Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Viewing Linux Logs from the Command Line

#1
Viewing Linux Logs from the Command Line

<div style="margin: 5px 5% 10px 5%;"><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/viewing-linux-logs-from-the-command-line.jpg" width="975" height="564" title="" alt="" /></div><div><div><img src="http://www.sickgaming.net/blog/wp-content/uploads/2018/07/viewing-linux-logs-from-the-command-line.jpg" class="ff-og-image-inserted" /></div>
<p><em><strong><span><span>Learn how to easily check Linux logs in this article from our archives.</span></span></strong></em></p>
<p><span><span>At some point in your career as a Linux administrator, you are going to have to view log files. After all, they are there for one very important reason…to help you troubleshoot an issue. In fact, every seasoned administrator will immediately tell you that the first thing to be done, when a problem arises, is to view the logs.</span></span></p>
<p><span><span>And there are plenty of logs to be found: logs for the system, logs for the kernel, for package managers, for Xorg, for the boot process, for Apache, for MySQL… For nearly anything you can think of, there is a log file.</span></span></p>
<p><span><span>Most log files can be found in one convenient location:<em> </em></span><em><span>/var/log</span></em><span>. These are all system and service logs, those which you will lean on heavily when there is an issue with your operating system or one of the major services. For desktop app-specific issues, log files will be written to different locations (e.g., Thunderbird writes crash reports to ‘~/.thunderbird/Crash Reports’). Where a desktop application will write logs will depend upon the developer and if the app allows for custom log configuration.</span></span></p>
<p><span><span>We are going to be focus on system logs, as that is where the heart of Linux troubleshooting lies. And the key issue here is, how do you view those log files?</span></span></p>
<p><span><span>Fortunately there are numerous ways in which you can view your system logs, all quite simply executed from the command line.</span></span></p>
<h3><span><span>/var/log</span></span></h3>
<p><span><span>This is such a crucial folder on your Linux systems. Open up a terminal window and issue the command </span><em><span>cd /var/log</span></em><span>. Now issue the command </span><span>ls</span><span> and you will see the logs housed within this directory (</span><span>Figure 1</span><span>).</span></span></p>
<p><span><span>Now, let’s take a peek into one of those logs.</span></span></p>
<h3><span><span>Viewing logs with </span><span>less</span></span></h3>
<p><span><span>One of the most important logs contained within </span><em><span>/var/log</span></em><span> is </span><span><em>syslog</em>. </span><span>This particular log file logs everything except auth-related messages. Say you want to view the contents of that particular log file. To do that, you could quickly issue the command </span><span>less <em>/var/log/syslog</em></span><span>. This command will open the </span><span>syslog </span><span>log file to the top. You can then use the arrow keys to scroll down one line at a time, the spacebar to scroll down one page at a time, or the mouse wheel to easily scroll through the file.</span></span></p>
<p><span><span>The one problem with this method is that </span><span>syslog </span><span>can grow fairly large; and, considering what you’re looking for will most likely be at or near the bottom, you might not want to spend the time scrolling line or page at a time to reach that end. Will </span><span>syslog </span><span>open in the </span><span>less </span><span>command, you could also hit the [Shift]+[g] combination to immediately go to the end of the log file. The end will be denoted by (END). You can then scroll up with the arrow keys or the scroll wheel to find exactly what you want.</span></span></p>
<p><span><span>This, of course, isn’t terribly efficient.</span></span></p>
<h3><span><span>Viewing logs with dmesg</span></span></h3>
<p><span><span>The </span><span>dmesg </span><span>command prints the kernel ring buffer. By default, the command will display all messages from the kernel ring buffer. From the terminal window, issue the command </span><span>dmesg </span><span>and the entire kernel ring buffer will print out (</span><span>Figure 2</span><span>).</span></span></p>
<p><span><span>Fortunately, there is a built-in control mechanism that allows you to print out only certain facilities (such as </span><span>daemon</span><span>). </span></span></p>
<p><span><span>Say you want to view log entries for the user facility. To do this, issue the command </span><em><span>dmesg –facility=user</span></em><span>. If anything has been logged to that facility, it will print out.</span></span></p>
<p><span><span>Unlike the </span><em><span>less</span></em><span> command, issuing </span><em><span>dmesg</span></em><span><em> </em>will display the full contents of the log and send you to the end of the file. You can always use your scroll wheel to browse through the buffer of your terminal window (if applicable). Instead, you’ll want to pipe the output of </span><span>dmesg</span><span> to the </span><span>less </span><span>command like so:</span></span></p>
<pre>
<span><span>dmesg | less</span></span>
</pre>
<p><span><span>The above command will print out the contents of </span><em><span>dmesg</span></em><span><em> </em>and allow you to scroll through the output just as you did viewing a standard log with the<em> </em></span><em><span>less </span></em><span>command.</span></span></p>
<h3><span><span>Viewing logs with tail</span></span></h3>
<p><span><span>The</span><span> <em>tail</em></span><span><em> </em>command is probably one of the single most handy tools you have at your disposal for the viewing of log files. What tail does is output the last part of files. So, if you issue the command </span><span><em>tail /var/log/syslog</em>,</span><span> it will print out only the last few lines of the </span><span>syslog </span><span>file. </span></span></p>
<p><span><span>But wait, the fun doesn’t end there. The tail command has a very important trick up its sleeve, by way of the<em> </em></span><em><span>-f </span></em><span>option. When you issue the command </span><em><span>tail -f /var/log/syslog</span></em><span>, tail</span><span> </span><span>will continue watching the log file and print out the next line written to the file. This means you can follow what is written to </span><span>syslog</span><span>, as it happens, within your terminal window (</span><span>Figure 3</span><span>).</span></span></p>
<p><span><span>Using tail</span><span> </span><span>in this manner is invaluable for troubleshooting issues.</span></span></p>
<p><span><span>To escape the<em> </em></span><em><span>tail </span></em><span>command (when following a file), hit the [Ctrl]+[x] combination. </span></span></p>
<p><span><span>You can also instruct tail to only follow a specific amount of lines. Say you only want to view the last five lines written to </span><span>syslog</span><span>; for that you could issue the command:</span></span></p>
<pre>
<span><span>tail -f -n 5 /var/log/syslog</span></span>
</pre>
<p><span><span>The above command would follow input to </span><span>syslog </span><span>and only print out the most recent five lines. As soon as a new line is written to </span><span>syslog,</span><span> it would remove the oldest from the top. This is a great way to make the process of following a log file even easier. I strongly recommend not using this to view anything less than four or five lines, as you’ll wind up getting input cut off and won’t get the full details of the entry.</span></span></p>
<h3><span><span>There are other tools</span></span></h3>
<p><span><span>You’ll find plenty of other commands (and even a few decent GUI tools) to enable the viewing of log files. Look to </span><span><em>more, grep, head, cat, multitail,</em> </span><span>and</span><span> </span><a href="https://help.gnome.org/users/gnome-system-log/"><span>System Log Viewer</span></a><span> </span><span>to aid you in your quest to troubleshooting systems via log files.</span><span>   </span></span></p>
<p><em><span>Advance your career with Linux system administration skills. Check out the <a href="https://training.linuxfoundation.org/linux-courses/system-administration-training/essentials-of-system-administration">Essentials of System Administration course</a> from The Linux Foundation.</span></em></p>
</div>
Reply



Forum Jump:


Users browsing this thread:
2 Guest(s)

Forum software by © MyBB Theme © iAndrew 2016