system log

Linux Basics: System Logging and Log Analysis


Logs are vital for troubleshooting, system monitoring, and maintaining security. Linux offers various tools to manage and analyze logs, and understanding how to leverage these can be a crucial part of Linux system administration.


This article covers how Linux system logging works, where to find logs, and how to use tools like journalctl and dmesg to analyze them. If you want to dive deep into log analysis, this guide is for you.

Understanding Linux Logging

Linux logs system activities and stores them in text files. These logs contain information about hardware events, system errors, user activities, and more.

System Logs

Most system logs are stored in the /var/log directory. Examples of important logs include:

  • /var/log/syslog: General system activities.
  • /var/log/auth.log: Authentication logs.
  • /var/log/kern.log: Kernel logs.

Using journalctl to View Logs

The journalctl command is used to query the systemd journal. Here’s how to use it:

List all logs:


Filter logs by unit (e.g., ssh):

journalctl -u ssh

Show kernel logs:

journalctl -k

Using dmesg to View Kernel Logs

The dmesg command displays messages from the kernel ring buffer. Here’s how to use it:

View all kernel logs:


View logs with a specific priority (e.g., error):

dmesg -l err

Log Rotation and Management

Linux uses log rotation to prevent logs from consuming too much disk space. The logrotate command can be used to manage log files.

Configure log rotation:

sudo nano /etc/logrotate.conf

Analyzing Logs

Analyze logs regularly to identify issues early. Tools like awk and grep can be used to search and filter logs.

Search for failed SSH logins:

grep ‘Failed password’ /var/log/auth.log

For more details on using grep be sure to check out our Linux Basics: Working with Text Files Using grep, sed, and awk


Linux system logging is an essential aspect of system management. Understanding where logs are stored and how to analyze them using tools like journalctl and dmesg is vital for maintaining a healthy and secure system.

Explore more Linux Basics in our comprehensive series.