External Publication
Visit Post

Linux Logs Explained Simply

DEV Community [Unofficial] June 30, 2026
Source

When something breaks in Linux, experienced engineers don’t guess.

They check the logs.

👉 Logs are the “black box recorder” of a Linux system.

They tell you:

what happened when it happened why it failed

If you can read logs properly, you can debug almost anything.

What Are Logs?

Logs are records of system and application activity.

Linux constantly records:

System events Errors User activity Application behavior

Linux constantly records:

Where are Logs Stored?

Most Linux logs are stored inside:

/var/log

Check logs directory:

cd /var/log
ls

This is the first place DevOps engineers check during system issues.

Important Log Files

Log File Purpose Command to View
/var/log/syslog General system messages tail /var/log/syslog
/var/log/auth.log Login attempts & authentication tail /var/log/auth.log
/var/log/kern.log Kernel & hardware messages dmesg or tail /var/log/kern.log
/var/log/nginx/error.log Web server errors (Nginx) tail /var/log/nginx/error.log
/var/log/dmesg Boot and hardware logs dmesg

/var/log/apache2/ -> Apache logs

These logs help you identify system, security, and application-level issues.

View Logs

Using cat

cat /var/log/syslog

Good for small files.

Using less

less /var/log/syslog

Useful keys::

  • Space → Next page
  • b → Previous page
  • q→ Quit

👉 Best for large log files.

Using tail

tail /var/log/syslog

Show last 10 lines.

Real-Time Monitoring (tail -f)

tail -f /var/log/syslog

👉 -f = follow live updates

This is one of the most-used debugging commands in production servers.

Stop with:

Ctrl + C

Searching Logs with grep

grep error /var/log/syslog

Case-insensitive:

grep -i failed /var/log/auth.log

Show latest matching errors:

grep error /var/log/syslog | tail -n 50

👉 Essential for filtering huge logs quickly.

Boot & Hardware Logs (dmesg)

dmesg

Shows:

  • Boot messages
  • Hardware detection
  • Kernel events

Useful for startup and hardware troubleshooting.

Modern Log System: journalctl

Modern Linux systems use systemd logs.

journalctl

Recent errors:

journalctl -xe

Specific service logs:

journalctl -u nginx

Live monitoring:

journalctl -f

Last 1 hour:

journalctl --since "1 hour ago"

👉 journalctl is the modern replacement for many traditional log files.

What is Log Rotation?

Logs grow continuously.

Without cleanup:

  • disks fill up
  • systems slow down

Linux automatically rotates logs using:

logrotate

👉 Old logs are compressed or removed automatically.

Real-Life Troubleshooting Example

Problem: Website is not working.

systemctl status nginx
tail -f /var/log/nginx/error.log
journalctl -u nginx -xe

👉 In real systems, logs usually reveal the exact root cause.

⚠️ Common Beginner Mistakes

  • guessing instead of checking logs
  • using cat on huge files
  • deleting logs blindly
  • ignoring tail -f
  • assuming service is healthy because it says “active”

Simple Mental Model

Think of logs like CCTV recordings:

system logs → building activity auth logs → door access records kernel logs → hardware monitoring app logs → employee activity

👉 Debugging Linux = investigating evidence

Summary

what logs are where logs are stored (/var/log) important log files cat, less, tail live monitoring with tail -f searching logs with grep boot logs using dmesg modern logging with journalctl log rotation basics

Why Logs Matter

Logs are the foundation of:

Linux troubleshooting DevOps debugging production incident response server monitoring security analysis

👉 The better you read logs, the faster you solve problems.

End of Linux Beginner Series

You now learned:

Linux basics filesystem structure permissions users & groups processes disk usage networking logs & troubleshooting

That’s already more Linux knowledge than most beginners have.

Final Next Step: Linux Troubleshooting Flow for Beginners

Final Question

Which topic in this Linux series helped you the most?

And what Linux topic should the next series cover?

Discussion in the ATmosphere

Loading comments...