Linux Commands

How to View System Log Files in Linux

This article will explain how to view various log files scattered throughout the Linux file system. Log files are useful for finding out system anomalies and can help in developing fixes for them. All the commands listed below are tested in Ubuntu 20.04 LTS version, but they should work in other Linux distributions as well. In case you are not able to find certain log files, you can use the “Locate” command, which can be installed in your system through the package manager.

GNOME Logs

GNOME Logs is a graphical log viewer shipped by default in most GNOME Shell based Linux distributions. It shows all logs generated for systemd journals. Systemd manages all services running on your system and it is responsible for starting, stopping and monitoring various services that are launched at boot. GNOME Logs neatly categorises logs in various headings and you can export these logs to text files. It also allows you to search and refine log messages using various filters.

To install GNOME Logs in Ubuntu, run the command below:

$ sudo apt install gnome-logs

You can install GNOME Logs in other Linux distributions by searching for it in the package manager shipped with your distribution. Alternatively, you can compile it from source code.

Linux Kernel Logs

To view kernel logs in terminal, run the command below:

$ cat /var/log/kern.log

You can also open the log file in any text editor of your choice. The screenshot above shows the usage of “tail” command after the pipe symbol. It ensures that only the last few lines are shown as the output (two lines in this case).

To view kernel logs for previous boot, run the command below:

$ cat /var/log/kern.log.1

X11 Logs

Logs for X11 Xorg display server can be found at two locations depending on your Linux distribution. The logs can be located at either “/var/log/” or “$HOME/.local/share/xorg/” directories. You can find correct location of Xorg log files by running the command below:

$ locate Xorg.0.log

The “0” part in the file name denotes identification number for the connected monitor. If you have only one display connected to your system, the file name should be “Xorg.0.log”. In case of multi-monitor setups, multiple log files will be recorded, one for each monitor. For instance, in multi-monitor setups, file names could be “Xorg.0.log”, “Xorg.1.log” and so on.

To view these logs using “less” command, use the following command:

$ less $HOME/.local/share/xorg/Xorg.0.log

“Less” command shortens terminal output and allows you to interactively navigate to the next line of the terminal output using <Enter> key.

Dmesg

Dmesg prints kernel log messages or “ring buffer” of the Linux kernel. It is used to examine and debug all the output generated by the kernel, especially messages related to connected hardware and their drivers.

Run the following commands to view dmesg log:

$ dmesg

You can check all command line arguments for dmesg by running the following command in a terminal:

$ man dmesg

Boot Messages

To view boot messages log, run the command below:

$ sudo cat /var/log/boot.log

To view logs for previous boot, run the command below:

$ sudo cat /var/log/boot.log.1

System Logs

System log files record a variety of messages useful for debugging. If you cannot find certain log messages in other files, chances are that they could be in syslog files.

To view current and previous syslog files respectively, run the following commands:

$ cat /var/log/syslog
$ cat /var/log/syslog.1

Authorization Logs

Authorization Logs or simply “Auth” logs record remote login attempts and password prompts requested by sudo command. To view these logs, use the following commands:

$ cat /var/log/auth.log
$ cat /var/log/auth.log.1

Login Logs

“Faillog” records failed login attempts while “Lastlog” shows information about last login. Run the following commands to see login records:

$ faillog
$ lastlog

Third Party Application Logs

User installed third party applications do not have root access. In case they are recording any logs, they should be in the directory of the executable file or at the following locations:

  • $HOME/<Application_name>
  • $HOME/.config/<Application_name>
  • $HOME/.local/share/<Application_name>

Conclusion

Examining various log files can help in debugging system freeze and crash issues, especially when new and unsupported hardware is present in the PC. These log files are also useful for finding out security breaches or security loopholes if there are any. If you are getting unexpected behavior from software installed on your system or frequent reboots and crashes, the first thing you should do is to examine various system log files.

About the author

Nitesh Kumar

I am a freelancer software developer and content writer who loves Linux, open source software and the free software community.