The Best way to view log file is to use
#tail -f log_file_name
-f option helps to the changes online.
Boot log files:
You need to be super user to see these file contents.
This file contains log of processes that were started during the boot.
for example:NFS startup,print servers startup
Basically all the messages that you see during the boot processes such as
Starting up NFS service ok
You may see dmesg command for boot related information.
One of the major task of system administrator is to regularly check various log files.
So It is Very Important to know where your hosts keep their log files as the directory is different for different flavors of *nix.
Failed login attempts:
Following log file records failed login attempts to the system
Following line get added when xxx host tries to login with wrong login credentials of root.
All Mail Logs are stored in.
As log files grows in size .It is important to restrict their size limit.This can be done by a utility called logrotate.
Here are the three important files used for log rotating.
1) /usr/sbin/logrotate : Original Log rotate command. Its a binary file and we can't see the contents inside it.
2) /etc/logrotate.conf : Configuration file used for logrotate .
Contents of files are as below.
# cat /etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
# keep 4 weeks worth of backlogs
# create new (empty) log files after rotating old ones
# uncomment this if you want your log files compressed
# RPM packages drop log rotation information into this directory
# no packages own wtmp -- we'll rotate them here
create 0664 root utmp
# system-specific logs may be also be configured here.
By default logrotate script executed daily in cron.(This however a different file than binary logrotate we discussed )
content of logrotate file are as below.
# cat /etc/cron.daily/logrotate
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
As you can see in /etc/cron.daily/logrotate each day binary /usr/sbin/logrotate is getting executed using /etc/logrotate.conf .
More information on Log rotate can be found very described in below article.