Common Linux Log Files and Useful Commands for Log Analysis
This article introduces common Linux log files, essential command‑line utilities such as cat, less, tail, grep, awk, and sed for viewing logs, and powerful analysis tools like logrotate, journalctl, logwatch, and goaccess, providing practical examples for effective system log management.
1. Common Log Files
Linux stores its logs under /var/log . Typical log files include:
/var/log/syslog : General system log (most distributions).
/var/log/messages : General system log (Red Hat‑based distributions).
/var/log/auth.log : Authentication events such as login attempts and sudo usage.
/var/log/kern.log : Kernel‑related messages.
/var/log/dmesg : Kernel messages generated at boot.
/var/log/boot.log : Boot process messages.
/var/log/cron.log : Cron job activity.
/var/log/mail.log : Mail system activity.
/var/log/apache2/access.log and /var/log/apache2/error.log : Apache access and error logs.
/var/log/nginx/access.log and /var/log/nginx/error.log : Nginx access and error logs.
2. Commands to View Log Files
cat
Displays the entire content of a file, suitable for short logs.
cat /var/log/syslogless
Pages through a file, allowing forward and backward navigation, ideal for longer logs.
less /var/log/syslogtail
Shows the end of a file; by default the last 10 lines. Common options: -n to specify line count and -f to follow updates in real time.
tail -n 20 /var/log/syslog
tail -f /var/log/sysloghead
Shows the beginning of a file; by default the first 10 lines.
head -n 20 /var/log/sysloggrep
Searches for lines matching a pattern, useful for extracting specific information from logs.
grep "error" /var/log/syslog
grep -i "fail" /var/log/auth.logawk
A powerful text‑processing tool for extracting and formatting structured data from logs.
awk '{print $1, $2, $3}' /var/log/syslogsed
A stream editor for searching, replacing, and filtering log content.
sed -n '/error/p' /var/log/syslog3. Tools for Log Analysis
logrotate
Manages and rotates log files to prevent them from growing indefinitely. Configuration files are typically located in /etc/logrotate.conf and /etc/logrotate.d/ .
/var/log/syslog {
daily
rotate 7
compress
missingok
notifempty
}journalctl
Views and analyses logs managed by systemd . Useful options include -xe for detailed recent logs and -u to filter by a specific service.
journalctl -xe
journalctl -u nginx.servicelogwatch
Generates readable log reports.
sudo apt-get install logwatch
sudo logwatch --detail High --mailto [email protected] --service all --range todaygoaccess
A real‑time web log analyzer for Apache and Nginx access logs.
sudo apt-get install goaccess
goaccess /var/log/nginx/access.log -o report.html --log-format=COMBINED---
Promotional Note: Prometheus精品教程限时特惠,点击查看 ↓ (link omitted).
全文结束,欢迎点赞、在看或分享至朋友圈和技术群,感谢阅读!
DevOps Operations Practice
We share professional insights on cloud-native, DevOps & operations, Kubernetes, observability & monitoring, and Linux systems.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.