Detailed introduction to logs in Linux system

1. Log related services
2. Common log files in the system

1. Log related services

In CentOS 6.x , the log service has been replaced by rsyslogd instead of the original syslogd service. RedHat believes that syslogd can no longer meet the needs of work, and rsyslogd service supports more functions.

rsyslogd service has some new features compared to syslogd service:

Log information is transmitted based on the TCP network protocol.

A more secure network transmission method.

There is a real-time analysis framework for log messages.

Backend database. Simple logical judgments can be written in the configuration file.

Compatible with syslog configuration files.

2. Common log files in the system

In Linux systems, system logs are generally saved in the /var/log/ directory.

As shown below:

[root@localhost ~]# ls /var/log/
anaconda.ifcfg.log btmp maillog secure
anaconda.log ConsoleKit maillog-20200705 secure-20200705
anaconda.program.log cron mcelog spooler
anaconda.storage.log cron-20200705 messages spooler-20200705
anaconda.syslog cups messages-20200705 sssd
anaconda.xlog dmesg ntpstats tallylog
anaconda.yum.log dmesg.old prelink wtmp
audit dracut.log sa yum.log
boot.log lastlog samba

Let's take a closer look at the main log files above:

Log files	illustrate
`/var/log/cron`	Records logs related to system scheduled tasks.
`/var/log/cups/`	A log that records printing information. (Prerequisite: you need a printer or print server, which is generally not needed)
`/var/log/dmesg`	Records the kernel self-test information when the system is turned on. You can also use the `dmesg` command to directly view kernel self-test information.
`/var/log/btmp`	Logs incorrect logins. This file is a binary file and cannot be viewed directly with `vim` . Instead, you must use `lastb` command to view it.
`/var/log/lastlog`	A log that records the last login time of all users in the system. This file is also a binary file and cannot be viewed directly with `vim` . Instead, you need to use `lastlog` command to view it.
`/var/log/mailog`	Record email information.
`/var/log/message`	Logs that record important system information. This log file will record most of the important information of the Linux system. If there is a problem with the system, the first thing to check should be this log file.
`/var/log/secure`	Records authentication and authorization information, including any program involving accounts and passwords. For example, system login, `ssh` login, `su` user switching, `sudo` authorization, and even adding users and modifying user passwords will be recorded in this log file.
`/var/log/wtmp`	Permanently record all users' login and logout information, and also record system startup, restart, and shutdown events. Similarly, this file is also a binary file and cannot be viewed directly using `vim` . Instead, you need to use `last` command to view it.
`/var/run/utmp`	Record the information of the currently logged in user. This file will change as users log in and out, and only records the information of the currently logged in user. Similarly, this file cannot be directly `vim` , but must be queried using commands such as `w` , `who` , `users` , etc.

Note: Examples of log files that cannot be viewed with the vim editor.

# Someone used the root user to log in to local terminal 1 at 22:38 on June 4th. [root@localhost log]# lastb
root tty1 Tue Jun 4 22:38 - 22:38 (00:00)

Why can't some log files be viewed using the vim editor?

This is because the contents of these log files record the logs of important system resources and are related to system security. You cannot modify them. To ensure the accuracy of the data, you can only view them through relevant commands.

In addition to the system default logs, system services installed using RPM will also record logs in the /var/log/ directory by default.

For example:

Log files	illustrate
`/var/log/httpd/`	The default log directory for the `apache` service installed by the RPM package.
`/var/log/mail/`	Additional log directory for mail services installed by the RPM package.
`/var/log/samba/`	Log directory for the `samba` service installed by the RPM package.
`/var/log/sssd/`	Daemon security service directory.

The service logs installed with the source package are in the directory specified by the source package.

However, these logs are not recorded and managed by the rsyslogd service. Instead, each service uses its own log management document to record its own logs.

This is the end of this article about the detailed introduction of logs in Linux system. For more relevant Linux log content, please search 123WORDPRESS.COM's previous articles or continue to browse the following related articles. I hope everyone will support 123WORDPRESS.COM in the future!

You may also be interested in: