How To Search CentOS 7 Log Files
Every server logs certain information to different files and servers running CentOS 7 are no exception. There is a log file for everything, SSH, Exim, Apache, MySQL and if you are trying to pinpoint exact issues it’s the log files where you should start.
cPanel Servers that log information to different paths so we will cover cPanel log files in another post. For CentOS 7 Log files the vast majority of log files are inside the /var/log folder. For easy to use search functions and to see how to view files in real-time use the search terms at the bottom of this blog post.
The /var/log/ folder
SYSlog will log messages from important services to the /var/log folder.
/var/log/messages
Startup logs, kernel logs, and logs from other services are all located in the /var/log/messages file.
/var/log/dmesg
Important information from your Kernel is logged to the /var/log/dmesg log file
/var/log/boot.log
The boot log contains information from services started at boot. Any services that have trouble starting should be logged to this file.
/var/log/lastlog
The last log contains information on recent logins to your system either by the root user or by end-users.
/var/log/exim_mainlog
The /var/log/eximlog holds information for every email sent and received on your server.
/var/log/yum.log
When you install a service via yum or update your server via yum this will be logged to the /var/log/yum.log file
/var/log/cron
When a cron is run the /var/log/cron file will keep a record of the action and result.
/var/log/secure
The /var/log/secure file keeps a record of login information by ssh.
How to view the various log files
View log files with Tail
You can tail the log files to give you the most recent information. For example, if you wanted to see the last 200 lines logged to the /var/log/secure file you would use;
tail -200 /var/log/secure
Or if you wanted to see the last 500 lines from the Exim mainlog you would use;
tail -500 /var/log/eximlog
Search CentOS 7 log files with GREP
You could also search the log files for specific search terms. To do this you could use grep. I want to search the cron log for information related to a user called mb500. I would use;
grep "mb500" /var/log/cron
Aug 14 22:15:01 CROND[151930]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:20:01 CROND[154027]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:25:01 CROND[156017]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:30:01 CROND[158047]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:35:02 CROND[160068]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)
Here I can see the user mb500 is running a cron every 5 minutes, it tells me the locations of the cron and that the output of that cron is being suppressed.
Watch log file in real-time
But by using the -f flag we can watch log files whilst they are generated. This is useful if your watching for something to happen.
tail -f /path/to/file.txt
How was this article?
You might also like
More from All About Linux
How To Open Port FirewallD and Close Port FirewallD -CentOS 7
Open And Close Ports In FirewallD - Manage Zones In FirewallD Like IPtables, FirewallD is a Linux firewall that filters packets …
How To Add Bootsplash Image To Your OS Template
Instead of the default black screen. When creating an OS template you can choose to add a bootsplash image to …
How To Run Scripts At Startup
Sometimes it might be required to run scripts at startup. This is useful if you want to automate tasks like …