Monday, July 2, 2012

How To View and Write To System Log Files on Ubuntu


image

Linux logs a large amount of events to the disk, where they’re mostly stored in the /var/log directory in plain text. Most log entries go through the system logging daemon, syslogd, and are written to the system log.
Ubuntu includes a number of ways of viewing these logs, either graphically or from the command-line. You can also write your own log messages to the system log — particularly useful in scripts.

Viewing Logs Graphically

To view log files using an easy-to-use, graphical application, open the Log File Viewer application from your Dash.
The Log File Viewer displays a number of logs by default, including your system log (syslog), package manager log (dpkg.log), authentication log (auth.log), and graphical server log (Xorg.0.log). You can view all the logs in a single window – when a new log event is added, it will automatically appear in the window and will be bolded. You can also press Ctrl+F to search your log messages or use the Filters menu to filter your logs.
If you have other log files you want to view – say, a log file for a specific application – you can click the File menu, select Open, and open the log file. It will appear alongside the other log files in the list and will be monitored and automatically updated, like the other logs.

Writing to the System Log

The logger utility allows you to quickly write a message to your system log with a single, simple command. For example, to write the message Hello World to your system log, use the following command:
logger “Hello World”
You may also wish to specify additional information – for example, if you’re using the logger command within a script, you may want to include the name of the script:
logger –t ScriptName “Hello World”

Viewing Logs in the Terminal

The dmesg command displays the Linux kernel’s message buffer, which is stored in memory. Run this command and you’ll get a lot of output.
To filter this output and search for the messages you’re interested in, you can pipe it togrep:
dmesg | grep something
You can also pipe the output of the dmesg command to less, which allows you to scroll through the messages at your own pace. To exit less, press Q.
dmesg | less
If a grep search produces a large amount of results, you can pipe its output to less, too:
dmesg | grep something | less
In addition to opening the log files located in /var/log in any text editor, you can use thecat command to print the contents of a log (or any other file) to the terminal:
cat /var/log/syslog
Like the dmesg command above, this will produce a large amount of output. You can use the grep and less commands to work with the output:
grep something /var/log/syslog
less /var/log/syslog
Other useful commands include the head and tail commands. head prints the first n lines in a file, while tail prints the last n lines in the file – if you want to view recent log messages, the tail command is particularly useful.
head -n 10 /var/log/syslog
tail -n 10 /var/log/syslog
Some applications may not write to the system log and may produce their own log files, which you can manipulate in the same way – you’ll generally find them in the /var/log directory, too. For example, the Apache web server creates a /var/log/apache2 directory containing its logs.

No comments:

Post a Comment