0
0
Linux CLIscripting~5 mins

System logs (/var/log) in Linux CLI - Commands & Configuration

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Introduction
System logs keep track of what happens on your computer. They help you find problems or see what programs are doing by saving messages in files inside the /var/log folder.
When you want to check why your computer or a program stopped working.
When you want to see who logged into your system and when.
When you want to monitor if your system is running smoothly without errors.
When you want to find out if a service like the web server started correctly.
When you want to keep a record of system events for security or troubleshooting.
Commands
This command lists all the log files and folders inside /var/log so you can see what logs are available.
Terminal
ls /var/log
Expected OutputExpected
alternatives.log apt auth.log boot.log dpkg.log kern.log syslog wtmp
This shows the last 10 lines of the main system log file to quickly see recent system messages.
Terminal
cat /var/log/syslog | tail -n 10
Expected OutputExpected
Jun 10 10:00:01 my-computer CRON[1234]: (root) CMD (run-parts /etc/cron.hourly) Jun 10 10:00:02 my-computer systemd[1]: Started Daily apt download activities. Jun 10 10:00:02 my-computer systemd[1]: Started Daily apt upgrade and clean activities. Jun 10 10:05:01 my-computer CRON[1235]: (root) CMD (run-parts /etc/cron.daily) Jun 10 10:10:01 my-computer CRON[1236]: (root) CMD (run-parts /etc/cron.hourly) Jun 10 10:15:01 my-computer CRON[1237]: (root) CMD (run-parts /etc/cron.daily) Jun 10 10:20:01 my-computer CRON[1238]: (root) CMD (run-parts /etc/cron.hourly) Jun 10 10:25:01 my-computer CRON[1239]: (root) CMD (run-parts /etc/cron.daily) Jun 10 10:30:01 my-computer CRON[1240]: (root) CMD (run-parts /etc/cron.hourly) Jun 10 10:35:01 my-computer CRON[1241]: (root) CMD (run-parts /etc/cron.daily)
-n 10 - Shows only the last 10 lines of the file
This command searches the system log for the word 'error' to find any error messages quickly.
Terminal
grep 'error' /var/log/syslog
Expected OutputExpected
Jun 10 09:45:12 my-computer kernel: [12345.678901] error: failed to start service Jun 10 09:50:33 my-computer systemd[1]: error: service crashed unexpectedly
This command shows new authentication log entries live as they happen, useful to watch login attempts in real time.
Terminal
tail -f /var/log/auth.log
Expected OutputExpected
Jun 10 10:40:01 my-computer sshd[1300]: Accepted password for user from 192.168.1.10 port 54321 ssh2 Jun 10 10:41:05 my-computer sshd[1301]: Failed password for invalid user admin from 192.168.1.11 port 54322 ssh2
-f - Keeps the command running and shows new lines as they are added
Key Concept

If you remember nothing else from this pattern, remember: system logs in /var/log hold important messages that help you understand and fix your computer’s behavior.

Common Mistakes
Trying to read log files without proper permissions.
Most log files are owned by root and cannot be read by normal users, so the command will fail or show no output.
Use sudo before commands like 'sudo cat /var/log/syslog' to get permission to read the logs.
Using 'cat' on very large log files.
It floods the screen with too much text, making it hard to find useful information.
Use 'tail' or 'less' to view the end or scroll through the file comfortably.
Searching logs without case-insensitive options.
You might miss important messages if the word 'Error' is capitalized differently.
Use 'grep -i error /var/log/syslog' to find all variations of the word.
Summary
List log files in /var/log to see what logs are available.
Use 'tail' to view recent entries in large log files.
Use 'grep' to search logs for specific keywords like errors.
Use 'tail -f' to watch logs live as new events happen.