Chapter 35.323Log FilesLog files are files that contain messages about the system, including the kernel, services, andapplications running on it. There are different log files for different information. For example, there is adefault system log file, a log file just for security messages, and a log file for cron tasks.Log files can be very useful when trying to troubleshoot a problem with the system such as tryingto load a kernel driver or when looking for unauthorized log in attempts to the system. This chapterdiscusses where to find log files, how to view log files, and what to look for in log files.Some log files are controlled by a daemon called syslogd. A list of log messages maintained bysyslogd can be found in the /etc/syslog.conf configuration file.35.1. Locating Log FilesMost log files are located in the /var/log/ directory. Some applications such as httpd and sambahave a directory within /var/log/ for their log files.You may notice multiple files in the log file directory with numbers after them. These are createdwhen the log files are rotated. Log files are rotated so their file sizes do not become too large. Thelogrotate package contains a cron task that automatically rotates log files according to the /etc/logrotate.conf configuration file and the configuration files in the /etc/logrotate.d/ directory.By default, it is configured to rotate every week and keep four weeks worth of previous log files.35.2. Viewing Log FilesMost log files are in plain text format. You can view them with any text editor such as Vi or Emacs.Some log files are readable by all users on the system; however, root privileges are required to readmost log files.To view system log files in an interactive, real-time application, use the Log Viewer. To start theapplication, go to Applications (the main menu on the panel) => System Tools => System Logs, ortype the command system-logviewer at a shell prompt.The application only displays log files that exist; thus, the list might differ from the one shown inFigure 35.1, “Log Viewer”.To filter the contents of the log file for keywords, type the keyword(s) in the Filter for text field, andclick Filter. Click Reset to reset the contents.
