\/etc\/rsyslog.conf controls what goes inside some of the log files. For example, following is the entry in rsyslog.conf for \/var\/log\/messages.<\/p>\n
\n
\n<\/b><\/span> *.info;mail.none;authpriv.none;cron.none <\/b><\/span>
\n\/var\/log\/messages <\/b><\/span>\n<\/div>\n
In the above output…
\n<\/p>\n
*.info indicates that all logs with type INFO will be logged.
\nmail.none,authpriv.none,cron.none indicates that those error messages should not be logged into the \/var\/log\/messages file.
\nYou can also specify *.none, which indicates that none of the log messages will be logged.<\/p>\n
The following are the 20 different log files that are located under \/var\/log\/ directory. Some of these log files are distribution specific. For example, you\u2019ll see dpkg.log on Debian based systems (for example, on Ubuntu).<\/p>\n
\/var\/log\/messages<\/b>\u2013 Contains global system messages, including the messages that are logged during system startup. There are several things that are logged in \/var\/log\/messages including mail, cron, daemon, kern, auth, etc.
\n\/var\/log\/dmesg<\/b>\u2013 Contains kernel ring buffer information. When the system boots up, it prints number of messages on the screen that displays information about the hardware devices that the kernel detects during boot process. These messages are available in kernel ring buffer and whenever the new message comes the old message gets overwritten. You can also view the content of this file using the dmesg command.
\n\/var\/log\/auth.log<\/b> \u2013 Contains system authorization information, including user logins and authentication machinsm that were used.
\n\/var\/log\/boot.log<\/b> \u2013 Contains information that are logged when the system boots
\n\/var\/log\/daemon.log<\/b> \u2013 Contains information logged by the various background daemons that runs on the system
\n\/var\/log\/dpkg.log<\/b> \u2013 Contains information that are logged when a package is installed or removed using dpkg command
\n\/var\/log\/kern.log<\/b> \u2013 Contains information logged by the kernel. Helpful for you to troubleshoot a custom-built kernel.
\n\/var\/log\/lastlog<\/b>\u2013 Displays the recent login information for all the users. This is not an ascii file. You should use lastlog command to view the content of this file.
\n\/var\/log\/maillog<\/b> \/var\/log\/mail.log<\/b> \u2013 Contains the log information from the mail server that is running on the system. For example, sendmail logs information about all the sent items to this file
\n\/var\/log\/user.log<\/b> \u2013 Contains information about all user level logs
\n\/var\/log\/Xorg.x.log<\/b> \u2013 Log messages from the X
\n\/var\/log\/alternatives.log<\/b> \u2013 Information by the update-alternatives are logged into this log file. On Ubuntu, update-alternatives maintains symbolic links determining default commands.
\n\/var\/log\/btmp<\/b> (lastb command; shows all bad login attempts) \/var\/log\/wtmp (displays all users logged in and out since the file is created…last command;login attempts)\u2013 This file contains information about failed login attemps. Use the last command to view the btmp file. For example, \u201clast -f \/var\/log\/btmp | more\u201d
\n\/var\/log\/cups<\/b>\u2013 All printer and printing related log messages
\n\/var\/log\/anaconda.log<\/b> \u2013 When you install Linux, all installation related messages are stored in this log file
\n\/var\/log\/yum.log<\/b> \u2013 Contains information that are logged when a package is installed using yum
\n\/var\/log\/cron<\/b>\u2013 Whenever cron daemon(or anacron) starts a cron job, it logs the information about the cron job in this file
\n\/var\/log\/secure<\/b>\u2013 Contains information related to authentication and authorization privileges. For example, sshd logs all the messages here, including unsuccessful login.
\n\/var\/log\/wtmp or \/var\/log\/utmp<\/b>\u2013 Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
\n\/var\/log\/faillog<\/b>\u2013 Contains user failed login attemps. Use faillog command to display the content of this file.
\nApart from the above log files, \/var\/log directory may also contain the following sub-directories depending on the application that is running on your system.
\n\/var\/log\/httpd\/ (or) \/var\/log\/apache2<\/b>\u2013 Contains the apache web server access_log and error_log
\n\/var\/log\/lighttpd\/<\/b>\u2013 Contains light HTTPD access_log and error_log
\n\/var\/log\/conman\/<\/b>\u2013 Log files for ConMan client. conman connects remote consoles that are managed by conmand daemon.
\n\/var\/log\/mail\/<\/b>\u2013 This subdirectory contains additional logs from your mail server. For example, sendmail stores the collected mail statistics in \/var\/log\/mail\/statistics file
\n\/var\/log\/prelink\/<\/b>\u2013 prelink program modifies shared libraries and linked binaries to speed up the startup process.
\n\/var\/log\/prelink\/prelink.log<\/b> contains the information about the .so file that was modified by the prelink.
\n\/var\/log\/audit\/<\/b>\u2013 Contains logs information stored by the Linux audit daemon (auditd).
\n\/var\/log\/setroubleshoot\/<\/b>\u2013 SELinux uses setroubleshootd (SE Trouble Shoot Daemon) to notify about issues in the security context of files, and logs those information in this log file.
\n\/var\/log\/samba\/<\/b>\u2013 Contains log information stored by samba, which is used to connect Windows to Linux.
\n\/var\/log\/sa\/<\/b>\u2013 Contains the daily sar files that are collected by the sysstat package.
\n\/var\/log\/sssd\/<\/b>\u2013 Use by system security services daemon that manage access to remote directories and authentication mechanisms.<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"
If you spend lot of time in Linux, it is essential that you know where the log files are located, and what is contained in each and every log file. \/etc\/rsyslog.conf controls what goes inside some of the log files. For example, following is the entry in rsyslog.conf for \/var\/log\/messages. $ grep “\/var\/log\/messages”… <\/p>\n