This is a work in progress.
Part 1: Important Log Files
Problems with system stability, hardware related problems, boot related problems. The log files generated in a Linux environment can typically be classified into four different categories:
- Application
- Event
- Service
- System
syslog and dmesg
The system log typically contains the greatest deal of information by default about your Ubuntu system. It is located at /var/log/syslog, and may contain information other logs do not. Consult the System Log when you can't locate the desired log information in another log. It also contains everything that used to be in /var/log/messages.
If you want to review messages from the current day, use command:
cat /var/log/syslog|less
You can scroll up and down to look for issues, and do regex search.
You can actively monitor the syslog to watch for errors while you work or perform an activity which typically creates a problem;
tail -f /var/log/syslog
Keep that running in a terminal window while you work. Messages and errors will appear in real time.
They call dmesg the kernel ring buffer utility. In this case, dmesg is an actual command you execute which displays kernel log data. This information is also sent in real time to syslogd or klogd, when they are running, and ends up in /var/log/messages. The dmesg command captures boot-time messages from before syslogd. Type:
dmesg|less
Again, the pipe - less is used to buffer it so you can scroll up and down or perform regex search. Use dmesg to see what occurred during system boot. Things go wrong such as a file system failing to mount or a device driver failing to load, and these events will show up in dmesg.
other useful logs
We are looking at relevant log files generated by the system and stored in the path:
/var/log
Caution: do not open these in a text editor because they are files in an "open" state meaning they are being written in real time, content constantly being added as events occur. You can "cat" or "tail" or make a copy "cp" and open the copy in an editor such as vi.
cat /var/log/boot.log
or make a copy and open in an editor
cp /var/log/boot.log /tmp/boot.log vi /tmp/boot.log
Others: (kern.log faillog cron auth.log) secure which are all relevant to a linux workstation. Additional logs become relevant to a server such as web or mail, not covered here.
hardware modules
Get to know the lsmod command
lsmod
This command reports which modules are in loaded into the kernel and their use count. An example is checking to see of a sound card module is loaded (system has no audio.) You might find that the sound card module failed to load or initialize by reviewing dmesg, and you double check to see if module loaded by using lsmod.
You can see what hardware is using the PCI bus.
lspci