Linux log file

Most directories may be categorized into one of four categories:

1. Application Logs

2. Event Logs

3. Service Logs

4. System Logs

/var/log/syslog or /var/log/messages:

general alerts and data concerning the system. In essence, this log records all system-wide activity information. Note that activity for Ubuntu and other Debian-based systems is saved in syslog, but activity for Red Hat-based systems, such as CentOS or RHEL, is stored in messages.

/var/log/syslog or /var/log/messages:

general messages, as well as system-related information. Essentially, this log stores all activity data across the global system. Note that activity for Red Hat-based systems, such as CentOS or RHEL, is stored in messages, while activity for Ubuntu and other Debian-based systems is stored in Syslog.

/var/log/auth.log or /var/log/secure:

store authentication logs, including both successful and failed logins and authentication methods. Again, the system type dictates where authentication logs are stored; Debian/Ubuntu information is stored in /var/log/auth.log, while Red Hat and CentOS information is stored in /var/log/secure.

/var/log/boot.log:

a repository of all information related to booting and any messages logged during startup.

/var/log/maillog or var/log/mail.log:

stores all logs related to mail servers, useful when you need information about postfix, smtpd, or any email-related services running on your server.

/var/log/kern:

stores kernel logs and warning data. This log is valuable for troubleshooting custom kernels as well.

/var/log/dmesg:

messages relating to device drivers. The command “dmesg” can be used to view messages in this file.

/var/log/faillog:

This file contains information on all failed login attempts, which is useful for gaining insights on attempted security breaches, such as those attempting to hack login credentials as well as brute-force attacks.

/var/log/cron:

stores all Crond-related messages (cron jobs), such as when the cron daemon initiated a job, related failure messages, etc.

/var/log/yum.log:

if you install packages using the yum command, this log stores all related information, which can be useful in determining whether a package and all components were correctly installed.

/var/log/httpd/:

a directory containing error_log and access_log files of the Apache httpd daemon. The error_log contains all errors encountered by httpd. These errors include memory issues and other system-related errors. access_log contains a record of all requests received over HTTP.

/var/log/mysqld.log or /var/log/mysql.log:

MySQL log file that logs all debug, failure, and success messages.