How To Check Logs In Unix Systems

If you’re using Solaris, your logs are located in /var/adm. [1] X Research source

/var/log/auth. log: Authentication logs (both successful and failed attempts) on Debian/Ubuntu Linux and FreeBSD. [2] X Research source Solaris users will use /var/adm/authlog. [3] X Research source /var/log/boot. log: Startup messages and boot info. /var/log/cron: All cron-related messages for most Unix versions. If you’re using Solaris, your cron log is at /var/cron/log. /var/log/daemon. log: Running background services. /var/log/dmesg: Device driver messages. This is a binary file, not a text file—to view this log you’ll need to use the dmesg command. /var/log/faillog: Failed logins only. /var/log/httpd or /var/log/apache2: Apache web server logs. /var/log/maillog or var/log/mail. log: Mail server info. /var/log/lastlog: Shows all users’ last logins. This is a binary file, not a text file—to view this log you’ll need to use the lastlog command. /var/log/messages: General system messages for Solaris and FreeBSD, as well as the Linux versions Fedora, RedHat, and CentOS:[4] X Research source /var/log/secure: Authentication logs (successful and failed attempts) for RedHat/CentOS. /var/log/syslog: General system messages for Ubuntu Linux, Linux Mint, and Debian Linux-based systems. If you’re using Solaris, this is where you’ll find mail-related messages. /var/log/utmp: Current login states for each user. /var/log/wtmp: User login and logout times.

Solaris users will use /var/adm/authlog. [3] X Research source

If you’re using Solaris, your cron log is at /var/cron/log.

If you don’t already have root access, use sudo before each command.

Use the Enter key to scroll one line at a time, or the Spacebar to scroll one screen at a time. To go back, press b. To return to the prompt, press q.

If you just want to view the end of the log but don’t care whether it updates in real time, run tail -20 /var/log/httpd to view its last 20 lines. You could replace “20” with any number of lines from the bottom you want to see. You can also parse what you see with tail (or pretty much any other command) by piping it out to grep. For example, tail -f /var/log/auth. log | grep ‘Invalid user’ will display all invalid “Piping out” a command means redirecting the output to another command. Basically, it lets you use two or more commands at once.

For example, typing /smtp and pressing Enter will find the next instance of “smtp” in the file. Press n to move to the next instance of the search string, or N (uppercase) to go back to the previous.

To move through the log screen by screen, run dmesg | more. Use dmesg with grep to search for specific entries. For example, to view only hard disk entries, run dmesg | grep -i sda. -i tells grep to ignore the case. To see just the first 10 lines of the log, run dmesg | head -10. Replace “10” with the number of lines from the top of the file you want to see. To do the same with the end of the file, run dmesg | tail -10.