In Linux, log files display a timeline of events for specific processes and parts of the system. For example, there are log files for dpkg, which contain information on all the programs installed, updated, and removed from your system since the day it’s been running. Most Linux log files are stored in a plain ASCII text file located in the /var/log directory and subdirectory. The most common log files are:
- /var/log/boot.log: System Boot log (the boot log stores all information related to booting operations)
- /var/log/auth.log: Authentication logs
- /var/log/kern.log: Kernel logs
- /var/log/dpkg.log: Package management logs
When the system log file increases, it means that there is some issue associated with your software or applications. If this is the case, you can gain useful information to help you diagnose the issue by simply checking the latest activities in the system log file.
Log File Locations
There are many log files in a system and their locations can vary from distribution to distribution. In the case of cPanel usage, refer to the following article for a list of common log files used, https://docs.cpanel.net/knowledge-base/cpanel-product/the-cpanel-log-files/.
Common log files are shown in the table below.
|/var/log/messages||General message and system related stuff|
|/var/log/cron.log||Crond logs (cron job)|
|/var/log/maillog||Mail server logs|
|/var/log/httpd/||Apache access and error logs directory|
|/var/log/lighttpd/||Lighttpd access and error logs directory|
Viewing Log Files
To review the latest entries from a specific log file, for example the messages log file in /var/log, execute the following command using tail:
If the issue is not from the latest activities, you can go through the complete log file for hints by using the less command, which will let you move up and down through the file as needed:
Note the arrow in the screenshot above which points to a colon, indicating that this screen is scrollable.
If the same issue is repeating, search for the repeated messages in the log file. Most of the time, it’s an error message, but it can also be a warning to disable something which it’s causing. Sometimes, it may be an intrusion attack, which you can check in the relevant security log file.
“Resetting” Large Log Files
Some log files can become extremely large due to repeated messages from repeating activities or bugs. For example, if we had a log file that was over 100 MBs of data, the following command would reset it to 0 MBs by deleting the content of the file but not the file itself.
For this example, we will use the log file /var/log/messages.
cat /dev/null > /var/log/messages
In the command above, we are using /dev/null as within Linux, /dev/null is a virtual device that has a special property. Any data written to or with /dev/null vanishes or disappears. Because of this characteristic, it is also called bitbucket or blackhole. Anything written on or with /dev/null will disappear and cannot be recovered.