When you are working with Ubuntu, there are a few things that you need to be aware of. One of these is the system log files. The system log files store all the activity that has taken place on the computer over time. They can be used to track down problems and to help you debug issues. To view and write to the system log files, you first need to create a new directory on your computer. Then, you will need to install the logging software that is used by Ubuntu. This software is called syslog-ng. Once syslog-ng has been installed, you will need to create a new directory for your logs. This directory should be named after the name of your computer - for example, “ubuntu”. Next, you will need to add the following line to your /etc/syslog-ng/syslogrc file: LOG_FILE=/var/log/ubuntu/. LOG_FORMAT="%Y%m%d %H:%M:%S"
Linux logs a large amount of events to the disk, where they’re mostly stored in the /var/log directory in plain text. Most log entries go through the system logging daemon, syslogd, and are written to the system log.
Ubuntu includes a number of ways of viewing these logs, either graphically or from the command-line. You can also write your own log messages to the system log — particularly useful in scripts.
Viewing Logs Graphically
To view log files using an easy-to-use, graphical application, open the Log File Viewer application from your Dash.
The Log File Viewer displays a number of logs by default, including your system log (syslog), package manager log (dpkg.log), authentication log (auth.log), and graphical server log (Xorg.0.log). You can view all the logs in a single window — when a new log event is added, it will automatically appear in the window and will be bolded. You can also press Ctrl+F to search your log messages or use the Filters menu to filter your logs.
If you have other log files you want to view — say, a log file for a specific application — you can click the File menu, select Open, and open the log file. It will appear alongside the other log files in the list and will be monitored and automatically updated, like the other logs.
Writing to the System Log
The logger utility allows you to quickly write a message to your system log with a single, simple command. For example, to write the message Hello World to your system log, use the following command:
You may also wish to specify additional information — for example, if you’re using the logger command within a script, you may want to include the name of the script:
Viewing Logs in the Terminal
The dmesg command displays the Linux kernel’s message buffer, which is stored in memory. Run this command and you’ll get a lot of output.
To filter this output and search for the messages you’re interested in, you can pipe it to grep:
You can also pipe the output of the dmesg command to less, which allows you to scroll through the messages at your own pace. To exit less, press Q.
If a grep search produces a large amount of results, you can pipe its output to less, too:
In addition to opening the log files located in /var/log in any text editor, you can use the cat command to print the contents of a log (or any other file) to the terminal:
Like the dmesg command above, this will produce a large amount of output. You can use the grep and less commands to work with the output:
Other useful commands include the head and tail commands. head prints the first n lines in a file, while tail prints the last n lines in the file — if you want to view recent log messages, the tail command is particularly useful.
less /var/log/syslog
tail -n 10 /var/log/syslog
Some applications may not write to the system log and may produce their own log files, which you can manipulate in the same way — you’ll generally find them in the /var/log directory, too. For example, the Apache web server usually creates a /var/log/apache2 directory containing its logs, though you can check the apache configuration files to see exactly where they are going for your distribution.