It is important to understand how Linux handles logging. With understanding the basics of log files in Linux it can help you troubleshoot and determine what has taken place within your system. One of the great things about Linux is that is has a special directory for storing logs: /var/log. This directory contains logs from the OS, services and applications that are running on the system. I encourage you to go explore this directory and view various log files to see what information you can learn while viewing them.

• /var/log/syslog

  • Stores all system data, including startup message.

• /var/log/auth.log

  • Stores all security related events like logins, root user actions and output from PAM (Pluggable Authentication Modules).

• /var/log/kern.log

  • Stores all kernel events, errors or warnings. This is helpful with troubleshooting kernel issues.

• /var/log/cron

  • Stores information about scheduled tasks.

Linux uses a utility called syslogd and it has been around for many decades. Syslog provides a protocol that can transfer event messages between computers and even applications! You can read about Syslog in RFC 5424. This course is not going to focus on setting up and maintain syslog, but you should understand what syslog does and where logs are stored.