate logs from various machines into a single location for easier analysis. ๐
๐ Understanding Log Entries
Timestamps: Logs often use Unix or epoch time, representing the number of seconds since midnight on January 1, 1970. This format might look like a long string of numbers, but it is standard for Unix-based systems. ๐ฐ๏ธ
๐ Reading Logs
Example: When examining logs, you might encounter a complex format. The next lesson will cover troubleshooting using logs, including parsing and interpreting log entries. ๐
Last updated
Was this helpful?