SEARCH

How-To Geek

How To View and Write To System Log Files on Ubuntu

image

Linux logs a large amount of events to the disk, where they’re mostly stored in the /var/log directory in plain text. Most log entries go through the system logging daemon, syslogd, and are written to the system log.

Ubuntu includes a number of ways of viewing these logs, either graphically or from the command-line. You can also write your own log messages to the system log — particularly useful in scripts.

Viewing Logs Graphically

To view log files using an easy-to-use, graphical application, open the Log File Viewer application from your Dash.

image

The Log File Viewer displays a number of logs by default, including your system log (syslog), package manager log (dpkg.log), authentication log (auth.log), and graphical server log (Xorg.0.log). You can view all the logs in a single window – when a new log event is added, it will automatically appear in the window and will be bolded. You can also press Ctrl+F to search your log messages or use the Filters menu to filter your logs.

image

If you have other log files you want to view – say, a log file for a specific application – you can click the File menu, select Open, and open the log file. It will appear alongside the other log files in the list and will be monitored and automatically updated, like the other logs.

image

Writing to the System Log

The logger utility allows you to quickly write a message to your system log with a single, simple command. For example, to write the message Hello World to your system log, use the following command:

logger “Hello World”

image

You may also wish to specify additional information – for example, if you’re using the logger command within a script, you may want to include the name of the script:

logger –t ScriptName “Hello World”

image

Viewing Logs in the Terminal

The dmesg command displays the Linux kernel’s message buffer, which is stored in memory. Run this command and you’ll get a lot of output.

image

To filter this output and search for the messages you’re interested in, you can pipe it to grep:

dmesg | grep something

You can also pipe the output of the dmesg command to less, which allows you to scroll through the messages at your own pace. To exit less, press Q.

dmesg | less

image

If a grep search produces a large amount of results, you can pipe its output to less, too:

dmesg | grep something | less

In addition to opening the log files located in /var/log in any text editor, you can use the cat command to print the contents of a log (or any other file) to the terminal:

cat /var/log/syslog

Like the dmesg command above, this will produce a large amount of output. You can use the grep and less commands to work with the output:

grep something /var/log/syslog

less /var/log/syslog

Other useful commands include the head and tail commands. head prints the first n lines in a file, while tail prints the last n lines in the file – if you want to view recent log messages, the tail command is particularly useful.

head -n 10 /var/log/syslog

tail -n 10 /var/log/syslog

image

Some applications may not write to the system log and may produce their own log files, which you can manipulate in the same way – you’ll generally find them in the /var/log directory, too. For example, the Apache web server creates a /var/log/apache2 directory containing its logs.

Chris Hoffman is a technology writer and all-around computer geek. He's as at home using the Linux terminal as he is digging into the Windows registry. Connect with him on Google+.

  • Published 07/1/12

Comments (2)

  1. SurfMan

    tail is very useful if combined with -f for follow. As soon as there is a new entry in the log, it is immediately displayed.

  2. Tube

    This is a nice article, but can you elaborate more on how to configure some services to write to syslog using the system logging daemon!

    Thanks

Get Free Articles in Your Inbox!

Join 134,000 newsletter readers

Email:

Go check your email!