An
important part of System Administration is make sure that all the
infrastructure is always up & working fine and if problems do arise on the
servers, then to resolve those problems. We use various logs generated on our
systems to identify the problems occurred & then resolve the issues based
on the findings from the logs.
In this
tutorial, we are going to learn some of the logs that are created on the Linux
machines & what they are used for.
/var/log/boot.log
It stores
all the boot related messages & is helpful in identifying issues related to
booting of the system. So all the issues related to boot failures, unexpected
or unplanned shutdown or unplanned reboot of the system can diagnosed using the
boot.log.
/var/log/secure (RHEL/CentOS)
& /var/log/auth.log (Debian/ubuntu)
Both files
i.e. secure for RHEL & auth.log for Debian, serves same purpose. They are
used to store all the events related to authentication. So if you are trying to
locate an issue that’s related to authorization of the users, these are log
files to look out for. Both these files can be used to investigate failed login
attempts either directly to server or via ssh, also can be used for checking
brute-force attempts & can these files also logs all the successful login
attempts.
/var/log/faillog
Logs all
the failed attempts for login to the system. This is another important file
that can help us track security breaches or brute force attacks.
/var/log /dmesg
If you
suspect any issues created by hardware, then this should be the first file that
you look for. This log file is useful to diagnose any issue created by a
hardware part or a driver for the hardware.
/var/log/messages
(RHRL/CentOS) & /var/log/syslog (Ubuntu/Debian)
Both these
files for their respective operating systems, contain all the non-critical
& informational messages. These files can be used to track non-kernel boot
errors or application related issues. This should be the first file to check,
in case you are facing any of the above mentioned errors.
/var/log/daemon.log
Contains
information related to various background daemons that runs in the background
of our system. Though required very less but can help in diagnosing issues
created by daemons.
/var/log/kern.log
Kern.log
logs all the kernel related messages & contains all the information related
to kernel. Helps us troubleshoot the warnings or errors generated by kernel,
can also be used to diagnose connectivity & hardware issues.
/var/log/setroubleshoot
If you
have SElinux enabled (we should keep it enabled), than this log file helps us
track all the issues related to security context of the files.
/var/log/yum.log
Yum.log
has all the information related to software installations on your server. You
can check it to make sure that the packages are properly installed or not, or
if a installed package is behaving in unusual manner then use yum.log to
diagnose the issue.
/var/log/mail.log /var/log/maillog
All the
messages related to mail are stored in these files. It contains all the
information for mails sent or received, failed & successful delivery
reports, spamming attempt etc. So any issue arising out of sending or receiving
of mails can be diagnosed with these files.
/var/log/cron.log
This log
files lists all the messages created upon execution of scheduled cron job,
whether they are successful messages or the error for the cron job.
These were some of the important log
files that you must be monitoring to make sure that system is working properly.
These are only some of the many log files, there are also individual files
related to services like httpd.log or mysqld.log, that are used to diagnose problems
related to those services.