View and Configure Linux Logs on Centos7
Linux and the applications that run on it can generate all different types of messages, which are recorded in various log files. Linux uses a set of configuration files, directories, programs, commands and daemons to create, store and recycle these log messages. Knowing where the system keeps its log files and how to make use of related commands can therefore help save valuable time during troubleshooting.
Default Log File Location
The default location for log files in Linux is /var/log.
You can view the list of log files in this directory by below commands
# ls -l /var/log
To see who is currently logged in to the Linux server, simply use the who command.
In this particular case, I am the sole user of the system. I am accessing it as root via SSH session.
The last command tells us the login history of users
# last | grep root
In this example, I am trying to find the login history of the user root. As you can see, there were couple of instances where he managed to crash the system.
To find out when was the system last rebooted, we can run the following command.
# last reboot
To see when did someone last log in to the system, use lastlog
For other text-based log files, you can use cat, head or tail commands to read the contents.
In the example below, I am trying to look at the last lines of /var/log/messages file.
# tail /var/log/messages
The rsyslog Daemon
At the heart of the logging mechanism is the rsyslog daemon. This service is responsible for listening to log messages from different parts of a Linux system and routing the message to an appropriate log file in the /var/log directory. It can also forward log messages to another Linux server.
The rsyslog daemon gets its configuration information from the
rsyslog.conf file. The file is located under the /etc directory.
Here is excerpt from a CentOS rsyslog.conf file.
These are the ways to find the logs in centOS 7.