Understanding log files
By default, all CentOS system log files can be found in /var/log
and a full inventory on your current server can be obtained by typing the following command:
# find /var/log
With that said, every system is different, and for overall simplicity, you will find that some of the more common log files (associated with a minimal installation of CentOS 7) will include:
/var/log/messages
: This file contains information related to the many native services used by CentOS. This includes (but is not limited to) the kernel logger, the network manager, boot process, mail services,cron
jobs, and many other services that do not have their own log files. In many respects, this record can be considered to be a global log file of sorts, and out of habit, it will probably become your first port of call in any troubleshooting process./var/log/boot.log
: This file contains information that is reported when the system boots./var/log/maillog
: This file contains information that is reported by the default mail server used by the system./var/log/secure
: This file contains information that is related to the associated authentication and authorization privileges./var/log/wtmp
: This file contains information related to user login records./var/log/btmp
: This file contains information related to failed login attempts./var/log/cron
: This file contains information related to cron (and anacron)./var/log/lastlog
: This file contains information related to the binary log that contains all of the last login information./var/log/yum.log
: This file contains information related to Yum and reports any activity related to the server's package management tools.
Now, before we continue, I want to draw your attention towards the importance of these files as it is often a good idea to store /var/log
in a separate partition to /
(root).
A perfect system would maintain a separate partition for /tmp
, /usr
, and others, but yes, there may be situations where storing your log files on the same partition as /
(root) is unavoidable. So remember, if and when the opportunity does arise, you may want to consider storing these directories on a separate filesystem and a separate physical volume (if possible), as this is considered to be good practice with regard to maintaining the overall security, integrity, and performance of the system in question.
However, and having said that, it is also important to recognize that many other packages will create and store logs in other locations. You may even be required to specify these locations yourself, and for this reason, it should be remembered that not all logs are located in /var/log
.
For example, if the server in question is hosting one or more websites and storing all the relevant Apache VirtualHost information in a specific /home
directory, then the associated log files may be found in a location like this:
/path/to/virtualhost/domain1/log/access_log /path/to/virtualhost/domain1/log/error_log
The same can be said of many other packages, and this issue arises because the packages may not have the required privileges to write to that directory, while others are designed to maintain all logging activity within their own installation directory. Therefore, and depending on the nature of your system, you may need to spend a few moments analyzing your server's installation structure in order to locate the appropriate log file(s).