Log Management and Rotation
Linux systems generate a wide variety of log files that record events, errors, and informational messages. These logs are essential for troubleshooting, monitoring, and auditing system activity. The most important log files are located in the /var/log directory. Here are some of the most common log files you will encounter:
/var/log/syslog: contains general system activity logs, including messages from the kernel and various system services;/var/log/auth.log: records authentication events such as successful and failed logins, sudo usage, and SSH activity;/var/log/messages: similar tosyslog, but on some distributions, it is the primary log for system events;/var/log/kern.log: logs kernel messages, which can help diagnose hardware or kernel-level issues;/var/log/dmesg: contains boot and hardware-related messages generated by the kernel ring buffer;/var/log/daemon.log: tracks output from system daemons, which are background processes;/var/log/apt/history.logand/var/log/apt/term.log: specific to package management activities on systems using APT;/var/log/nginx/access.logand/var/log/nginx/error.log: web server access and error logs, if you are running NGINX.
Understanding the purpose of each log file helps you quickly identify where to look when investigating issues or monitoring system health.
/var/log/syslog
/var/log/auth.log
Because log files can grow quickly and consume disk space, Linux systems use log rotation to manage and archive old logs. The logrotate utility automates this process, compressing and removing old logs according to rules you define. logrotate is typically run as a scheduled task (cron job) and is highly configurable to suit different needs.
A logrotate configuration file specifies which logs to manage, how often to rotate them, how many backups to keep, and whether to compress old logs. You can use global settings or create per-log rules for precise control. The main configuration file is /etc/logrotate.conf, and additional configurations are often stored in /etc/logrotate.d/.
/etc/logrotate.d/nginx
This configuration manages Nginx log rotation. It rotates all logs in /var/log/nginx/ daily, keeps 14 old copies, compresses them, and skips empty files. New logs are created with permissions 0640 for user www-data and group adm. After rotation, it sends a USR1 signal to the Nginx master process to reopen log files.
Danke für Ihr Feedback!
Fragen Sie AI
Fragen Sie AI
Fragen Sie alles oder probieren Sie eine der vorgeschlagenen Fragen, um unser Gespräch zu beginnen
Can you explain how to customize logrotate settings for other log files?
What happens if logrotate is not configured properly?
How do I manually trigger log rotation for Nginx logs?
Großartig!
Completion Rate verbessert auf 9.09Log Management and Rotation
Swipe um das Menü anzuzeigen
Linux systems generate a wide variety of log files that record events, errors, and informational messages. These logs are essential for troubleshooting, monitoring, and auditing system activity. The most important log files are located in the /var/log directory. Here are some of the most common log files you will encounter:
/var/log/syslog: contains general system activity logs, including messages from the kernel and various system services;/var/log/auth.log: records authentication events such as successful and failed logins, sudo usage, and SSH activity;/var/log/messages: similar tosyslog, but on some distributions, it is the primary log for system events;/var/log/kern.log: logs kernel messages, which can help diagnose hardware or kernel-level issues;/var/log/dmesg: contains boot and hardware-related messages generated by the kernel ring buffer;/var/log/daemon.log: tracks output from system daemons, which are background processes;/var/log/apt/history.logand/var/log/apt/term.log: specific to package management activities on systems using APT;/var/log/nginx/access.logand/var/log/nginx/error.log: web server access and error logs, if you are running NGINX.
Understanding the purpose of each log file helps you quickly identify where to look when investigating issues or monitoring system health.
/var/log/syslog
/var/log/auth.log
Because log files can grow quickly and consume disk space, Linux systems use log rotation to manage and archive old logs. The logrotate utility automates this process, compressing and removing old logs according to rules you define. logrotate is typically run as a scheduled task (cron job) and is highly configurable to suit different needs.
A logrotate configuration file specifies which logs to manage, how often to rotate them, how many backups to keep, and whether to compress old logs. You can use global settings or create per-log rules for precise control. The main configuration file is /etc/logrotate.conf, and additional configurations are often stored in /etc/logrotate.d/.
/etc/logrotate.d/nginx
This configuration manages Nginx log rotation. It rotates all logs in /var/log/nginx/ daily, keeps 14 old copies, compresses them, and skips empty files. New logs are created with permissions 0640 for user www-data and group adm. After rotation, it sends a USR1 signal to the Nginx master process to reopen log files.
Danke für Ihr Feedback!
