Log files are some of the most important files on your server. Most applications will support logging information while they run. They can provide information about what an application is doing and also what errors may have occurred should the application crash. But how can we access them quickly and easily?
Viewing Log Files On Your Server
These files are normally stored in the /var/log directory and normally consist of plain text files with new log entries written to the end of the files. As such, the standard Linux text editing tools can be used to view them.
The first tool we’ll look at is the tail tool. Tail is designed to open a text file and display the lines from the end of the file. For log files this will allow you to see the most recent entries. Without any arguments tail will show the last ten lines from the file. The -n flag can be used to specify the number of lines that you wish to view. For an example, if we wanted to see the last 20 lines of /var/log/messages we could use:
tail -n 20 /var/log/messages
Another useful flag for the tail command is the -f flag. This flag causes tail to keep the file open after displaying the contents as per any supplied -n flag, and will then display any lines that are later added to the file as they are written to it. This is helpful as it can allow you to start watching a log file whilst attempting to repeat the actions that caused a problem, meaning that you can see the log entries come in real time.
The next tool we’ll be looking at is less. The less tool allows you to browse through a file quickly and easily, navigating forward and backward through it. While this is similar to what you can do with text editing tools such as vi or nano. These tools rely on opening the entire file before displaying it, which can be very slow in the case of large log files. The less tool only opens as much of the file as it needs for you to view it. This means that the tool lets you scroll through large log files faster. Less has many more options and functions beyond simply scrolling through files. Fortunately, there’s a built in help option that can be accessed by pressing the h key while viewing a file in less. Another useful key is the q key which will quit the tool. You can utilize less with the simple command:
The last tool we’ll look at is grep. This tool is used for searching files for specific text strings within files. Using grep is fairly simple, but requires the specific string and the file to allow for easy search. For example, let’s look at the following command:
grep root /var/log/auth.log
This uses grep to search for the word root in the file /var/log/auth.log, which should highlight any authentications against the root user account. Asterisks can be used with the filename in order to search multiple files simultaneously. The following command will search for the word root in all of the files in the /var/log directory:
grep root /var/log/*
You can also have grep show lines before and after the line with the search match which can help give some context with your search. There are three flags for this:
-A [num] Print [num] lines after the matching line
-B [num] Print [num] lines before the matching line
-C [num] Print [num] lines before and after the matching line
An example of using these flags would be to use the following command to find out what happened after inserting a USB device:
grep -A 10 usb /var/log/syslog
While any tool designed to handle text files can be used to look at logfiles, tail, less and grep will likely make up the functionality that you will need the majority of time when managing a Linux dedicated server or VPS. Don’t forget that if you need any extra information, that each tool offers man pages to help. Each page will be packed with everything you could ever need to know to work with any of the tools we covered.