/var/log/messages file

The most important log file in Linux is the /var/log/messages file, which records a variety of events, such as the system error messages, system startups and shutdowns, change in the network configuration, etc. This is usually the first place to look at in case of problems. This file is a plain text file, so you can check it using any tool that can examine text files, such as less. You can also use the tail command to display the last 10 lines of this file:

linux /var/log/messages

As you can see from the output above, each line in this file is a single message recorded by some program or service. The lines are divided into five parts:

  • the date and time of the message.
  • the name of the hosst from which the message came from.
  • the program that generated the message.
  • the process number (enclosed in square brackets) of the program that generated the message.
  • the actual log message.

For example, consider the following line:

linux var log messages example

In the picture above you can see that the message was generated on November 5, 2014, 20:32:42 on the host suse1. The program that generated the message was dhcpcd, its PID was 3022, and the message was “eth0: renewing lease of 192.168.198.128“, which indicates that the eth0 adapter is renewing the DHCP lease.

 

The /var/log/messages file doesn’t exist anymore on some distributions, most notably Ubuntu. Instead, the /var/log/syslog file is used.
Geek University 2022