12 Critical Linux Log Files You Must be Monitoring
The log files generated in a Linux environment can typically be classified into four different categories:
- Application Logs
- Event Logs
- Service Logs
- System Logs
/var/log/messages
This log file contains generic system activity logs.
It is mainly used to store informational and non-critical system messages.
In Debian-based systems, /var/log/syslog directory serves the same purpose.
/var/log/auth.log
All authentication-related events in Debian and Ubuntu server are logged here.
If you’re looking for anything involving the user authorization mechanism, you can find it in this log file.
/var/log/secure
RedHat and CentOS based systems use this log file instead of /var/log/auth.log.
It is mainly used to track the usage of authorization systems.
It stores all security-related messages including authentication failures.
It also tracks sudo logins, SSH logins and other errors logged by system security services daemon.
/var/log/boot.log
The system initialization script, /etc/init.d/bootmisc.sh, sends all bootup messages to this log file
This is the repository of booting-related information and messages logged during system startup process.
/var/log/dmesg
This log file contains Kernel ring buffer messages.
Information related to hardware devices and their drivers are logged here.
As the kernel detects physical hardware devices associated with the server during the booting process, it captures the device status, hardware errors and other generic messages.
/var/log/kern.log
This is a very important log file as it contains information logged by the kernel.
/var/log/faillog
This file contains information on failed login attempts.
/var/log/cron
Whenever a cron job runs, this log file records all relevant information including successful execution and error messages in case of failures.
If you’re having problems with your scheduled cron, you need to check out this log file.
/var/log/yum.log
It contains the information that is logged when a new package is installed using the yum command.
/var/log/mail.log
All mail server related logs are stored here.
var/log/httpd/
This directory contains the logs recorded by the Apache server.
Apache server logging information are stored in two different log files – error_log and access_log.
/var/log/mysqld.log or /var/log/mysql.log
All debug, failure and success messages related to the [mysqld] and [mysqld_safe] daemon are logged to this file.
RedHat, CentOS and Fedora stores MySQL logs under /var/log/mysqld.log, while Debian and Ubuntu maintains the log in /var/log/mysql.log directory.
Leave a Comment