System logging explained in Linux

July 17, 2007
If you are serious about learning Linux, then you might want to familiarize yourself with log files. Log files are very good for helping you deduce what is going wrong with a system.

Most system critical programs (which includes the Linux kernel) generate log files. And they are all stored in /var/log directory or one of its sub-directories.

Important log files in Linux

/var/log/dmesg - Logs all messages from kernel ring buffer. You can view the contents of this file using dmesg command. The /var/log/dmesg log file usually contain messages generated when you boot your Linux machine. This is a great place to get low level information on your hardware.

/var/log/boot.log - System boot log.

/var/log/Xorg.0.log - X server log. If your Linux system is not able to run X, this is the file you should read to pinpoint any problems.

/var/log/kern.log - Kernel logs.

/var/log/cron - Cron logs [See : Cron command]

/var/log/wtmp and /var/log/lastlog - Login records file. These are binary files that are read by certain command line tools such as last or lastlog to show a list of last logged in users.

/var/log/btmp - This file contain information about failed login attempts. It is a binary file. Use the command - last -f /var/log/btmp to read the list of users who had failed login attempts. Note: You should have super user privileges to see the contents of this file.

/var/log/mail.log - Contains the log information from the mail server that is running on the system.

/var/log/alternatives.log - When you run update-alternatives in Debian (based) distributions, the resulting messages are entered into this log file. Usually it will be empty if you haven't run the update-alternatives command.

/var/log/cups – All printer and printing related log messages. This is a directory which contain many related log files.

This is just a subset of the log files you will find in most Linux distributions. Usually, you will find a few more log files depending upon the type of services or programs you are running in your Linux machine.

Messages can be logged to files, broadcast to connected users, written to the console, or even transmitted to remote logging daemons across the network.

All this is made possible using log daemons. In the past Linux relied on syslogd and klogd logging daemons for catching messages. But a growing list of modern Linux distributions such as Fedora, Debian, Open SUSE, Ubuntu, and so on are switching to rsyslogd which offers superior features and more flexibility in configuring log messages.

Also read : System logging explained in Linux.


  • I like having the syslog messages scroll on my screen. Don't ask my why.

    To do this I use a piped device:

    rrs@learner:~$ ls -l /dev/xconsole1
    prw-r----- 1 root adm 0 2007-07-20 12:40 /dev/xconsole1|

    and redirect desired syslog messages to it:

    *.*;news.none |/dev/xconsole1

    Call it insane or stupidity but it is a liking..


  • linuxdocs

    Thank u ravi for explain some linux files

  • JamesR404

    And what if you want to review system messages from before the last reboot? Would they be stored in a different file or the same?

    Because I don't see them in the same file :)

    Any1 knows? ^^