Linux

【Linux】查看 Log

Posted by 西维蜀黍 on 2021-06-28, Last Modified on 2021-09-21

Log Files

  • /var/log/syslog or /var/log/messages: general messages, as well as system-related information. Essentially, this log stores all activity data across the global system.

  • /var/log/auth.log or /var/log/secure: store authentication logs, including both successful and failed logins and authentication methods. Again, the system type dictates where authentication logs are stored; Debian/Ubuntu information is stored in /var/log/auth.log, while Redhat/CentrOS is stored in /var/log/secure.

  • /var/log/boot.log: a repository of all information related to booting and any messages logged during startup.

  • /var/log/maillog or var/log/mail.log: stores all logs related to mail servers, useful when you need information about postfix, smtpd, or any email-related services running on your server.

  • /var/log/kern: stores Kernel logs and warning data. This log is valuable for troubleshooting custom kernels as well.

  • /var/log/dmesg: messages relating to device drivers. The command dmesg can be used to view messages in this file.

  • /var/log/faillog: contains information all failed login attempts, which is useful for gaining insights on attempted security breaches, such as those attempting to hack login credentials as well as brute-force attacks.

  • /var/log/cron: stores all Crond-related messages (cron jobs), such as when the cron daemon initiated a job, related failure messages, etc.

  • /var/log/messages : General message and system related stuff

  • /var/log/auth.log : Authenication logs

  • /var/log/kern.log : Kernel logs

  • /var/log/cron.log : Crond logs (cron job)

journalctl - Query the systemd journal

# Show all messages from this boot:
$ journalctl -b

# Show all messages from last boot:
$ journalctl -b -1

# Show all messages with priority level 3 (errors) from this boot:
$journalctl -b --priority=3

# Follow new messages (like tail -f for traditional syslog):
$ journalctl -f

# Show all messages by a specific unit:
$ journalctl -u unit

# Filter messages within a time range (either timestamp or placeholders like "yesterday"):
$ journalctl --since now|today|yesterday|tomorrow --until YYYY-MM-DD HH:MM:SS

# Show all messages by a specific process:
$ journalctl _PID=pid

# Show all messages by a specific executable:
$ journalctl path/to/executable

Reference

FEATURED TAGS
algorithm algorithmproblem architecturalpattern architecture aws c# cachesystem codis compile concurrentcontrol database dataformat datastructure debug design designpattern distributedsystem django docker domain engineering freebsd git golang grafana hackintosh hadoop hardware hexo http hugo ios iot java javaee javascript kafka kubernetes linux linuxcommand linuxio lock macos markdown microservices mysql nas network networkprogramming nginx node.js npm oop openwrt operatingsystem padavan performance programming prometheus protobuf python redis router security shell software testing spring sql systemdesign truenas ubuntu vmware vpn windows wmware wordpress xml zookeeper
FRIENDS

TOC