An Introduction to Logs for Newbies: Pt. 1
Logs are an important part of maintaining and managing a Linux system. This is a brief tutorial for accessing and reading a Linux log. First, you need to open a terminal window, you will first see a prompt similar to this on most systems.
You then need to type this:
This will bring up the contents of the root partition. You can see all of the various directories in the root partition such as these:
You must focus your attentions to the var directory because it contains all of the logs for your system.You should next type:
This will bring up the var directory which will look like this:
You must next go to the log sub-directory:
This will show the contents of the log sub-directory:
All of these are logs that you can access and view. The types, names, and kinds of logs vary from system to system. For the purpose of this tutorial we will focus on the messages log.
At this point you will need to type this command:
You will need to enter the root password for your system. Now you can type this command:
or
This should bring up a long scrolldown of messages much like this:
You can then look through the log to find out what you need to find out.
Please note: Once again, the contents of the various folders will vary from system to system. So you may not be able to follow this tutorial exactly.
If you have any questions feel free to ask! I'm always ready to help.
Part 2 coming soon!!
Code:
nbiser@linux-vqbm:~>
Code:
ls /
Code:
bin dev home lib64 media opt root sbin srv tmp var boot etc lib lost+found mnt proc run selinux sys usr
Code:
ls /var
Code:
adm cache crash games lib lock log mail opt run spool tmp X11R6 yp
Code:
ls /var/log
Code:
acpid firewall mail.warn snapper.log alternatives.log journal messages sssd boot.kiwi kdm.log NetworkManager warn boot.log krb5 news wtmp btmp lastlog ntp Xorg.0.log config.log localmessages pk_backend_zypp Xorg.0.log.old ConsoleKit mail pk_backend_zypp-1 YaST2 cups mail.err pm-powersave.log zypp faillog mail.info smpppd zypper.log
At this point you will need to type this command:
Code:
su root
Code:
more /var/log/messages
Code:
less /var/log/messages
Code:
Apr 15 16:06:26 linux kernel: imklog 5.8.11, log source = /proc/kmsg started. Apr 15 16:06:26 linux rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1087" x-info="http://www.rsyslog.com"] start Apr 15 16:06:26 linux kernel: [ 0.000000] Initializing cgroup subsys cpuset Apr 15 16:06:26 linux kernel: [ 0.000000] Initializing cgroup subsys cpu Apr 15 16:06:26 linux kernel: [ 0.000000] Linux version 3.4.6-2.10-desktop (geeko@buildhost) (gcc version 4.7.1 20120723 [gcc-4_7-branch revision 189773] (SUSE Linux) ) #1 SMP PREEMPT Thu J ul 26 09:36:26 UTC 2012 (641c197) Apr 15 16:06:26 linux kernel: [ 0.000000] Command line: initrd=initrd ramdisk_size=512000 ramdisk_blocksize=4096 splash=silent quiet preloadlog=/dev/null vga=0x333 Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-provided physical RAM map: Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 0000000000000000 - 000000000009f800 (usable) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 000000000009f800 - 00000000000a0000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000000ca000 - 00000000000cc000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000000dc000 - 0000000000100000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 0000000000100000 - 000000003fee0000 (usable) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 000000003fee0000 - 000000003feff000 (ACPI data) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 000000003feff000 - 000000003ff00000 (ACPI NVS) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 000000003ff00000 - 0000000040000000 (usable) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000e0000000 - 00000000f0000000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000fee00000 - 00000000fee01000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] BIOS-e820: 00000000fffe0000 - 0000000100000000 (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] NX (Execute Disable) protection: active Apr 15 16:06:26 linux kernel: [ 0.000000] DMI present. Apr 15 16:06:26 linux kernel: [ 0.000000] DMI: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 07/02/2012 Apr 15 16:06:26 linux kernel: [ 0.000000] Hypervisor detected: VMware Apr 15 16:06:26 linux kernel: [ 0.000000] e820 update range: 0000000000000000 - 0000000000010000 (usable) ==> (reserved) Apr 15 16:06:26 linux kernel: [ 0.000000] e820 remove range: 00000000000a0000 - 0000000000100000 (usable) Apr 15 16:06:26 linux kernel: [ 0.000000] No AGP bridge found Apr 15 16:06:26 linux kernel: [ 0.000000] last_pfn = 0x40000 max_arch_pfn = 0x400000000 Apr 15 16:06:26 linux kernel: [ 0.000000] MTRR default type: uncachable Apr 15 16:06:26 linux kernel: [ 0.000000] MTRR fixed ranges enabled: Apr 15 16:06:26 linux kernel: [ 0.000000] 00000-9FFFF write-back Apr 15 16:06:26 linux kernel: [ 0.000000] A0000-BFFFF uncachable Apr 15 16:06:26 linux kernel: [ 0.000000] C0000-CBFFF write-protect Apr 15 16:06:26 linux kernel: [ 0.000000] CC000-EFFFF uncachable Apr 15 16:06:26 linux kernel: [ 0.000000] F0000-FFFFF write-protect
Please note: Once again, the contents of the various folders will vary from system to system. So you may not be able to follow this tutorial exactly.
If you have any questions feel free to ask! I'm always ready to help.
Part 2 coming soon!!
Total Comments 0