A Linux Administrator should be able to read and understand the various types of messages generated by all Linux systems to troubleshoot an issue. These messages, named logs, are initiated by Linux and the applications running on it. Linux continuously creates, stores, and recycles these logs through various configuration files, programs, commands, and daemons. If you know how to read these files and make optimal use of the various commands we will mention in this tutorial, you can troubleshoot your issues like a pro!
It is important to note that Linux keeps its log files in the /var/log directory in text format.
Viewing System Logs on Ubuntu
To reach the core of an issue, or to see if your application or system is behaving in the desired manner, you can view the system log files either graphically or through the command line in the following ways:
- Gnome Logs utility (Graphic)
- Log File Viewer utility (Graphic)
- Linux Terminal (Command Line)
View Log Files Through Gnome Logs
‘Logs’ is the default utility that comes with the latest versions of Ubuntu e.g., Ubuntu 20.04 LTS (Focal Fossa). To access it,
Type Logs in the Ubuntu dash:
You will be able to see the Logs utility open, with the option to view logs for Applications, System, Security and Hardware.
Click on the System tab to view system logs:
Here you can view all the system logs along with the time they were generated. You can perform the following actions through this window:
- Display the contents of a log by clicking on it.
- Search for a log by clicking the search icon and then providing keywords in the search bar. The search bar also offers several filters that you can apply to exactly specify What(Select a Journal field to filter the logs according to it) and When(Select the timestamp range of the log entries to be shown) you want to see:
- You can also export logs to a file by clicking the export button located at the top right corner of the Logs window. You can then save the log file by specifying a name and location.
Through Log File Viewer
The Log File Viewer is the default utility that comes with the older versions of Ubuntu. If your edition of Ubuntu does not have this application by default, you can download and install it through Ubuntu Software.
To access the Log File Viewer:
- Enter Log Viewer in Ubuntu Dash
- If you have installed this program through Ubuntu Software, you can launch it by searching for it in the Ubuntu Software as follows and then clicking the Launch button:
The Log File Viewer will appear as follows:
The left panel of the window shows several default log categories and the right panel shows a list of logs for the selected category.
Click on the Syslog tab to view system logs. You can search for a specific log by using ctrl+F control and then enter the keyword. When a new log event is generated, it is automatically added to the list of logs and you can see it in bolded form. You can also filter your logs through the Filters menu located in the top menu bar.
To view a log for a specific application, click the Open option from the File menu. The following Open Log window will open for you to choose the log from:
Click on a log file and click Open. You will now be able to see logs from the selected log file in the Log File Viewer.
View Log Files Through the Terminal
You can also view system logs through the command line, i.e., the Ubuntu Terminal.
Open the Terminal and enter the following command:
This command fetches all the messages from the kernel’s buffer. You can see the output as follows:
You will see that this is a lot of information. This information will only be useful if we apply some filters to view what we want to see.
Customizing dmesg output
- To see messages at your own pace, use the following command:
$ dmesg |less
This command will display only a specific number of messages per screen. You can press Enter to move to the next message or press Q to exit the command.
- To search for a message that contains a specific keyword, use the following command:
$ dmesg |grep [keyword]
For example, if you want to search for all the messages containing the word core, you can use the following command:
$ dmesg |grep core
The Terminal will now display only those messages containing the word “core” in red color.
Open a Log File with cat Command
The dmesg command opens all the logs from the /var/log directory. To open the logfile from some other location, use the following command:
$ cat [location]
$ cat /var/log/syslog
This command will print logs from the syslog file to the screen. Again, you will observe that this command prints all the information and is not easy to skim through. Here again, you can use the ‘grep’ and ‘less’ filters to display the desired output as follows:
$ cat |grep [keyword] [location]
$ cat |less [location]
Writing To the System Log
Sometimes we need to write custom messages to our system log during the troubleshooting process. Both the Gnome Log and the Log File Viewer programs are built to display a customized message that you can write through the Terminal.
Open the Ubuntu Terminal and type the following command:
$ logger “This is a custom message”
At the end of the above log list, you can see the custom log message displayed in the graphical log file viewer.
You can also use the logger command within a script for providing additional information. In that case, please use the following command within your script:
$ logger -t scriptname “This is a custom message”
By practicing along with this tutorial, you can learn to troubleshoot your system and application issues by accessing and understanding system logs.