Linux Logs

๐Ÿ“ Log Storage Location

  • Directory: Logs in Linux are stored in the /var/log directory. The /var directory stands for "variable," indicating it contains files that frequently change. Since logs are continuously updated, they are kept here. ๐Ÿ“‚

๐Ÿ” Common Log Files

  • /var/log/auth.log: Logs authorization and security-related events. ๐Ÿ”’

  • /var/log/kern.log: Contains kernel messages. ๐Ÿ› ๏ธ

  • /var/log/dmesg: Stores system startup messages. Useful for troubleshooting boot-up issues. ๐Ÿš€

  • /var/log/syslog: A comprehensive log file that captures almost all system events except some off events. This file is typically the first place to check for detailed system information. ๐Ÿ“œ

๐Ÿ—‚๏ธ Log Management

  • Log Rotation: To manage disk space, Linux uses a process called log rotation, handled by the logrotate utility. This process ensures older log files are archived or deleted to make room for new logs. ๐Ÿ”„

  • Customizing Log Rotation: You can adjust settings to keep logs for a longer period if needed for troubleshooting. ๐Ÿ—“๏ธ

๐ŸŒ Centralized Logging

  • Purpose: For managing multiple systems, centralized logging allows you to aggregate logs from various machines into a single location for easier analysis. ๐ŸŒ

๐Ÿ“Š Understanding Log Entries

  • Timestamps: Logs often use Unix or epoch time, representing the number of seconds since midnight on January 1, 1970. This format might look like a long string of numbers, but it is standard for Unix-based systems. ๐Ÿ•ฐ๏ธ

๐Ÿ” Reading Logs

  • Example: When examining logs, you might encounter a complex format. The next lesson will cover troubleshooting using logs, including parsing and interpreting log entries. ๐Ÿ“š

Last updated

Was this helpful?