11 Critical Linux Log Files You Should be Monitoring

Posted on March 12, 2019 by Destry Hines

What are Linux log files?

Log files store important information about events that have occurred on the server. These log files should be monitored by system administrators to make sure their servers are running properly and securely.

Most log files are located in the /var/log directory.

Log files can typically be grouped into 4 categories:

  • System Logs
  • Service Logs
  • Event Logs
  • Application Logs

Why you should monitor log files?

Managing your log files is an important role for system administrators.

Your log files contain detailed information on the server's performance, stability and security that you need to be aware of. Being proactive with log monitoring will help prevent unexpected server issues and keep your servers running at peek levels.

Which logs to monitor

Please note: this is not an complete list, but a subset of the most important logs to monitor.

/var/log/messages

This log file contains generic system activity logs.

/var/log/secure

All authentication related events in RedHat and CentOS based systems use this log file. Debian and Ubuntu server use /var/log/auth.log instead.

/var/log/boot.log

The system initialization script, /etc/init.d/bootmisc.sh, sends all bootup messages to this log file

/var/log/dmesg

This log file contains Kernel ring buffer messages related to hardware devices and their drivers.

/var/log/kern.log

This is a very important log file as it contains information logged by the kernel.

/var/log/faillog

This file contains information on failed login attempts.

/var/log/cron

This log file records information on cron jobs.

/var/log/yum.log

It contains the information that is logged when a new package is installed using the yum command.

/var/log/maillog or /var/log/mail.log

All mail server related logs are stored here.

/var/log/httpd/

This directory contains the logs recorded by the Apache server. The informaiton is stored in two different log files – error_log and access_log.

/var/log/mysqld.log or /var/log/mysql.log

This file contains all debug, failure and success messages related to the [mysqld] and [mysqld_safe] daemon. RedHat, CentOS and Fedora store the logs under /var/log/mysqld.log, while Ubuntu and Debian store the logs in the /var/log/mysql.log directory.

Summary

Monitoring all of the system log files can be a daunting task, but a very important one. Proactively monitoring your logs will save you from crashes and down-time.

 

Posted in Linux