Linux log files location and how do I view logs files?

by nixCraft on July 17, 2006 · 52 comments· last updated at May 26, 2008

Q. I am new to Linux and I would like to know where are the log files located under Debian or Cento OS Linux server? How do I open or view log files?

A. Almost all logfiles are located under /var/log directory (and subdirectory). You can change to this directory using cd command but you need to be the root user. You can use less, more, cat or tail command to see the logs.

Go to /var/logs directory:# cd /var/logsView common log file /var/log/messages using any one of the following command:# tail -f /var/log/messages # less /var/log/messages # more -f /var/log/messages # vi /var/log/messagesOutput:

Jul 17 22:04:25 router  dnsprobe[276]: dns query failed
Jul 17 22:04:29 router last message repeated 2 times
Jul 17 22:04:29 router  dnsprobe[276]: Primary DNS server Is Down... Switching To Secondary DNS server
Jul 17 22:05:08 router  dnsprobe[276]: Switching Back To Primary DNS server
Jul 17 22:26:11 debian -- MARK --
Jul 17 22:46:11 debian -- MARK --
Jul 17 22:47:36 router  -- MARK --
Jul 17 22:47:36 router  dnsprobe[276]: dns query failed
Jul 17 22:47:38  debian kernel: rtc: lost some interrupts at 1024Hz.
Jun 17 22:47:39  debian kernel: IN=eth0 OUT= MAC=00:0f:ea:91:04:07:00:08:5c:00:00:01:08:00 SRC=61.4.218.24 DST=192.168.1.100 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21599 DF PROTO=TCP SPT=59297 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0

Common Linux log files name and usage

/var/log/message: General message and system related stuff
/var/log/auth.log: Authenication logs
/var/log/kern.log: Kernel logs
/var/log/cron.log: Crond logs (cron job)
/var/log/maillog: Mail server logs
/var/log/qmail/ : Qmail log directory (more files inside this directory)
/var/log/httpd/: Apache access and error logs directory
/var/log/lighttpd: Lighttpd access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log: MySQL database server log file
/var/log/secure: Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log: Yum log files

In short /var/log is the location where you should find all Linux logs file. However some applications such as httpd have a directory within /var/log/ for their own log files. You can rotate log file using logrotate software and monitor logs files using logwatch software.

You should follow me on twitter here or grab rss feed to keep track of new changes.

Featured Articles:

{ 52 comments… read them below or add one }

1 Johan May 28, 2007 at 1:18 pm

Very informative. Helped me :) thumbs up

2 Wyatt Earp January 2, 2012 at 9:04 am: Very nice, thanks a lot
Reply

3 chandra July 11, 2007 at 6:19 am

dear talent,

Can u help me how to redirect the /var/log/messages to email.
DNS server if any clients query log will stores /var/log/messages files i need to send those lof files in ip wise daily or weekly.
how shell i do it.

4 Gonzalo R. October 29, 2007 at 9:28 pm

Dear Vivek,

I had an automatic reboot system in my server linux and I don´t find any evidence about the cause that could produce that.

Can you explain me where I have to looking for logs of error that guide me to find automatic reboot cause?.

Regards,
Gonzalo R.

5 D0rk June 9, 2011 at 8:52 pm

your permissions. you can set it so a remote user can shut down the server. change permissions on shutdown or search your distributions forum and post if you do not find an answer in there or in google.

6 D0rk June 9, 2011 at 8:53 pm: some distributions are setup that way by default, which is kind of annoying. Means if anyone logs in remotely in any way, they can turn you off or reboot you. NOT FUNNY. I hope you have a firewall and have it enabled.
Reply

7 kumud January 31, 2008 at 4:25 am

where can i find the AT command logs. how to find out when the last time AT command run.

8 vinod October 3, 2008 at 7:00 am

Thank you very much.

9 Drew Schlosser February 20, 2009 at 12:42 pm

Chandra You can do this by opening a terminal and typing #cd /var/log/ and may view the files in the directory by typing #ls . You may view the log by typing #vi /var/log/messages .

10 caman February 23, 2009 at 11:47 pm

I can see a lot of the following error in my system and I cannot understand what it means, can yu shed somelight on it

Feb 22 04:40:00 msuic3 msu6_6: ciMonitor 3 of 131 registered tasks Failed!

11 Madhana March 30, 2009 at 12:29 pm

It’s a fruitful information…

Thanks a lot vivek

12 Sparrow August 22, 2009 at 3:50 am

Hi,

I want classify logs and store it in a database. Into what categories can/should I classify them.
Thank you,
Sparrow

13 Alan Hutchinson September 26, 2009 at 6:54 pm

Hi there Linux users, I have bean trying to in stall Debian Lenny beta 2-i386 in a raid 0 con fig, on my p/c
the hard ware is all set up for raid 0, I am having difficulty with the configuration of the partitons, boot sector, file type, the “type of file allocation table” to install. I have bean trying to track down the
var/log, but I cant find that, the location was “http://192.2.2/var/log/partman_choose_partitiion_o.png
I have bean using pure dyne live CD to help me ,but I still was not able to look at the “/var/logs,
invariable I think I need expert help. thank you in advance

14 ALan Hutchinson June 10, 2011 at 5:55 am: this is a reply to my last message , I have given up on trying to install Linux on a virtual raid 0 system, so I ended up installing win 98 se with a new web browser OPERA and it runs like a hot dam, by far this is my most complex P/C to date, in one respect by the things it can do, the open source community has truly bean a liberator for me , not to mention Debian lenny -57-i386 1.iso I know this is old hat by computer standards , I was having problems trying to install NDISWRAPPER on an i386 architecture , and it did not help when my PC was hacked and I was effectively locked out of my p/c, no thanks to VLUG in Victoria but thats a “Hole” different story, I ended up installing ndiswrapper with a new O/S on a network complete with a bunch of other computers , I am currently working on a new black project , but that is top secret .
Reply

15 Pallav November 10, 2009 at 7:02 am

I have a basic account in linux of my intitue. How can i know all the login sessions done in my account ,their timing etc… an i also know any ftp or ssh done in my account?????

16 Usama Hassanin January 22, 2010 at 3:51 pm

Just type

last

it will tell you when, what ip address, time in and out , and for how long

17 lijun February 17, 2010 at 5:15 am

Thanks. I have a question: does Linux record the software installation process? For example I use apt to install some software in Debian but I would like to know where it puts the files. Can it be found in log file?

18 sachin February 21, 2010 at 12:59 pm

hi friends,

i have smb server and i want to know the logs of each and every folder those who access please help its very urgent…..

19 Suresh Nayak January 12, 2012 at 12:22 pm: pls go to /var/log/messages file there you will find your all logs of smb server
Reply

20 Prasanna March 18, 2010 at 7:24 am

thanks, it helped me

21 nitin August 11, 2010 at 4:29 pm

how can we check online redo log file is full or empty?

22 Surjeet Singh Rajput August 16, 2010 at 8:24 am

Which command use to routed logs in linux

23 Sunil Garje August 25, 2010 at 9:13 am

thanks, it helped me a lot. To know about log files this is very helpful…

24 quan vu August 26, 2010 at 7:19 pm

Someone desintalled an application on my Linux server ( Control_M) – What log file should I search for that – and find out who is doing it?

25 Naresh September 10, 2010 at 7:00 am

Hi,
I am new to Linux, Can u pls any one of u tell me how to copy files using “rcp” from the remote location and what r da min requirements to my system.

26 Devarishi September 21, 2010 at 3:04 am

Hi,

[1] What log files in /var/logs can we safely delete to free up hard-disk space?

[2] System reports “Disk-Controller Failure” then which log files in /var/logs should we check?

/var/log/kern.log

/var/log/boot.log

or some other log files?

27 Arun October 27, 2010 at 4:09 am

hi, i am having webserver in linux and mail server in windows.

in our websites we have contuct us page from that we are not able to get any email.
Can anyone help me in this reg

28 Linux Expert December 8, 2010 at 8:26 am: Let me know which linux distribution is used , and the web server having public domain ?
Reply

29 amit sharma January 25, 2011 at 8:52 am

Dear naresh,
there is coomand –

#rsync -r Ipaddress :location of data

example :
#rsync -r192.168.0.18 :/root/slides

rgds
amit

30 Ankit Sharma March 28, 2011 at 5:05 am

Trace of runtime activities in UNIX

I’ve taken a project to work upon tracing of runtime activities on unix system
into a log file. Like, to implement a program which will show the log of everything
happened in past, including many requirements, like applications i used (with the time of access),
kind of files/directories i opened, closed, created, deleted(with the time), etc.

Please suggest me something to do it in a better way.

31 Rajendran April 2, 2011 at 10:52 am

How can i archive all the log files in redhat enterprise linux5?
Your help would be really appreciated.
Thanks

32 koda April 6, 2011 at 7:15 am

I’m confused what does the following command do :
sudo cat /var/log/messages | grep err | -d” -f5

33 Bob July 28, 2011 at 8:59 am: It re-routes the encryption code
Reply

34 anuj Pal September 7, 2011 at 8:06 am

Thanx man ..!!!
:-)

35 Ed October 10, 2011 at 9:14 pm

Is anyone able to tell me why I can no longer get Outlook to recognize email address spammaster@domain.com after deleting maillog files to make more room on our email server. This was set up as a forward of all spam so it could be reviewed.

We are running spammaster with sendmail on a FreeBSD server.

36 Helen Neely February 12, 2012 at 3:29 pm

Thanks for this command, I was able to view my server log when the server stopped responding to requests.

Nice work :)

37 Ameya February 29, 2012 at 9:22 am

Iam using Linux operating System’s Mint flavour on a Virtual Machine…can anyone tell me the exact process of scheduling linux jobs using the at command….and a question:There is a scenario where in i have given all kinds of permissions to a file and it’s directory using the command(read,write & execute) and i want to assign this file’s ownership to a “other” user…so how would i do that…Help me out Guyzz.

38 Ameya February 29, 2012 at 9:51 am

The command which i forgot to mention in my previous post was chmod 777 and file ownership change command is chown newowner filename

39 Yousuf Khan May 4, 2012 at 5:05 am

my linux server was turned off due to some power outages, kindly tell me which logs to access and how, so I can find out the duration and the time of the outages, I am a lower than a novice on linux

40 usama May 4, 2012 at 2:00 pm

check
/var/log/messages log file

41 Sunil August 27, 2012 at 4:08 am

refer /var/log/messages

42 kashyap August 27, 2012 at 7:17 am

If i try check the status of service , does linux log it to any file or is there any optioin to allow logging such.
eg: service smbd status
If I execute it shows the status of the samba. would like to know that such query is logged or not or is there any possible to enable and log it.

Thanks in advance.

43 Mak September 21, 2012 at 11:09 am

THANKS, Really Helpfull Command…

44 nida September 25, 2012 at 5:58 am

I am a fresh graduate engineer working in a networking company. i am on a study project on servers and a total fresher to linux. i just went for a 4days training on the basics. i have been asked to learn how to generate a cronjob to delete logs older than 24hours. after googling i tried with deleting the contents in /var/log/messages that are older than a day using the command find /var/log/messages -mtime +1 -exec rm {} \;
when i did this nothing happened. i tried the same with -1 to try deleteing present day’s logs. the whole file messages got deleted. please help me.

45 charles November 6, 2012 at 11:10 pm: Hello Nida,
mtime -1 means modification time less than 1 day and -mtime +1 means modification time greater than 1 day.
Therefore mtime -1 will delete all your files. It worked as designed.
Best Regards
Charles
Reply

46 hesamadmin October 4, 2012 at 5:27 am

Hi, I have an important enquiry, In the centos server that i administer , there are var/log/secure var/log/secure.1 and so on, but there are empty, other log files like messages audit and … are not empty, they show plenty of useful info, Yesterday I discovered a bruteforce attack on my server by checking messages LOG, but when i checked secure log it was EMPTY , so my question is HOW CAN I configure my centos to store secure log as well ??? !!!

47 charles November 6, 2012 at 10:55 pm

Can someone kindly assist me with scp or ftp or anything applicable between my laptop running win7 and my server running fedora-16. I can send email. i can telnet to my server but i have been unable to ftp to or from the server. Please help me.
Thx

48 Sof Digital January 7, 2013 at 1:36 am

thanks. i forgot the prefixes in the terminal. mostly i just use win scp to check the logs through an explorer… nice post! :)

49 Anupama January 18, 2013 at 1:33 am

I want to know how to get May 2012 logs from general messages and secure messages?
system aromatically archive old logs?

50 mahi January 22, 2013 at 11:32 am

Linux Expert
plz. Let me know how to check running logs.
thanks
mahi

51 Krishan May 6, 2013 at 6:33 am

how to enable following logs in a Redhat/Centos

/etc/security/audit_class
/etc/security/audit_user
/etc/security/audit_control
/etc/security/audit_event

52 raystrach May 7, 2013 at 3:38 am

hi thanks for the tips.

i have used your site for heaps of references over the past 12 months or so and am always appreciative of you sharing your knowedge.

your tips are always relevant, accurate and useful

cheers

Linux log files location and how do I view logs files?

Common Linux log files name and usage

Featured Articles:

Related Faqs