≡ Menu

Linux Log Files Location And How Do I View Logs Files on Linux?

I am a new Linux user. I would like to know where are the log files located under Debian/Ubuntu or CentOS/RHEL/Fedora Linux server? How do I open or view log files on Linux operating systems?

Almost all logfiles are located under /var/log directory and its sub-directories on Linux. You can change to this directory using the cd command. You need be the root user to view or access log files on Linux or Unix like operating systems. You can use the following commands to see the log files:
Tutorial details
DifficultyEasy (rss)
Root privilegesYes
RequirementsNone
Estimated completion time5m
  1. less command
  2. more command
  3. cat command
  4. grep command
  5. tail command
  6. zcat command
  7. zgrep command
  8. zmore command

How do I view log files on Linux?

Open the Terminal or login as root user using ssh command. Go to /var/log directory using the following cd command:
# cd /var/log

To list files use the following ls command:
# ls
Sample outputs from RHEL 6.x server:

anaconda.ifcfg.log    boot.log-20111225  cron-20131110.gz        maillog-20111218      messages-20131103.gz  secure-20131027.gz   spooler-20131117.gz  up2date-20131117.gz
anaconda.log          btmp               cron-20131117.gz        maillog-20111225      messages-20131110.gz  secure-20131103.gz   squid                uptrack.log
anaconda.program.log  btmp-20120101      cups                    maillog-20120101      messages-20131117.gz  secure-20131110.gz   swinstall.d          uptrack.log.1
anaconda.storage.log  btmp-20131101.gz   dkms_autoinstaller      maillog-20131027.gz   mysqld.log            secure-20131117.gz   tallylog             uptrack.log.2
anaconda.syslog       collectl           dmesg                   maillog-20131103.gz   ntpstats              setroubleshoot       UcliEvt.log          varnish
anaconda.yum.log      ConsoleKit         dmesg.old               maillog-20131110.gz   prelink               spooler              up2date              wtmp
arcconfig.xml         cron               dracut.log              maillog-20131117.gz   rhsm                  spooler-20111211     up2date-20111211     yum.log
atop                  cron-20111211      dracut.log-20120101     messages              sa                    spooler-20111218     up2date-20111218     yum.log-20120101
audit                 cron-20111218      dracut.log-20130101.gz  messages-20111211     secure                spooler-20111225     up2date-20111225     yum.log-20130101.gz
boot.log              cron-20111225      httpd                   messages-20111218     secure-20111211       spooler-20120101     up2date-20120101
boot.log-20111204     cron-20120101      lastlog                 messages-20111225     secure-20111218       spooler-20131027.gz  up2date-20131027.gz
boot.log-20111211     cron-20131027.gz   maillog                 messages-20120101     secure-20111225       spooler-20131103.gz  up2date-20131103.gz
boot.log-20111218     cron-20131103.gz   maillog-20111211        messages-20131027.gz  secure-20120101       spooler-20131110.gz  up2date-20131110.gz

To view a common log file called /var/log/messages use any one of the following command:
# less /var/log/messages
# more -f /var/log/messages
# cat /var/log/messages
# tail -f /var/log/messages
# grep -i error /var/log/messages

Sample outputs:

Jul 17 22:04:25 router  dnsprobe[276]: dns query failed
Jul 17 22:04:29 router last message repeated 2 times
Jul 17 22:04:29 router  dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server
Jul 17 22:05:08 router  dnsprobe[276]: Switching Back To Primary DNS server
Jul 17 22:26:11 debian -- MARK --
Jul 17 22:46:11 debian -- MARK --
Jul 17 22:47:36 router  -- MARK --
Jul 17 22:47:36 router  dnsprobe[276]: dns query failed
Jul 17 22:47:38  debian kernel: rtc: lost some interrupts at 1024Hz.
Jun 17 22:47:39  debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC=61.4.218.24 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Common Linux log files names and usage

  • /var/log/messages : General message and system related stuff
  • /var/log/auth.log : Authenication logs
  • /var/log/kern.log : Kernel logs
  • /var/log/cron.log : Crond logs (cron job)
  • /var/log/maillog : Mail server logs
  • /var/log/qmail/ : Qmail log directory (more files inside this directory)
  • /var/log/httpd/ : Apache access and error logs directory
  • /var/log/lighttpd/ : Lighttpd access and error logs directory
  • /var/log/boot.log : System boot log
  • /var/log/mysqld.log : MySQL database server log file
  • /var/log/secure or /var/log/auth.log : Authentication log
  • /var/log/utmp or /var/log/wtmp : Login records file
  • /var/log/yum.log : Yum command log file.

GUI tool to view log files on Linux

System Log Viewer is a graphical, menu-driven viewer that you can use to view and monitor your system logs. This tool is only useful on your Linux powered laptop or desktop system. Most server do not have X Window system installed. You can start System Log Viewer in the following ways:

Click on System menu > Choose Administration > System Log:
Sample outputs:

Fig.01 Gnome log file viewer

Fig.01 Gnome log file viewer

A note about rsyslogd

All of the above logs are generated using rsyslogd service. It is a system utility providing support for message logging. Support of both internet and unix domain sockets enables this utility to support both local and remote logging. You can view its config file by tying the following command:
# vi /etc/rsyslog.conf
# ls /etc/rsyslog.d/

In short /var/log is the location where you should find all Linux logs file. However, some applications such as httpd have a directory within /var/log/ for their own log files. You can rotate log file using logrotate software and monitor logs files using logwatch software.

Tweet itFacebook itGoogle+ itPDF itFound an error/typo on this page?

{ 77 comments… add one }

  • Johan May 28, 2007, 1:18 pm

    Very informative. Helped me :) thumbs up

    • Wyatt Earp January 2, 2012, 9:04 am

      Very nice, thanks a lot

  • chandra July 11, 2007, 6:19 am

    dear talent,

    Can u help me how to redirect the /var/log/messages to email.
    DNS server if any clients query log will stores /var/log/messages files i need to send those lof files in ip wise daily or weekly.
    how shell i do it.

    • santhosh August 28, 2014, 6:57 am

      chandra

      it is possible using mutt coomand and mail -s command just write a script and put in crontab it is working

  • Gonzalo R. October 29, 2007, 9:28 pm

    Dear Vivek,

    I had an automatic reboot system in my server linux and I don´t find any evidence about the cause that could produce that.

    Can you explain me where I have to looking for logs of error that guide me to find automatic reboot cause?.

    Regards,
    Gonzalo R.

    • D0rk June 9, 2011, 8:52 pm

      your permissions. you can set it so a remote user can shut down the server. change permissions on shutdown or search your distributions forum and post if you do not find an answer in there or in google.

      • D0rk June 9, 2011, 8:53 pm

        some distributions are setup that way by default, which is kind of annoying. Means if anyone logs in remotely in any way, they can turn you off or reboot you. NOT FUNNY. I hope you have a firewall and have it enabled.

  • kumud January 31, 2008, 4:25 am

    where can i find the AT command logs. how to find out when the last time AT command run.

  • vinod October 3, 2008, 7:00 am

    Thank you very much.

  • Drew Schlosser February 20, 2009, 12:42 pm

    Chandra You can do this by opening a terminal and typing #cd /var/log/ and may view the files in the directory by typing #ls . You may view the log by typing #vi /var/log/messages .

  • caman February 23, 2009, 11:47 pm

    I can see a lot of the following error in my system and I cannot understand what it means, can yu shed somelight on it

    Feb 22 04:40:00 msuic3 msu6_6: ciMonitor 3 of 131 registered tasks Failed!

  • Madhana March 30, 2009, 12:29 pm

    It’s a fruitful information…

    Thanks a lot vivek

  • Sparrow August 22, 2009, 3:50 am

    Hi,

    I want classify logs and store it in a database. Into what categories can/should I classify them.
    Thank you,
    Sparrow

  • Alan Hutchinson September 26, 2009, 6:54 pm

    Hi there Linux users, I have bean trying to in stall Debian Lenny beta 2-i386 in a raid 0 con fig, on my p/c
    the hard ware is all set up for raid 0, I am having difficulty with the configuration of the partitons, boot sector, file type, the “type of file allocation table” to install. I have bean trying to track down the
    var/log, but I cant find that, the location was “http://192.2.2/var/log/partman_choose_partitiion_o.png
    I have bean using pure dyne live CD to help me ,but I still was not able to look at the “/var/logs,
    invariable I think I need expert help. thank you in advance

    • ALan Hutchinson June 10, 2011, 5:55 am

      this is a reply to my last message , I have given up on trying to install Linux on a virtual raid 0 system, so I ended up installing win 98 se with a new web browser OPERA and it runs like a hot dam, by far this is my most complex P/C to date, in one respect by the things it can do, the open source community has truly bean a liberator for me , not to mention Debian lenny -57-i386 1.iso I know this is old hat by computer standards , I was having problems trying to install NDISWRAPPER on an i386 architecture , and it did not help when my PC was hacked and I was effectively locked out of my p/c, no thanks to VLUG in Victoria but thats a “Hole” different story, I ended up installing ndiswrapper with a new O/S on a network complete with a bunch of other computers , I am currently working on a new black project , but that is top secret .

  • Pallav November 10, 2009, 7:02 am

    I have a basic account in linux of my intitue. How can i know all the login sessions done in my account ,their timing etc… an i also know any ftp or ssh done in my account?????

  • Usama Hassanin January 22, 2010, 3:51 pm

    Just type

    last

    it will tell you when, what ip address, time in and out , and for how long

  • lijun February 17, 2010, 5:15 am

    Thanks. I have a question: does Linux record the software installation process? For example I use apt to install some software in Debian but I would like to know where it puts the files. Can it be found in log file?

  • sachin February 21, 2010, 12:59 pm

    hi friends,

    i have smb server and i want to know the logs of each and every folder those who access please help its very urgent…..

    • Suresh Nayak January 12, 2012, 12:22 pm

      pls go to /var/log/messages file there you will find your all logs of smb server

  • Prasanna March 18, 2010, 7:24 am

    thanks, it helped me

  • nitin August 11, 2010, 4:29 pm

    how can we check online redo log file is full or empty?

  • Surjeet Singh Rajput August 16, 2010, 8:24 am

    Which command use to routed logs in linux

  • Sunil Garje August 25, 2010, 9:13 am

    thanks, it helped me a lot. To know about log files this is very helpful…

  • quan vu August 26, 2010, 7:19 pm

    Someone desintalled an application on my Linux server ( Control_M) – What log file should I search for that – and find out who is doing it?

  • Naresh September 10, 2010, 7:00 am

    Hi,
    I am new to Linux, Can u pls any one of u tell me how to copy files using “rcp” from the remote location and what r da min requirements to my system.

  • Devarishi September 21, 2010, 3:04 am

    Hi,

    [1] What log files in /var/logs can we safely delete to free up hard-disk space?

    [2] System reports “Disk-Controller Failure” then which log files in /var/logs should we check?

    /var/log/kern.log

    /var/log/boot.log

    or some other log files?

  • Arun October 27, 2010, 4:09 am

    hi, i am having webserver in linux and mail server in windows.

    in our websites we have contuct us page from that we are not able to get any email.
    Can anyone help me in this reg

    • Linux Expert December 8, 2010, 8:26 am

      Let me know which linux distribution is used , and the web server having public domain ?

  • amit sharma January 25, 2011, 8:52 am

    Dear naresh,
    there is coomand –

    #rsync -r Ipaddress :location of data

    example :
    #rsync -r192.168.0.18 :/root/slides

    rgds
    amit

  • Bodo February 11, 2011, 6:54 am

    cite:
    # cd /var/logs
    # tail -f /var/log/messages

    logs/log? Looks like a typo.

  • Ankit Sharma March 28, 2011, 5:05 am

    Trace of runtime activities in UNIX

    I’ve taken a project to work upon tracing of runtime activities on unix system
    into a log file. Like, to implement a program which will show the log of everything
    happened in past, including many requirements, like applications i used (with the time of access),
    kind of files/directories i opened, closed, created, deleted(with the time), etc.

    Please suggest me something to do it in a better way.

  • Rajendran April 2, 2011, 10:52 am

    How can i archive all the log files in redhat enterprise linux5?
    Your help would be really appreciated.
    Thanks

  • koda April 6, 2011, 7:15 am

    I’m confused what does the following command do :
    sudo cat /var/log/messages | grep err | -d” -f5

    • Bob July 28, 2011, 8:59 am

      It re-routes the encryption code

  • anuj Pal September 7, 2011, 8:06 am

    Thanx man ..!!!
    :-)

  • Ed October 10, 2011, 9:14 pm

    Is anyone able to tell me why I can no longer get Outlook to recognize email address spammaster@domain.com after deleting maillog files to make more room on our email server. This was set up as a forward of all spam so it could be reviewed.

    We are running spammaster with sendmail on a FreeBSD server.

  • Helen Neely February 12, 2012, 3:29 pm

    Thanks for this command, I was able to view my server log when the server stopped responding to requests.

    Nice work :)

  • Ameya February 29, 2012, 9:22 am

    Iam using Linux operating System’s Mint flavour on a Virtual Machine…can anyone tell me the exact process of scheduling linux jobs using the at command….and a question:There is a scenario where in i have given all kinds of permissions to a file and it’s directory using the command(read,write & execute) and i want to assign this file’s ownership to a “other” user…so how would i do that…Help me out Guyzz.

  • Ameya February 29, 2012, 9:51 am

    The command which i forgot to mention in my previous post was chmod 777 and file ownership change command is chown newowner filename

  • Yousuf Khan May 4, 2012, 5:05 am

    my linux server was turned off due to some power outages, kindly tell me which logs to access and how, so I can find out the duration and the time of the outages, I am a lower than a novice on linux

  • usama May 4, 2012, 2:00 pm

    check
    /var/log/messages log file

  • Sunil August 27, 2012, 4:08 am

    refer /var/log/messages

  • kashyap August 27, 2012, 7:17 am

    If i try check the status of service , does linux log it to any file or is there any optioin to allow logging such.
    eg: service smbd status
    If I execute it shows the status of the samba. would like to know that such query is logged or not or is there any possible to enable and log it.

    Thanks in advance.

  • Mak September 21, 2012, 11:09 am

    THANKS, Really Helpfull Command…

  • nida September 25, 2012, 5:58 am

    I am a fresh graduate engineer working in a networking company. i am on a study project on servers and a total fresher to linux. i just went for a 4days training on the basics. i have been asked to learn how to generate a cronjob to delete logs older than 24hours. after googling i tried with deleting the contents in /var/log/messages that are older than a day using the command find /var/log/messages -mtime +1 -exec rm {} \;
    when i did this nothing happened. i tried the same with -1 to try deleteing present day’s logs. the whole file messages got deleted. please help me.

    • charles November 6, 2012, 11:10 pm

      Hello Nida,

      mtime -1 means modification time less than 1 day and -mtime +1 means modification time greater than 1 day.

      Therefore mtime -1 will delete all your files. It worked as designed.
      Best Regards
      Charles

      • syam April 30, 2015, 6:15 am

        Hello Nida

        Do same thing wat charles said and +1 means not modified on one day , -exec argument represents which file you found to apply the another command.

        exe; find / -mtime +1 var/log/* -type f -exec rm {}\;

  • hesamadmin October 4, 2012, 5:27 am

    Hi, I have an important enquiry, In the centos server that i administer , there are var/log/secure var/log/secure.1 and so on, but there are empty, other log files like messages audit and … are not empty, they show plenty of useful info, Yesterday I discovered a bruteforce attack on my server by checking messages LOG, but when i checked secure log it was EMPTY , so my question is HOW CAN I configure my centos to store secure log as well ??? !!!

  • charles November 6, 2012, 10:55 pm

    Can someone kindly assist me with scp or ftp or anything applicable between my laptop running win7 and my server running fedora-16. I can send email. i can telnet to my server but i have been unable to ftp to or from the server. Please help me.
    Thx

  • Phron January 5, 2013, 12:51 am

    I’m definitely becoming your biggest fun! ;)))
    Awesome information!!!Helped me a lot!!!

    Greatest 2013 to you all!!

    • Phron January 5, 2013, 12:53 am

      That was supposed to be Fan.. Sorry.

      • masum November 26, 2014, 5:23 am

        I want to know how to get May 2013 logs from general messages ?

  • Sof Digital January 7, 2013, 1:36 am

    thanks. i forgot the prefixes in the terminal. mostly i just use win scp to check the logs through an explorer… nice post! :)

  • Anupama January 18, 2013, 1:33 am

    HI

    I want to know how to get May 2012 logs from general messages and secure messages?
    system aromatically archive old logs?

  • mahi January 22, 2013, 11:32 am

    Linux Expert
    plz. Let me know how to check running logs.
    thanks
    mahi

    • Srinath December 1, 2014, 8:27 pm

      tail -f access.log

      • Srinath December 1, 2014, 8:29 pm

        cd /var/logs

        #ls

        # tail -f access.log

  • Raghu February 19, 2013, 5:01 am

    Dear Experts,

    Can any one tel me how to configure Ram utilization in nagios for AIX SERVERS

    Pls help me on high pirotiy.

    Cherrs
    Raghu S

  • virendra March 18, 2013, 11:03 am

    I would like to know we had mail server (linux-redhat) and proxy server with same ip,
    our mailserver is working but our proxy server it is pinging but we dont get internet connection.
    this happened twice, one our engineer came he saw service status squid,
    then he deleted some file temp or log file i didnt saw properly,
    and he reboot the linux system it started again both everything was working properly.
    Again after some day same problem occur, no one is there to help to resolve the problem ???? is anyone can help me asap

  • Krishan May 6, 2013, 6:33 am

    how to enable following logs in a Redhat/Centos

    /etc/security/audit_class
    /etc/security/audit_user
    /etc/security/audit_control
    /etc/security/audit_event

  • raystrach May 7, 2013, 3:38 am

    hi thanks for the tips.

    i have used your site for heaps of references over the past 12 months or so and am always appreciative of you sharing your knowedge.

    your tips are always relevant, accurate and useful

    cheers

    rs

  • Mahi May 27, 2013, 6:16 pm

    hi

    Please some1 help to know that Linux RHEL 6 workstation can store the logs of usage of cd rom? Is it possible to that linux save cdrom usage logs..??

    Kindly help,,

  • Srinivas Kumar May 31, 2013, 5:19 am

    Hi,

    I need to find the history of particular id in aix server someone pls help me in this….

  • Arin E. July 21, 2013, 9:07 am

    Very useful info. Thanks for sharing!

  • Magesh M July 26, 2013, 12:07 pm

    Hi,

    Mysql log is located two different path location and which one is correct location.

    /var/log/mysqld.log
    /var/lib/mysql/hostname.err

  • Dan Moran July 30, 2013, 1:57 pm

    A minor typo: it’s not

    /var/logs

    it’s /var/log

  • suhasini October 24, 2013, 7:49 am

    hi…. i installed mysql by
    “yum install mysql mysql-server” over
    then i want start mysql-server but getting
    “[root@localhost ~]# service mysqld start
    Redirecting to /bin/systemctl start mysqld.service
    Job failed. See system journal and ‘systemctl status’ for details.”
    then i checked this one
    [root@localhost ~]# cat /var/log/messages|mysqld.log
    bash: mysqld.log: command not found.
    i got this error….. plz tell the solution …. (urgent)

  • Kiran November 7, 2013, 5:54 am

    Hello,

    I am not able to locate the SMTP files in my server can any one help me out?

    Thanks

  • Anupam Gupta March 12, 2014, 8:45 am

    Hi,

    When i’m using these (/var/log/messages) commands getting permission denied error. How to overcome this?

    Thanks

  • Abraham April 25, 2014, 3:59 pm

    Does anyone knows why my rsyslog.conf has a line like this:

    mail.* -/var/log/maillog

    To be exact, what means the hyphen “-” before the path “/var/log/maillog”

    Thanks!

  • niquie June 19, 2014, 11:23 am

    impressive!!!

  • Kh Sharif November 14, 2014, 5:28 am

    Very usefull aricles

    Thanks a lot.

    Sharif

  • dj December 11, 2014, 10:02 am

    Needs an update for systemd :-(

  • Alperian January 6, 2015, 8:03 pm

    I am stuck. I have the following response from my server:

    Running in FIPS 140-2 Mode
    Validating FIPS certified DLL…Passed

    Connecting to 79.77.3.238:22
    attempting 79.77.3.238:22… Success!
    Username: neilsftp
    Password:
    Authentication SUCCESS
    Remote Server Disconnected Unexpectedly

    No matter how I try to get in it authorizes me and dumps me.

  • Tausif Ahamd January 17, 2015, 11:07 am

    Really it helpful thanks a lot :)

Leave a Comment