{
"$type": "site.standard.document",
"bskyPostRef": {
"cid": "bafyreicuowbyxazlrvdqf4bcmngz42ii25vrhzttxwdflb4avosdrxyypq",
"uri": "at://did:plc:25rdn5elo5izoxrmtis34zuk/app.bsky.feed.post/3mpi46tq5xqn2"
},
"coverImage": {
"$type": "blob",
"ref": {
"$link": "bafkreih6baxjguhrz6n2jeh63dasmzrjra7ai6cx4jehho3jruwtchbpgq"
},
"mimeType": "image/webp",
"size": 48498
},
"path": "/sreekanth_kuruba_91721e5d/linux-logs-explained-simply-3pjn",
"publishedAt": "2026-06-30T03:22:27.000Z",
"site": "https://dev.to",
"tags": [
"linux",
"devops",
"beginners",
"sysadmin"
],
"textContent": "When something breaks in Linux, experienced engineers donโt guess.\n\nThey check the logs.\n\n๐ Logs are the โblack box recorderโ of a Linux system.\n\nThey tell you:\n\nwhat happened\nwhen it happened\nwhy it failed\n\nIf you can read logs properly, you can debug almost anything.\n\n### What Are Logs?\n\nLogs are records of system and application activity.\n\nLinux constantly records:\n\nSystem events\nErrors\nUser activity\nApplication behavior\n\nLinux constantly records:\n\n### Where are Logs Stored?\n\nMost Linux logs are stored inside:\n\n\n\n /var/log\n\n\nCheck logs directory:\n\n\n\n cd /var/log\n ls\n\n\nThis is the first place DevOps engineers check during system issues.\n\n### Important Log Files\n\nLog File | Purpose | Command to View\n---|---|---\n`/var/log/syslog` | General system messages | `tail /var/log/syslog`\n`/var/log/auth.log` | Login attempts & authentication | `tail /var/log/auth.log`\n`/var/log/kern.log` | Kernel & hardware messages | `dmesg` or `tail /var/log/kern.log`\n`/var/log/nginx/error.log` | Web server errors (Nginx) | `tail /var/log/nginx/error.log`\n`/var/log/dmesg` | Boot and hardware logs | `dmesg`\n\n/var/log/apache2/ -> Apache logs\n\nThese logs help you identify system, security, and application-level issues.\n\n**View Logs**\n\n**Using** `cat`\n\n\n\n cat /var/log/syslog\n\n\nGood for small files.\n\n**Using** `less`\n\n\n\n less /var/log/syslog\n\n\nUseful keys::\n\n * `Space` โ Next page\n * `b` โ Previous page\n * `q`โ Quit\n\n\n\n๐ Best for large log files.\n\n**Using** `tail`\n\n\n\n tail /var/log/syslog\n\n\nShow last 10 lines.\n\n**Real-Time Monitoring (tail -f)**\n\n\n\n tail -f /var/log/syslog\n\n\n๐ -f = follow live updates\n\nThis is one of the most-used debugging commands in production servers.\n\nStop with:\n\n\n\n Ctrl + C\n\n\n**Searching Logs with grep**\n\n\n\n grep error /var/log/syslog\n\n\nCase-insensitive:\n\n\n\n grep -i failed /var/log/auth.log\n\n\nShow latest matching errors:\n\n\n\n grep error /var/log/syslog | tail -n 50\n\n\n๐ Essential for filtering huge logs quickly.\n\n**Boot & Hardware Logs (dmesg)**\n\ndmesg\n\nShows:\n\n * Boot messages\n * Hardware detection\n * Kernel events\n\n\n\nUseful for startup and hardware troubleshooting.\n\n**Modern Log System:** `journalctl`\n\nModern Linux systems use **systemd logs**.\n\n\n\n journalctl\n\n\nRecent errors:\n\n\n\n journalctl -xe\n\n\nSpecific service logs:\n\n\n\n journalctl -u nginx\n\n\nLive monitoring:\n\n\n\n journalctl -f\n\n\nLast 1 hour:\n\n\n\n journalctl --since \"1 hour ago\"\n\n\n๐ journalctl is the modern replacement for many traditional log files.\n\n**What is Log Rotation?**\n\nLogs grow continuously.\n\nWithout cleanup:\n\n * disks fill up\n * systems slow down\n\n\n\nLinux automatically rotates logs using:\n\n\n\n logrotate\n\n\n๐ Old logs are compressed or removed automatically.\n\n### Real-Life Troubleshooting Example\n\n**Problem:** Website is not working.\n\n\n\n systemctl status nginx\n tail -f /var/log/nginx/error.log\n journalctl -u nginx -xe\n\n\n๐ In real systems, logs usually reveal the exact root cause.\n\n### โ ๏ธ Common Beginner Mistakes\n\n * guessing instead of checking logs\n * using cat on huge files\n * deleting logs blindly\n * ignoring tail -f\n * assuming service is healthy because it says โactiveโ\n\n\n\n**Simple Mental Model**\n\nThink of logs like CCTV recordings:\n\nsystem logs โ building activity\nauth logs โ door access records\nkernel logs โ hardware monitoring\napp logs โ employee activity\n\n๐ Debugging Linux = investigating evidence\n\n### Summary\n\nwhat logs are\nwhere logs are stored (`/var/log`)\nimportant log files\n`cat`, `less`, `tail`\nlive monitoring with `tail -f`\nsearching logs with `grep`\nboot logs using `dmesg`\nmodern logging with `journalctl`\nlog rotation basics\n\n**Why Logs Matter**\n\nLogs are the foundation of:\n\nLinux troubleshooting\nDevOps debugging\nproduction incident response\nserver monitoring\nsecurity analysis\n\n๐ The better you read logs, the faster you solve problems.\n\n**End of Linux Beginner Series**\n\nYou now learned:\n\nLinux basics\nfilesystem structure\npermissions\nusers & groups\nprocesses\ndisk usage\nnetworking\nlogs & troubleshooting\n\nThatโs already more Linux knowledge than most beginners have.\n\n**Final Next Step:**\nLinux Troubleshooting Flow for Beginners\n\n**Final Question**\n\nWhich topic in this Linux series helped you the most?\n\nAnd what Linux topic should the next series cover?",
"title": "Linux Logs Explained Simply"
}