Linux: read and monitor log files

ALL Linux systems maintain the information log files for boot processes, applications, and other events. These log files can be very helpful when you are trying to troubleshoot any system issues. This article explains, how to find and read log files in a Linux system.

Make sure you have access to Linux account with root user privileges.

How to use Linux log files

1. First, to enable root privileges, open the Linux terminal as a root user.

2. see the log files issue following command:

cd /var/log

3. To view the logs, use the following command:


The command shows all Linux log files, such as kern.log and boot.log. These files contain the necessary information about the proper function of the operating system.

Use the following example line command to access the respective file:

sudo less [log filename].log

You can watch a timeline of all information related to that operation with this command.

Also Read: Linux File Permissions – Complete guide

Note that log files are stored in plain text so they can be viewed by using the following standard commands:

zcat – To see all the contents of logfile.gz

zmore –  To see the file in pages, without decompressing the files

zgrep – To search inside a compressed file

grep – Displays all occurrences of a search term in a file or filter a log file

tail – Output the last few lines of files

head – View the very beginning of text files

Important Linux System Logs

Logs can contain too many information about operations of a system. To get to the relevant information quickly you need to have a good understanding of each type of file.

Most log directories can be grouped into one of four categories:

  1. System Logs
  2. Event Logs
  3. Application Logs
  4. Service Logs

Many of these logs can be located in the var/log subdirectory.

System Logs

Systems log files are needed for Linux to work. It contains the most significant amount of information about system functionality. The most common log files are following :

  • /var/log/boot.log: System Boot log (Stores all information related to booting operations.
  • /var/log/auth.log: Auth logs log stores all authentication logs, including successful and failed attempts.
  • /var/log/httpd/: Contains error_log and access_log files of the Apache httpd daemon. The error_log contains all errors encountered by httpd.
  • /var/log/mysqld.log: MySQL log file that logs all debug, failure, and success messages. Stores information about the starting, stopping, and restarting of MySQL daemon mysqld.
  • /var/log/debug: The debug log stores detailed messages related to debugging and is useful for troubleshooting specific operations.
  • /var/log/daemon.log: Daemon logs contains information about events related to running the Linux operation.
  • /var/log/maillog: Mail server logs store all logs related to mail servers, valuable when you need information about postfix, smtpd, or any email-related services running on your server.
  • /var/log/kern.log: Kernel logs store Kernel logs and warning data. This log is useful for troubleshooting custom kernels as well.
  • /var/log/yum.log:  if you install packages using the yum command, this log stores all related information, and is useful in determining whether a package and all components were correctly installed.

System Logging Daemon

A daemon log is a program that runs in the background and is supports system operations. These logs have their own category of logs and are important for logging operations for any system.

The path for the system login daemon’s configuration is /etc/syslog.conf.

Each file contains a selector and an action entry field. The syslogd daemon can forward log messages as well. This can be helpful for debugging purposes.

Application Logs

An application log is a file of events that are logged by a software application. It contains errors, informational events and warnings.

Log files that fall into this category include CUPS Print System logs, Rootkit Hunter log, Apache HTTP server logs, Samba SMB server logs, and X11 server log.

Non-Human-Readable Logs

Not all logs have human-readable format. Some are only meant to be read by system applications. Such files are often related to login information. They include login failure logs, last logins logs, and login records.

There are tools and software for reading Linux log files. They are not necessary for reading files as most can be read directly from the Linux terminal.


Having a good understanding of how to view and read Linux logs is necessary for troubleshooting a Linux system.

Using the proper commands and tools can simplify this process, makes you more efficient.