Server Logs and What They Do

One of the best ways to monitor Linux and Unix servers is to study their server logs. Every operating system and Linux distribution has their own variants, but there are some general logs that most server OSes have. You should definitely be familiar with them if you plan to manage a dedicated server.

The following are some common server logs that you might find on your server. All of these log files are found under /var/log on Linux servers.

boot – As the name implies, this log shows events that occur during boot. Every time your server needs to be rebooted, you might want to check this log for any issues.

daemon – A daemon is a program that runs in the background on your server without requiring user interaction. The daemon log provides useful information about system and application daemons.

dmesg – This log file, which is also a command you can run to view the file, shows kernel system messages. You may not see new information in this file unless a device is plugged in or a network card or other hardware device produces an error or warning.

mail – Mail displays information from your MTA (mail transfer agent), which is essentially the system’s mail server. The log will not usually display every incoming and outgoing message unless you tell it to, but it will display other significant events.

auth – Auth is an important log to monitor for security issues. It will tell you when a user fails to login correctly, display the number of password attempts, and especially let you know if someone is attempting to log in as root.

There are many more server logs on Linux and Unix servers, and we will cover them in the coming weeks.