Introduction

This tutorial explains the administration of the Linux system with the system logs. The system log is a file that contains information about events that happened on the system during runtime. This tutorial shows you the following Linux logging basics:

• You will see where are stored Linux log files, how are they formatted, and how to read them.
• You will read the most important logs including syslog.
• You will view Ubuntu syslog daemon configuration.
• You will see Linux rotation log files configuration, and you will execute log rotation.

Prerequisite

You will need:

• Basic knowledge of how to work with Linux command line.
• Ubuntu 20.04 distribution including the non-root user with sudo access.

Step 1 — Finding Linux system logs

The Ubuntu system stores all system logs into directory /var/log. Let's look at some most essential log files and their meaning, and what they stores:

• /var/log/syslog - Stores all records about any global activity in the system. Basically, every event that happens go to this log.
• /var/log/auth.log - Stores all security related actions (login, logout, or root user activity).
• /var/log/kern.log - Stores events of the kernel (info, warning, errors). Useful for custom kernels.
• /var/log/boot.log - System startup info.

This directory contains also various application logs. For example, if your distribution contains Apache or MySQL then their logs are also there.

You can view content of this directory with following command:

$ ls /var/log