Linux Log Files /var/log Tutorial with Examples
  • Post category:Network
  • Post comments:0 Comments
  • Post author:
  • Post published:14/04/2021
  • Post last modified:14/04/2021

Linux provides a lot of different types of logs by default. These files are generally located at /var/log . There may be some exceptions like third party applications but the configuration of log location can be changed to the /var/log directory. In this post, we will look at default log files and how to list, tail, search, filter these logs.

List Log Files

Logs files can be simply listed by using ls command but keep in mind there are directories they contain different files for logs.

$ ls /var/log/
List Log Files
List Log Files

We can list in a recursive manner to get files and folder under /var/log directory like below.

$ ls -R /var/log/
List Log Files
List Log Files

Reading Log Files

There are different methods to read log file but we will use less which have practical solutions while reading the log file.

$ less auth.log
Reading Log Files
Reading Log Files

Space will skip to the next page also page up / page down will work too.

Searching Log File

Less have the functionality to search a text file were in this situation a log file. After opening log files with less use /auth to search “auth” term down to the file pages.

/auth
Searching Log File
Searching Log File

To continue to search term without entering, again and again, press for the next match or for the previous search. After arriving at the file end if no match exists we will get a message like below at the end of the terminal.

Searching Log File
Searching Log File

Filtering Log File

Searching is a way to see occurrences in a log file and previous and next events. An alternative is filtering log files. Grep is a very capable tool to filter log files. We will filter for “auth” for all files named auth.log* . We named files auth.log* because old auth.log files are gzipped and have gz extension.

$ zgrep "authen" auth.log*
Filtering Log File
Filtering Log File

If we want to colorize findings we can use normal grep with the same filter term as below.

$ zgrep "authen" auth.log* | grep "auth"
Filtering Log File
Filtering Log File

Filter All Log Files

Actually filtering or search all files are not different but as an example, we can look at it by specifying and IP address.

$ zgrep  "192.168.122.1" * | less
Filter All Log Files
Filter All Log Files

We can use less for search other terms like username “ismail”

/ismail
Filter All Log Files
Filter All Log Files
LEARN MORE  Git – Reviewing Changes

Leave a Reply