LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Blogs > Nbiser
User Name
Password

Notices

Rate this Entry

An Introduction to Logs for Newbies: Pt. 1

Posted 04-16-2013 at 01:38 PM by Nbiser
Updated 04-16-2013 at 01:47 PM by Nbiser

Logs are an important part of maintaining and managing a Linux system. This is a brief tutorial for accessing and reading a Linux log. First, you need to open a terminal window, you will first see a prompt similar to this on most systems.

Code:
nbiser@linux-vqbm:~>
You then need to type this:
Code:
ls /
This will bring up the contents of the root partition. You can see all of the various directories in the root partition such as these:
Code:
bin   dev  home  lib64       media  opt   root  sbin     srv  tmp  var
boot  etc  lib   lost+found  mnt    proc  run   selinux  sys  usr
You must focus your attentions to the var directory because it contains all of the logs for your system.You should next type:
Code:
ls /var
This will bring up the var directory which will look like this:
Code:
adm  cache  crash  games  lib  lock  log  mail  opt  run  spool  tmp  X11R6  yp
You must next go to the log sub-directory:
Code:
ls /var/log
This will show the contents of the log sub-directory:
Code:
acpid             firewall       mail.warn          snapper.log
alternatives.log  journal        messages           sssd
boot.kiwi         kdm.log        NetworkManager     warn
boot.log          krb5           news               wtmp
btmp              lastlog        ntp                Xorg.0.log
config.log        localmessages  pk_backend_zypp    Xorg.0.log.old
ConsoleKit        mail           pk_backend_zypp-1  YaST2
cups              mail.err       pm-powersave.log   zypp
faillog           mail.info      smpppd             zypper.log
All of these are logs that you can access and view. The types, names, and kinds of logs vary from system to system. For the purpose of this tutorial we will focus on the messages log.

At this point you will need to type this command:
Code:
su root
You will need to enter the root password for your system. Now you can type this command:
Code:
more /var/log/messages
or
Code:
less /var/log/messages
This should bring up a long scrolldown of messages much like this:
Code:
Apr 15 16:06:26 linux kernel: imklog 5.8.11, log source = /proc/kmsg started.
Apr 15 16:06:26 linux rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1087" x-info="http://www.rsyslog.com"] start
Apr 15 16:06:26 linux kernel: [    0.000000] Initializing cgroup subsys cpuset
Apr 15 16:06:26 linux kernel: [    0.000000] Initializing cgroup subsys cpu
Apr 15 16:06:26 linux kernel: [    0.000000] Linux version 3.4.6-2.10-desktop (geeko@buildhost) (gcc version 4.7.1 20120723 [gcc-4_7-branch revision 189773] (SUSE Linux) ) #1 SMP PREEMPT Thu J
ul 26 09:36:26 UTC 2012 (641c197)                                                                                                                                                               
Apr 15 16:06:26 linux kernel: [    0.000000] Command line: initrd=initrd ramdisk_size=512000 ramdisk_blocksize=4096 splash=silent quiet preloadlog=/dev/null vga=0x333                          
Apr 15 16:06:26 linux kernel: [    0.000000] BIOS-provided physical RAM map:                                                                                                                    
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 0000000000000000 - 000000000009f800 (usable)                                                                                           
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved)                                                                                         
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved)                                                                                         
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved)                                                                                         
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 0000000000100000 - 000000003fee0000 (usable)                                                                                           
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 000000003fee0000 - 000000003feff000 (ACPI data)                                                                                        
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 000000003feff000 - 000000003ff00000 (ACPI NVS)                                                                                         
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 000000003ff00000 - 0000000040000000 (usable)                                                                                           
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved)                                                                                         
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved)
Apr 15 16:06:26 linux kernel: [    0.000000]  BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved)
Apr 15 16:06:26 linux kernel: [    0.000000] NX (Execute Disable) protection: active
Apr 15 16:06:26 linux kernel: [    0.000000] DMI present.
Apr 15 16:06:26 linux kernel: [    0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2012
Apr 15 16:06:26 linux kernel: [    0.000000] Hypervisor detected: VMware
Apr 15 16:06:26 linux kernel: [    0.000000] e820 update range: 0000000000000000 - 0000000000010000 (usable) ==> (reserved)
Apr 15 16:06:26 linux kernel: [    0.000000] e820 remove range: 00000000000a0000 - 0000000000100000 (usable)
Apr 15 16:06:26 linux kernel: [    0.000000] No AGP bridge found
Apr 15 16:06:26 linux kernel: [    0.000000] last_pfn = 0x40000 max_arch_pfn = 0x400000000
Apr 15 16:06:26 linux kernel: [    0.000000] MTRR default type: uncachable
Apr 15 16:06:26 linux kernel: [    0.000000] MTRR fixed ranges enabled:
Apr 15 16:06:26 linux kernel: [    0.000000]   00000-9FFFF write-back
Apr 15 16:06:26 linux kernel: [    0.000000]   A0000-BFFFF uncachable
Apr 15 16:06:26 linux kernel: [    0.000000]   C0000-CBFFF write-protect
Apr 15 16:06:26 linux kernel: [    0.000000]   CC000-EFFFF uncachable
Apr 15 16:06:26 linux kernel: [    0.000000]   F0000-FFFFF write-protect
You can then look through the log to find out what you need to find out.

Please note: Once again, the contents of the various folders will vary from system to system. So you may not be able to follow this tutorial exactly.

If you have any questions feel free to ask! I'm always ready to help.

Part 2 coming soon!!
Posted in Uncategorized
Views 353 Comments 0
« Prev     Main     Next »
Total Comments 0

Comments

 

  



All times are GMT -5. The time now is 03:35 PM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration