Overview
This lecture covers the basics of Linux log file storage, their organization, and key details about how logs are managed and interpreted.
Linux Log File Storage
- Linux log files are stored in the
/var/log directory.
- The
/var directory stands for "variable" and holds files that change frequently.
Common Log Files
/var/log/auth.log stores authorization and security-related events./var/log/kern.log contains kernel messages./var/log/dmesg logs system startup messages, useful for boot issue troubleshooting./var/log/syslog logs almost everything except authentication events and is the primary log for broad system troubleshooting.
Managing and Reading Logs
- Specific log files focus on particular event types, making targeted troubleshooting easier.
- Some logs combine information from multiple sources, but these can become very large.
- It's often best to check specific logs for targeted issues, rather than large aggregate logs.
Log File Maintenance and Rotation
- Log files can grow large; systems use a process called log rotation to manage disk space.
- The Linux tool for log rotation is called
logrotate.
- Log rotation settings can be adjusted to retain older logs if needed.
Centralized Logging
- For managing logs from multiple systems, centralized logging can be used to collect logs in one place.
Understanding Log File Entries
- Each log line typically begins with a timestamp indicating when the event occurred.
- Some logs use Unix or Epoch time, which counts seconds since January 1, 1970.
Key Terms & Definitions
- Log file — A file that records system events, errors, and messages.
- /var/log — Directory where Linux stores system log files.
- Log rotation — The process of archiving and removing old log files to free up disk space.
- Logrotate — Linux utility used to automate log rotation.
- Unix/Epoch time — The number of seconds elapsed since January 1, 1970.
Action Items / Next Steps
- Review how to access and read log files in
/var/log.
- Prepare for the next lesson on troubleshooting using logs.