Where are all the major log files located?
All log files are located in /var/log
directory. In that directory, there are specific files for each type of logs. For example, system logs, such as kernel activities are logged in syslog
file.
Some of the most common log files in that directory is :
In directory
apt
there is a filehistory.log
which saves all the package installation and removal information even the initial system build as Live CD. You can open this file to see this very interesting file.In directory
dist-upgrade
there is a fileapt.log
which logs the information during distribution upgradesIn directory
installer
the log files which are created during installation can be found.There is an
apport.log
file which saves information about crashes in your system and reporting them.The file
auth.log
includes information about the authentication activities such as when you authenticate as root user via sudo.The file
dpkg.log
saves the low level details of package installation and removal related withdpkg
. You might be aware that theapt
system depends ondpkg
for package installation and removal.boot.log
includes information of each booting.kern.log
saves kernel information such as warnings, errors etc.alternatives.log
includes the history of all the alternatives set by various packages and their removal viaupdate-alternatives
command.Another important log file is
Xorg.log
which include information about the graphics driver, its failures, warnings etc.
Some other types of Log files may be there depending on your installed packages. For example, My system also includes a log files epoptes.log
which will only be there if you install epoptes
package.
Changes after systemd
With the advent of systemd
, logging is mostly handled by journalctl
utility and store the logs in binary format in /var/lib/systemd/catalog/database
file. This file enumerates all logs including kernel, boot and application logs and provides required logs via journalctl
utility.
Here is a good article on journalctl
on how you can use it to fetch required log info.
https://www.digitalocean.com/community/tutorials/how-to-use-journalctl-to-view-and-manipulate-systemd-logs#setting-the-system-time
In the screenshot below most of the important logs from /var/log
are shown. In that location there are often other folders from other applications such as samba
or apache2
if you have it installed.
To watch a log in real time you can use gnome-system-log
or, for example, use
tail -f /var/log/kern.log
All logs can be analysed more easily either with the filter option in gnome-system-log
or by using grep
to search for a particular term. For example, if I wanted to find references to my SiS hardware, I could enter:
grep -i SiS /var/log/kern.log
Most of the logs in the screenshot are self-explanatory, however, here's a few quick notes:
auth.log
deals with all privileged actions such as when you use sudo in the terminal or run gui programs such as synaptic.kern.log
records all kernel activity and can be useful for diagnosing errors with hardware.dpkg.log
is a very detailed account of packages installedsyslog
contains both information from the kernel and OS informationxorg.log
contains information on the (largely automatic) setup of your displayudev
is particularly useful as it contains some details about the setup of hardware that could be useful to record for the future.history.log
(as seen in the screenshot) is from/var/log/apt
and contains the history of your updates and installations.
To view system and application logs, you can use the "Log File Viewer" application. Hit F2 to open your dash, then type log and select the Log File Viewer application.
More information: http://www.howtogeek.com/117878/how-to-view-write-to-system-log-files-on-ubuntu/