Details of the log files and their locations used in Ubuntu
Following is a list of default log files/folders found in Ubuntu 12.04 LTS
- /var/log/apt/ – Contains files log and term.logdetails.
- These log files contain a list of installed applications.
- Login/authentication information.
- System boot log file.
- Log file of what users are logged on to system.
- /var/cups/ – Contains files access_log and error_log.
- Printing specific log files
- System Kernel log file
- Kernel Ring buffer log files.
- System log file, probably contains the most system related information
- File System check log file
- Package installation information
- Printer log file
- User level log files
- Debug messages from Ubuntu O.S.
- Information and running system and application daemons.
- General informational messages from the system and applications.
Non-Human Readable logs (Binary Format)
- Contains login failures for all users
- Last login information for all users.
- History of logins and logouts on system.
- Records bad or unsuccessful login attempts.
Application specific logs
- Apache Web server specific log files
- mysql database specific log files
- Contains samba file sharing protocol log information if used.
Viewing ASCII log files
A majority of all log files on a system can be viewed using Ubuntu’s built-in log viewer program called “System Log Viewer”.
This program can be opened by navigating to the System menu | Administration | Log File Viewer, or by the typing the following command in the console terminal gnome-system-log.
System Log Viewer is a very user friendly program that displays all the log files in an easily readable format and allows you to perform some basic search filters.
This program starts up by default with most system log files loaded in to the GUI but if you want to see other application log files, there is an option to add specific log files.
If the console terminal is preferred over the GUI, the ASCII log files can be opened with a text editor, e.g., gedit.
Another quick and simple way to view the log files is to print them on your screen page at a time by opening the console terminal and typing the following command last. This nifty little program loads the log files very quickly and also you to scroll back and forth through log file very quickly.
A rarely used program is the head program which can be used to view the first 10 lines of a file.
Over and above the programs that we have discussed, if you want to actively monitor a specific log file on a live system you can use the “tail” program. This brilliant program which prints on screen the last 10 lines of any specified file. This is especially useful if you only want to see what was most recently logged.
So for example if you wanted to follow the syslog log file you would type the following syntax in a console terminal, tail –f /var/log/syslog
Viewing Binary log files
Some log files, as discussed earlier, are stored in binary format and thus will not yield any substantial information if opened ASCII text editors or programs like less or cat.
Following are a list of programs that open the specified log files in the correct format:
- faillog: Reads and displays the content of the “/var/log/faillog” log file.
- lastlog: Reads and displays the content of “/var/log/lastlog”
- last: Reads and displays the content of “/var/log/wtmp” by default but can open “btmp” log files by using –f switch.
You can use the following syntax to open the “btmp” log file
last –f /var/log/btmp
- who: Reads and display the var/log/wtmp log file.