Examining Logfiles

You can learn a lot about the activity of your system by reviewing the logfiles it creates. At times, it will be necessary to debug problems using logged information. Since most of the logfiles are plain text, it is very easy to review their contents with tools such as tail, less, and grep.

Syslogd stores the messages it creates with the following information, separated by (but also including) spaces:

  • Date/time

  • Origin hostname

  • Message sender (such as kernel, sendmail, or a username)

  • Message text

Typical messages will look like this:

Aug  3 18:45:16 moya kernel: Partition check:
Aug  3 18:45:16 moya kernel: sda: sda1 sda2 sda3 < sda5 sda6 sda7 \
                                                   sda8 sda9 sda10 > sda4
Aug  3 18:45:16 moya kernel: SCSI device sdb: 195369520 512-byte \
                                                  hdwr sectors (100029 MB)
Aug  3 18:45:16 moya kernel:  sdb: sdb1
Aug  3 18:45:16 moya kernel: Journalled Block Device driver loaded
Aug  3 18:45:16 moya kernel: kjournald starting.  Commit interval 5 seconds
Aug  3 18:45:16 moya kernel: EXT3-fs: mounted filesystem with ordered data
                                                  mode.
Aug  3 18:45:16 moya kernel: Freeing unused kernel memory: 116k freed
Aug  3 18:45:16 moya kernel: Adding Swap: 1044216k swap-space (priority -1)

In this case, moya is the hostname, and the messages are coming from the kernel. At any time, you can review the entire contents of your logfiles using less:

# less /var/log/messages

You can then page through the file. This is a good way to become familiar with the types of messages you’ll see on your system. To actively monitor ...

Get LPI Linux Certification in a Nutshell, 3rd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.