Linux System Logging / Log Files

See Linux Boot Process for kernel ring buffer & logs during boot.

Syslog

Syslog is a standard for message logging. It allows separation of the software that generates messages, the system that stores them, and the software that reports and analyzes them. Each message is labeled with a facility code, indicating the software type generating the message, and assigned a severity level.

# rsyslog configurations
cat /etc/rsyslog.conf

# Logs
/var/log

# Apache
/var/log/apache2/

Create log messages

logger [-p FACILITY.SEVERITY] [-t TAG] message

logger -p mail.info -t mailtest "Testing logger"
sudo tail -1 /var/log/mail.log

Rotate log files

cat /etc/logrotate.conf

Facility codes

Facility codes are used to know where the message originated from.

Facility code 	Keyword 	Description
0 	kern 	Kernel messages
1 	user 	User-level messages
2 	mail 	Mail system
3 	daemon 	System daemons
4 	auth 	Security/authentication messages
5 	syslog 	Messages generated internally by syslogd
6 	lpr 	Line printer subsystem
7 	news 	Network news subsystem
8 	uucp 	UUCP subsystem
9 	cron 	Clock daemon
10 	authpriv 	Security/authentication messages
11 	ftp 	FTP daemon
12 	ntp 	NTP subsystem
13 	security 	Log audit
14 	console 	Log alert
15 	solaris-cron 	Scheduling daemon
16–23 	local0 – local7 	Locally used facilities 

Severity Levels

Value   Severity        Keyword
0       Emergency       emerg
1       Alert           alert
2       Critical        crit
3       Error           err
4       Warning         warning 	
5       Notice          notice
6       Informational   info 	
7       Debug           debug