Monitor and View Ubuntu Logs

In todays IT and devops world there are tons of application that run on your ec2 instance which could be any linux distribution and one of the most famous and easy to use is ubuntu. Working with lot many applications on multi tier infrastructure is a good way to manage but simultaneously there are always high chances of getting snags while running them.

In order to get rid of obstacles there is always a open door which we call it as logs. They work as vaccines , so It is very important to monitor your logs and log files .

In this tutorial we will see some of the most important log files on ubuntu machine which are mostly same on all Linux distributions one should look and try to fix the issue. Log files are stored on /var/log directory where most of the system generated and application logs resides. So, let us discuss each of them in detail.

/var/log/* directory

/var/log/dmesg: This is a very important file. When we boot any Linux machine there are lots of process involved . When we power on our machine BIOS calls POST and then MBR is loaded and calls GRUB and finally GRUB calls kernel and kernel gets loaded in memory. While all these process takes place kernel generates lots of messages in kernel ring buffer such as Hardware related, BIOS related and mount related activities and there are high chances that these output may be overwritten. So in order to troubleshoot all these issues related to hardware and BIOS they are stored in /var/log/dmesg but these logs can be viewed using dmesg command.

Related : Step by Step Linux Boot Process


/var/log/auth.log: This log file helps to check the system and user access related logs. Whenever any user logs in to machine or SSH into remote machine , who has sudo access or perform any file related activities all these get captured under this file. This helps in various ways such as password locked out issue or someone trying to SSH into your machine unnecessarily.


/var/log/apt/history.log: This log file gives all the details of packages which were removed or installed or upgraded in your machine. Commands like sudo apt update , sudo apt install apcahe2 all these get captured under this directory


Let us see list of all packages which were installed using below command.

cat /var/log/apt/history.log | grep "install"

/var/log/kern.log: These log provides information about kernel warnings and error messages. It provides detailed kernel events and information to the system


/var/log/syslog: These logs provide in depth information about your system. This is like a heart of all log files , if you are unable to find any information in other files , this file is your friend.


/var/log/apport.log: These logs saves information about system crash and reports any access related issues. These logs are very useful when it comes to OS related failures . You can configure the scheduling and other parameters from /etc/logrotate.d/apport


/var/log/ufw.log: This log file provides all the information related to firewall and network connectivity.


/var/log/daemon.log: This file contains information logged by the various background daemons that runs on the unix machine.


/var/log/apache2/access.log: This file contains information logged by apache2 web server. As soon as you install apache2 (apt install apache2) on your machine you will see this log file gets automatically created.


/var/log/dpkg.log This file contains information related to package installation which is very much similar to /var/log/apt file.


Wrapping Up:

This concludes the view and monitor ubuntu/linux logs tutorial , where we learnt a lot about most important log files and directories to work with while updating or configuring .

These tutorial will surely help you troubleshoot network , applications and work with various applications. Hope this helps you and I would highly request you to share with your friends so that they are aware of this tutorial and can help others.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s