Please contact your support team if you have a question or need assistance for any Rackspace products, services, or articles.
What Linux Logs do what, and where are they?
This article will identify what is in each of your logs and where they are and what distro certain logs are associated with.
Unless specified otherwise in the below log description you can use vi,less,tail, or cat to look at this info.
Alternitive logs information from update-alternatives into this log file.
Access Log file records incoming requests and all requests processed by apache. Such as HTTP get and post requests.These logs can be parsed by log parsers such as awstats or webalizer. This is configurable by the CustomLog directive.
All Apache errors and diagnostic information found while serving requests are stored here. Location of the error.log file is set by ErrorLog Directive.
Stores information from Linux Audit deamon (auditd). This log contains information on what users perform read/writes to . An example is you can determine who changed a specific file.
Contains system authorization information, including user logins and authentication machinsm that were used.
Contains information pertaining to the boot process after the kernel has loaded. Information such as system file check, mounting of the filesystem, starting firewall, starting network devices and starting services.
This will contain failed login attempts. Use the 'last' command to view this log. Example: last -f /var/log/btmp |more
When crondaemon or anacron starts a cron job the information the information about the cron job is stored here.
Contains Kernel information about hardware and devices detected during the boot process. This file is overwritten when new messages are sent to it. Example: the next boot.
This has information that is logged when a package is installed or removed using the dpkg command.
Log file contains user failed login attempts. faillog is a command that access's the information.
/var/log/kern.log (Ubuntu/Deb, can be configured for Centos/Redhat)
kern.log contains the logging from the kernels initialization at system bootup, as well as any kernel errors or informational messages that are sent from the kernel
Displays recent login information. This is a command that is run to view the information provided.
Information from the mail server that is running on your system. Example Sendmail logging information.
Same information as Maillog.log for Centos/Redhat flavors.
This folder will contain additional logs provided by your mail server. Example: sendmail stores collected mail statistics in /var/log/mail/statistics.
Contains global system messages, including the messages logged during boot. Several things are logged in this file including mail, cron, daemon, kern, auth, etc.
Contains daily sar files collected by sysstat package.
/var/log/samba/ Contains log information stored by samba daemon. Used to connect to windows/linux filesystems.
SELinux uses setroubleshootd (SE Trouble Shoot Daemon) to notify about issues in the security context of files, and logs those information in this log file.
Information related to Authentication and authorization privileges. Exmample sshd logs all information here including unsuccessful attempts.
var/log/wtmp or /var/log/utmp
Contains login records. Using wtmp you can find out who is logged into the system. who command uses this file to display the information.
Information that is logged when a package is installed or removed is stored here.
The Rackspace Community (“Community”) is provided “AS IS” without warranty of any kind. The information on the Community sites is created by members of the Community and is intended for reference and general discussions only. Although some of the content may contain information provided by Rackspace employees, it does not represent an assessment of a particular customer environment or an assessment of any specific compliance with laws or regulations or constitute advice. We recommend that you engage additional expertise in order to further evaluate applicable requirements for your specific environment. For customer specific support issues please contact your Rackspace Support Team.READ MORE
RACKSPACE MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, AS TO THE ACCURACY OR COMPLETENESS OF THE CONTENTS OF THE RACKSPACE OPEN CLOUD COMMUNITY SITE. RACKSPACE RESERVES THE RIGHT TO DISCONTINUE OR MAKE CHANGES TO ITS SERVICES OFFERINGS AND SPECIFICATIONS AT ANY TIME WITHOUT NOTICE. USERS MUST TAKE FULL RESPONSIBILITY FOR APPLICATION OF ANY SERVICES AND/OR PROCESSES MENTIONED IN ANY COMMUNITY DISCUSSIONS. EXCEPT AS SET FORTH IN RACKSPACE GENERAL TERMS AND CONDITIONS, CLOUD TERMS OF SERVICE AND/OR OTHER AGREEMENT YOU SIGN WITH RACKSPACE, RACKSPACE ASSUMES NO LIABILITY WHATSOEVER, AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO ITS SERVICES INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NONINFRINGEMENT.
ALTHOUGH PART OF THE COMMUNITY GENERATED CONTENT MAY EXPLAIN HOW RACKSPACE SERVICES MAY WORK WITH THIRD PARTY PRODUCTS, THE INFORMATION CONTAINED IN THE COMMUNITY DISCUSSIONS IS NOT DESIGNED TO WORK WITH ALL SCENARIOS. ANY USE OR CHANGES TO THIRD PARTY PRODUCTS AND/OR CONFIGURATIONS SHOULD BE MADE AT THE DISCRETION OF YOUR ADMINISTRATORS AND SUBJECT TO THE APPLICABLE TERMS AND CONDITIONS OF SUCH THIRD PARTY. EVEN THOUGH RACKSPACE EMPLOYEES MAY PARTICIPATE IN THE COMMUNITY DISCUSSIONS, RACKSPACE DOES NOT PROVIDE TECHNICAL SUPPORT FOR THIRD PARTY PRODUCTS, OTHER THAN SPECIFIED IN YOUR HOSTING SERVICES AGREEMENT YOU HAVE SIGNED WITH RACKSPACE AND RACKSPACE ACCEPTS NO RESPONSIBILITY FOR THIRD-PARTY PRODUCTS.READ LESS