Your Webhosting Questions
Answered by the Webhosting Experts

How to Manage Large Log Files

In Linux, log files display a timeline of events for specific processes and parts of the system. For example, there are log files for dpkg, which contain information on all the programs installed, updated, and removed from your system since the day it’s been running. Most Linux log files are stored in a plain ASCII text file located in the /var/log directory and subdirectory. The most common log files are:

  • /var/log/boot.log: System Boot log (the boot log stores all information related to booting operations)
  • /var/log/auth.log: Authentication logs
  • /var/log/kern.log: Kernel logs
  • /var/log/dpkg.log: Package management logs

When the system log file increases, it means that there is some issue associated with your software or applications. If this is the case, you can gain useful information to help you diagnose the issue by simply checking the latest activities in the system log file.

Log File Locations

There are many log files in a system and their locations can vary from distribution to distribution. In the case of cPanel usage, refer to the following article for a list of common log files used,

Common log files are shown in the table below.

Log File Description
/var/log/messages General message and system related stuff
/var/log/auth.log Authentication logs
/var/log/kern.log Kernel logs
/var/log/cron.log Crond logs (cron job)
/var/log/maillog Mail server logs
/var/log/httpd/ Apache access and error logs directory
/var/log/lighttpd/ Lighttpd access and error logs directory

Viewing Log Files

To review the latest entries from a specific log file, for example the messages log file in /var/log, execute the following command using tail:

tail /var/log/messages

Screenshot showing the results of the tail /var/log/messages command

If the issue is not from the latest activities, you can go through the complete log file for hints by using the less command, which will let you move up and down through the file as needed:

less /var/log/messages

Screenshot showing the results of the less /var/log/messages command.

Note the arrow in the screenshot above which points to a colon, indicating that this screen is scrollable.

If the same issue is repeating, search for the repeated messages in the log file. Most of the time, it’s an error message, but it can also be a warning to disable something which it’s causing. Sometimes, it may be an intrusion attack, which you can check in the relevant security log file.

“Resetting” Large Log Files

Some log files can become extremely large due to repeated messages from repeating activities or bugs. For example, if we had a log file that was over 100 MBs of data, the following command would reset it to 0 MBs by deleting the content of the file but not the file itself.

For this example, we will use the log file /var/log/messages.

cat /dev/null > /var/log/messages

Screenshot showing the results of the cat /dev/null srcset= /var/log/messages command." width="1098" height="178">

In the command above, we are using /dev/null as within Linux, /dev/null is a virtual device that has a special property. Any data written to or with /dev/null vanishes or disappears. Because of this characteristic, it is also called bitbucket or blackhole. Anything written on or with /dev/null will disappear and cannot be recovered.

Need More Personalized Help?

If you have any further issues, questions, or would like some assistance checking on this or anything else, please reach out to us from your account and provide your server credentials within the encrypted field for the best possible security and support.

If you are unable to reach your account or if you are on the go, please reach out from your valid account email to us here at: We are also available to you through our phone and live chat system 24/7/365.

Tags +