To check the logs of a virtual machine in Linux

Posted by

To check the logs of a virtual machine in Linux, particularly focusing on the /var/log directory and using the grep command to filter the syslog files, follow these steps:

1. Access the /var/log Directory

The /var/log directory contains most of the log files generated by the system and various services.

cd /var/log

2. Identify Important Log Files

Some key log files in /var/log include:

  • syslog: General system log, including system messages and application logs.
  • auth.log: Authentication log, contains login attempts and security-related events.
  • dmesg: Kernel ring buffer log.
  • messages: General message and system-related log.
  • kern.log: Kernel log.
  • daemon.log: Daemon-related log.
  • boot.log: Boot process log.

3. View the syslog File

You can use cat, less, or tail to view the contents of the syslog file. For large files, less and tail are preferred.

Using less:

less syslog

Using tail to see the last 10 lines:

tail syslog

Using tail -f to follow the log file in real-time:

tail -f syslog

4. Using grep to Search Within Log Files

The grep command is useful for filtering log files for specific keywords or patterns.

Example: Search for “error” in syslog:

grep "error" syslog

Example: Search for entries related to a specific date:

grep "Jun 08" syslog

Example: Combine tail and grep to follow new log entries containing “error”:

tail -f syslog | grep "error"

View logs with timestamps using journalctl (for systemd-based systems):

journalctl -xe

Search within journalctl logs for a specific keyword:

journalctl | grep "error"

Inline Feedbacks
View all comments
Would love your thoughts, please comment.x