{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreicuowbyxazlrvdqf4bcmngz42ii25vrhzttxwdflb4avosdrxyypq",
    "uri": "at://did:plc:25rdn5elo5izoxrmtis34zuk/app.bsky.feed.post/3mpi46tq5xqn2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreih6baxjguhrz6n2jeh63dasmzrjra7ai6cx4jehho3jruwtchbpgq"
    },
    "mimeType": "image/webp",
    "size": 48498
  },
  "path": "/sreekanth_kuruba_91721e5d/linux-logs-explained-simply-3pjn",
  "publishedAt": "2026-06-30T03:22:27.000Z",
  "site": "https://dev.to",
  "tags": [
    "linux",
    "devops",
    "beginners",
    "sysadmin"
  ],
  "textContent": "When something breaks in Linux, experienced engineers donโ€™t guess.\n\nThey check the logs.\n\n๐Ÿ‘‰ Logs are the โ€œblack box recorderโ€ of a Linux system.\n\nThey tell you:\n\nwhat happened\nwhen it happened\nwhy it failed\n\nIf you can read logs properly, you can debug almost anything.\n\n###  What Are Logs?\n\nLogs are records of system and application activity.\n\nLinux constantly records:\n\nSystem events\nErrors\nUser activity\nApplication behavior\n\nLinux constantly records:\n\n###  Where are Logs Stored?\n\nMost Linux logs are stored inside:\n\n\n\n    /var/log\n\n\nCheck logs directory:\n\n\n\n    cd /var/log\n    ls\n\n\nThis is the first place DevOps engineers check during system issues.\n\n###  Important Log Files\n\nLog File | Purpose | Command to View\n---|---|---\n`/var/log/syslog` | General system messages | `tail /var/log/syslog`\n`/var/log/auth.log` | Login attempts & authentication | `tail /var/log/auth.log`\n`/var/log/kern.log` | Kernel & hardware messages |  `dmesg` or `tail /var/log/kern.log`\n`/var/log/nginx/error.log` | Web server errors (Nginx) | `tail /var/log/nginx/error.log`\n`/var/log/dmesg` | Boot and hardware logs | `dmesg`\n\n/var/log/apache2/ -> Apache logs\n\nThese logs help you identify system, security, and application-level issues.\n\n**View Logs**\n\n**Using** `cat`\n\n\n\n    cat /var/log/syslog\n\n\nGood for small files.\n\n**Using** `less`\n\n\n\n    less /var/log/syslog\n\n\nUseful keys::\n\n  * `Space` โ†’ Next page\n  * `b` โ†’ Previous page\n  * `q`โ†’ Quit\n\n\n\n๐Ÿ‘‰ Best for large log files.\n\n**Using** `tail`\n\n\n\n    tail /var/log/syslog\n\n\nShow last 10 lines.\n\n**Real-Time Monitoring (tail -f)**\n\n\n\n    tail -f /var/log/syslog\n\n\n๐Ÿ‘‰ -f = follow live updates\n\nThis is one of the most-used debugging commands in production servers.\n\nStop with:\n\n\n\n    Ctrl + C\n\n\n**Searching Logs with grep**\n\n\n\n    grep error /var/log/syslog\n\n\nCase-insensitive:\n\n\n\n    grep -i failed /var/log/auth.log\n\n\nShow latest matching errors:\n\n\n\n    grep error /var/log/syslog | tail -n 50\n\n\n๐Ÿ‘‰ Essential for filtering huge logs quickly.\n\n**Boot & Hardware Logs (dmesg)**\n\ndmesg\n\nShows:\n\n  * Boot messages\n  * Hardware detection\n  * Kernel events\n\n\n\nUseful for startup and hardware troubleshooting.\n\n**Modern Log System:** `journalctl`\n\nModern Linux systems use **systemd logs**.\n\n\n\n    journalctl\n\n\nRecent errors:\n\n\n\n    journalctl -xe\n\n\nSpecific service logs:\n\n\n\n    journalctl -u nginx\n\n\nLive monitoring:\n\n\n\n    journalctl -f\n\n\nLast 1 hour:\n\n\n\n    journalctl --since \"1 hour ago\"\n\n\n๐Ÿ‘‰ journalctl is the modern replacement for many traditional log files.\n\n**What is Log Rotation?**\n\nLogs grow continuously.\n\nWithout cleanup:\n\n  * disks fill up\n  * systems slow down\n\n\n\nLinux automatically rotates logs using:\n\n\n\n    logrotate\n\n\n๐Ÿ‘‰ Old logs are compressed or removed automatically.\n\n###  Real-Life Troubleshooting Example\n\n**Problem:** Website is not working.\n\n\n\n    systemctl status nginx\n    tail -f /var/log/nginx/error.log\n    journalctl -u nginx -xe\n\n\n๐Ÿ‘‰ In real systems, logs usually reveal the exact root cause.\n\n###  โš ๏ธ Common Beginner Mistakes\n\n  * guessing instead of checking logs\n  * using cat on huge files\n  * deleting logs blindly\n  * ignoring tail -f\n  * assuming service is healthy because it says โ€œactiveโ€\n\n\n\n**Simple Mental Model**\n\nThink of logs like CCTV recordings:\n\nsystem logs โ†’ building activity\nauth logs โ†’ door access records\nkernel logs โ†’ hardware monitoring\napp logs โ†’ employee activity\n\n๐Ÿ‘‰ Debugging Linux = investigating evidence\n\n###  Summary\n\nwhat logs are\nwhere logs are stored (`/var/log`)\nimportant log files\n`cat`, `less`, `tail`\nlive monitoring with `tail -f`\nsearching logs with `grep`\nboot logs using `dmesg`\nmodern logging with `journalctl`\nlog rotation basics\n\n**Why Logs Matter**\n\nLogs are the foundation of:\n\nLinux troubleshooting\nDevOps debugging\nproduction incident response\nserver monitoring\nsecurity analysis\n\n๐Ÿ‘‰ The better you read logs, the faster you solve problems.\n\n**End of Linux Beginner Series**\n\nYou now learned:\n\nLinux basics\nfilesystem structure\npermissions\nusers & groups\nprocesses\ndisk usage\nnetworking\nlogs & troubleshooting\n\nThatโ€™s already more Linux knowledge than most beginners have.\n\n**Final Next Step:**\nLinux Troubleshooting Flow for Beginners\n\n**Final Question**\n\nWhich topic in this Linux series helped you the most?\n\nAnd what Linux topic should the next series cover?",
  "title": "Linux Logs Explained Simply"
}