Chapter 36. Log Files
Log files are files that contain messages about the
system, including the kernel, services, and applications running on
it. There are different log files for different information. For example,
there is a default system log file, a log file just for security messages,
and a log file for cron tasks.
Log files can be very useful when trying to troubleshoot a problem
with the system such as trying to load a kernel driver or when
looking for unauthorized log in attempts to the system. This chapter
discusses where to find log files, how to view log files, and what to
look for in log files.
Some log files are controlled by a daemon called
syslogd. A list of log messages maintained by
syslogd can be found in the
/etc/syslog.conf configuration file.
Most log files are located in the /var/log/
directory. Some applications such as httpd and
samba have a directory within
/var/log/ for their log files.
You may notice multiple files in the log file directory with numbers
after them. These are created when the log files are rotated. Log files
are rotated so their file sizes do not become too large. The
logrotate package contains a cron task that
automatically rotates log files according to the
/etc/logrotate.conf configuration file and the
configuration files in the /etc/logrotate.d/
directory. By default, it is configured to rotate every week and keep
four weeks worth of previous log files.