How To Search CentOS 7 Log Files

Every server logs certain information to different files and servers running CentOS 7 are no exception. There is a log file for everything, SSH, Exim, Apache, MySQL and if you are trying to pinpoint exact issues it’s the log files where you should start.

cPanel Servers that log information to different paths so we will cover cPanel log files in another post. For CentOS 7 Log files the vast majority of log files are inside the /var/log folder. For easy to use search functions and to see how to view files in real-time use the search terms at the bottom of this blog post.

The /var/log/ folder

SYSlog will log messages from important services to the /var/log folder.

/var/log/messages

Startup logs, kernel logs, and logs from other services are all located in the /var/log/messages file.

/var/log/dmesg

Important information from your Kernel is logged to the /var/log/dmesg log file

/var/log/boot.log

The boot log contains information from services started at boot. Any services that have trouble starting should be logged to this file.

/var/log/lastlog

The last log contains information on recent logins to your system either by the root user or by end-users.

/var/log/exim_mainlog

The /var/log/eximlog holds information for every email sent and received on your server.

/var/log/yum.log

When you install a service via yum or update your server via yum this will be logged to the /var/log/yum.log file

/var/log/cron

When a cron is run the /var/log/cron file will keep a record of the action and result.

/var/log/secure

The /var/log/secure file keeps a record of login information by ssh.

How to view the various log files

View log files with Tail

You can tail the log files to give you the most recent information. For example, if you wanted to see the last 200 lines logged to the /var/log/secure file you would use;

tail -200 /var/log/secure

Or if you wanted to see the last 500 lines from the Exim mainlog you would use;

tail -500 /var/log/eximlog

Search CentOS 7 log files with GREP

You could also search the log files for specific search terms. To do this you could use grep. I want to search the cron log for information related to a user called mb500. I would use;

grep "mb500" /var/log/cron

Aug 14 22:15:01 CROND[151930]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:20:01 CROND[154027]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:25:01 CROND[156017]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:30:01 CROND[158047]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:35:02 CROND[160068]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)

Here I can see the user mb500 is running a cron every 5 minutes, it tells me the locations of the cron and that the output of that cron is being suppressed.