Working with Ubuntu, one of the ways you can troubleshoot issues or monitor the performance of your applications is by viewing log files generated by the system or these applications. Logs provide a timeline of events, errors, and system operations that are crucial for understanding what is happening under the hood. This tutorial details how to view application log files in Ubuntu, ranging from basic commands to more advanced log viewing techniques.
Basic Log Viewing
The most fundamental tool for viewing logs in a Linux system is the ‘cat’ command. This command is used to display the contents of a file. Use it like so:
cat /var/log/syslog
This will display the contents of the syslog file onto your screen. The ‘cat’ command is straightforward and useful for smaller log files.
Another basic command is ‘less’, which allows you to view the contents of a log file one page at a time:
less /var/log/syslog
With ‘less’, you can navigate through the log file using arrow keys or page up/down keys and search for specific strings by typing ‘/’ followed by the search term.
Tail and Follow Log Files
tail /var/log/syslog
The ‘tail’ command is used to display the last few lines of a file. By default, it shows the last 10 lines. You can specify the number of lines you want to view by using the ‘-n’ option:
tail -n 20 /var/log/syslog
If you want to continuously monitor the log as new lines are added you can use the ‘-f’ option:
tail -f /var/log/syslog
Filtering Logs with grep
To pull out specific information from a log file, you can use ‘grep’. This command is used to search for patterns within files:
grep 'error' /var/log/syslog
That command will display all the lines from syslog that contain the word ‘error’.
Using awk and sed for Advanced Parsing
The ‘awk’ utility can be used to filter and transform text from log files. The following command extracts the first and third fields, assuming that fields are separated by spaces:
awk '{print $1" "$3}' /var/log/syslog
‘sed’ is a stream editor that can perform more complex replacement operations. It is often used for filtering and transforming text:
sed -n '/error/p' /var/log/syslog
This command will output only lines containing the word ‘error’ from the syslog file.
Advanced Log Management with logrotate
The logrotate utility is used to manage log files. It allows for automatic rotation, compression, removal, and mailing of log files. Each log file may be handled daily, weekly, monthly, or when it grows too large. Here is an example of a logrotate configuration:
/var/log/syslog {
daily
rotate 7
compress
delaycompress
missingok
notifempty}
The above config sets the syslog to be rotated daily, kept for 7 days, compressed, with delayed compression, and to not touch the file if it’s missing or empty.
Log Monitoring with journalctl
On systemd-based systems like Ubuntu, ‘journalctl’ is the command to view logs collected by systemd’s journal. For example:
journalctl -u nginx.service
This command views all log entries for the Nginx service. You can also follow the live output using the ‘-f’ option just like with ‘tail’:
journalctl -f
Audit Logs
The auditd service on Ubuntu provides a way to track security-relevant information. With the ‘ausearch’ command, one can query audit logs:
ausearch -k mykey
This command searches for all events with the specified key.
Graphical Log Viewing Tools
For those preferring a graphical user interface, tools like ‘Log File Viewer’ come in handy:
From the Ubuntu dashboard, search for ‘Log File Viewer’ and open the application. You can view different logs such as syslog, auth.log, etc., in a more user-friendly way.
Centralized Logging with Third-Party Tools
In an advanced setup, especially in an environment with multiple servers, centralized logging becomes key. Tools like Splunk, ELK Stack (Elasticsearch, Logstash, Kibana), and Graylog are used to manage logs from several servers. These tools have their own agents that ship logs to a central server for easy querying and visualization.
Conclusion
Understanding and effectively navigating through log files is a vital skill for any system administrator or developer working with Ubuntu. With the steps covered in this tutorial, one can approach application logs with confidence, leveraging basic commands for quick looks and advanced tools for detailed analysis.