Logs in Linux

  Linux

Operating system logs provide a wealth of diagnostic information about your computer, and Linux is no exception. Everything from kernel events to user actions are logged by Linux, allowing you to see almost any action performed on your servers. Linux has a special directory for storing logs called /var/log. This directory contains logs from the OS itself, services, and various applications running on the system.


Syslog
Syslog is the general standard for logging system and program messages in the Linux environment. This service constitutes the system log daemon, where any program can do its logging (debug, security, normal operation) through in addition the Linux kernel messages.
Some of the most important Linux system logs include:
1./var/log/syslog and /var/log/messages store all global system activity data, including startup messages. Debian-based systems like Ubuntu store this in /var/log/syslog, while Red Hat-based systems like RHEL or CentOS use /var/log/messages.
2./var/log/auth.log and /var/log/secure store all security-related events such as logins, root user actions, and output from pluggable authentication modules (PAM). Ubuntu and Debian use /var/log/auth.log, while Red Hat and CentOS use /var/log/secure.
3./var/log/kern.log stores kernel events, errors, and warning logs, which are particularly helpful for troubleshooting custom kernels.
4./var/log/cron stores information about scheduled tasks (cron jobs). Use this data to verify that your cron jobs are running successfully.
Some applications also write log files in this directory. For example, the Apache web server writes logs to the /var/log/apache2 directory (on Debian), while MySQL writes logs to the /var/log/mysql directory.

Common Linux log files names and usage:

/var/log/messages : General message and system related stuff
/var/log/auth.log : Authenication logs
/var/log/kern.log : Kernel logs
/var/log/cron.log : Crond logs (cron job)
/var/log/qmail/ : Qmail log directory (more files inside this directory)
/var/log/httpd/ : Apache access and error logs directory
/var/log/lighttpd/ : Lighttpd access and error logs directory
/var/log/nginx/ : Nginx access and error logs directory
/var/log/apt/ : Apt/apt-get command history and logs directory
/var/log/boot.log : System boot log
/var/log/secure or /var/log/auth.log : Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log or /var/log/dnf.log: Yum/Dnf command log file.

Important cPanel & WHM services log Files:

/home/username/.cpanel/logs
This directory contains records of errors within a user’s task queue.

/usr/local/cpanel/logs/access_log
This file contains records of when a cPanel & WHM user accesses their account.

/usr/local/cpanel/logs/cphulkd_errors.log
This file contains the Brute Force Protection daemon’s (cphulkd) error logs.

/usr/local/cpanel/logs/error_log
This file contains general cPanel & WHM errors (for example, a fatal error or timeout occurred while processing this directive error).

/usr/local/cpanel/logs/license_log
This file contains the server’s license update logs and license errors.

/usr/local/cpanel/logs/login_log
This file contains the login attempts to the cpsrvd daemon.

/usr/local/cpanel/logs/safeapacherestart_log
This file contains information about each time that Apache restarted on the server.

/usr/local/cpanel/logs/session_log
This file contains logs of a user’s activities while they are logged in to the cPanel account.

/usr/local/cpanel/logs/stats_log
This file contains the bandwidth statistics for all of the server’s cPanel accounts.

/usr/local/cpanel/logs/panic_log
This file contains a cPanel account’s severe error logs – Note : This file should not contain any entries. If this file contains entries, thoroughly investigate the entries.

Directories:

/usr/local/cpanel/logs/cpbackup
This directory contains the cPanel backup log files.

/usr/local/cpanel/logs/cpbackup_transporter
This directory contains the cPanel Backup Transporter’s log files.

/usr/local/cpanel/logs/easy/apache
This directory contains the EasyApache build log files.

/var/cpanel/logs/mysql_upgrade.log
This directory contains the account’s MySQL upgrade logs.

Mail log Files:

/var/log/exim_mainlog
This file contains Exim’s mail receipt and delivery logs for the cPanel account’s domains.

/var/log/exim_rejectlog
This file contains a log of messages that the system rejected due to ACLs.

/var/log/exim_paniclog
This file contains Exim’s severe error logs – Note : This file should not contain any entries. If this file contains entries, thoroughly investigate the entries

/var/log/maillog
This file contains IMAP and POP3 login attempts, transactions, fatal errors, and Apache SpamAssassin™ scores.

/var/spool/exim/input
This directory contains a log of queued incoming email messages.

MySQL log files:

/var/log/mysqld.log
This file contains information about the cPanel account’s MySQL databases and errors in MySQL 5.7 and later and MariaDB 10.3 and later.

/var/lib/mysql/HOSTNAME.err
This file contains information about the cPanel account’s MySQL databases and errors in MySQL 5.6 and earlier and MariaDB 10.2 and earlier.

WebServer:

/usr/local/apache/domlogs/username or /usr/local/apache/domlogs/DOMAINNAME or /usr/local/apache/domlogs/domain-ssl_log
This directory contains the log data for the user’s account or domain

/var/log/apache2/modsec_audit.log
This file contains the log information for ModSecurity

/var/log/apache2/suexec_log
This file contains information about suEXEC audit logs. This is useful, for example, to diagnose internal server errors

/var/log/apache2/suphp_log
This file contains information about the suPHP Apache module audit logs. This is useful, for example, to diagnose internal server errors

/var/log/apache2/error_log
This file contains the error logs for webservers and CGI Applications.


Printing the Linux kernel ring buffer messages:
We use the dmesg command to examine or control the kernel ring buffer. The default action is to display all messages from the kernel ring buffer. For example:
sudo dmesg
sudo dmesg | grep ‘error’
sudo dmesg | grep -i -E ‘error|warn|failed’
sudo dmesg | more

LEAVE A COMMENT