Logs are your window into system behavior. Learning to analyze them effectively is crucial for troubleshooting and monitoring.
Log Locations
/var/log/syslog # System logs
/var/log/auth.log # Authentication logs
/var/log/nginx/ # Web server logs
/var/log/apache2/ # Apache logs
/var/log/messages # General messages
Viewing Logs
tail -f /var/log/syslog # Follow in real-time
less /var/log/syslog # Browse interactively
grep "error" /var/log/syslog # Search for errors
journalctl (systemd)
journalctl -f # Follow logs
journalctl -u service # Service-specific
journalctl --since "1 hour ago" # Time-based
journalctl -p err # Error level
journalctl -k # Kernel messages
Common Analysis Tasks
Find Errors
grep -i error /var/log/syslog | tail -20
journalctl -p err --since today
Count Occurrences
grep "pattern" logfile | wc -l
awk '{print $1}' logfile | sort | uniq -c
Extract Timestamps
grep "pattern" logfile | awk '{print $1, $2, $3}'
Log Rotation
Logs are rotated to prevent disk fill:
logrotate -d /etc/logrotate.conf # Dry run
logrotate -f /etc/logrotate.conf # Force rotation
Monitoring Tools
# Watch logs in real-time
tail -f /var/log/nginx/access.log | grep "404"
# Monitor multiple logs
multitail /var/log/syslog /var/log/auth.log
Best Practices
- Regular log review
- Automated log analysis scripts
- Centralized logging for multiple systems
- Proper log retention policies
Effective log analysis helps you catch issues early and understand system behavior.