This article identifies what is in each of the Linux® logs, where they are
stored, and which distributions (distro) use the logs.
For most of the following logs, you can use
to view the log details. Exceptions to this rule are noted in the descriptions.
/var/log/alternatives.log (Ubuntu® operating system/Debian® (DEB))
Stores information from
/var/log/apache2/access.log (Ubuntu operating system/DEB)
Stores requests, such as HTTP
POSTrequests, that are processed
by Apache®. Parse these logs by using log parsers such as
webalizer. Configure this log by using the
/var/log/apache2/error.log (Ubuntu operating system/DEB)
Stores all Apache errors and diagnostic information found while serving
requests. The location of the error.log file is set by the
Stores information from the Linux audit daemon (
auditd). This log contains
information about the files on which users perform reads or writes. For example,
you can use this log to determine who changed a specific file.
Contains system authorization information, including user logins and
which authentication mechanism was used.
Contains information about the boot process after the kernel is loaded.
Information includes things such as system file checks, mounting a
file system, starting a firewall, starting network devices, and starting services.
Contains failed login attempts. Use the
lastcommand to view this log.
last -f /var/log/btmp |more
Stores information from
anacronafter they start a cron
Contains kernel information about hardware and devices detected during the
boot process. This file is overwritten when new messages are sent to it, such
as during the next boot.
/var/log/dpkg.log (Ubuntu operating system/DEB)
Stores information that is logged when a package is installed or removed by
Contains failed user login attempts. Use
faillogto access the information.
/var/log/kern.log (Ubuntu operating system/DEB, and can be configured for Centos® and Red Hat®)
Contains log details from the kernel's initialization at system bootup, as well
as any kernel errors or informational messages that are sent from the kernel.
Displays recent login information. Run this command to view the log entries.
/var/log/maillog.log (Centos/Red Hat)
Stores information from the mail server that is running on your system, such
as Sendmail® logging information.
/var/log/mail.log (Ubuntu operating system/DEB)
Stores information from the mail server that is running on your system, similar
to maillog.log for the Centos and Red Hat flavors.
Contains additional logs provided by your mail server. For example: Sendmail
stores collected mail statistics in /var/log/mail/statistics.
/var/log/messages (Centos/Red Hat)
Contains global system messages, including the messages logged during boot.
Log entries include information from
and so on.
sarfiles collected by the
Contains log information stored by the
sambadaemon, which is used to
connect to Microsoft® Windows® and Linux file systems.
Used by SELinux to capture security issues in files and log that information.
/var/log/secure (Centos/Red Hat)
Stores information related to authentication and authorization privileges.
sshdlogs all information here, including unsuccessful attempts.
var/log/wtmp or /var/log/utmp
Contains login records and shows who is logged into the system. The
command uses this file to display the information.
/var/log/yum.log (Centos/Red Hat)
Stores information that is logged when a package is installed or removed.
Updated 26 days ago