Linux Logging and Monitoring: journalctl, dmesg, logrotate, and /var/log Explained

Linux RSH Network December 15, 2025 2 mins read

Understand how Linux logs system activity and learn to inspect, monitor, and manage logs using journalctl, dmesg, logrotate, and the /var/log directory.

Back to Blog Posts

Why Logging Matters

Logs are the heartbeat of a Linux system. Every service, application, and kernel component records events that help administrators understand what’s happening behind the scenes.

Linux logs help you to:

  • πŸ” Diagnose system and application issues

  • πŸ›‘οΈ Audit user activity and security events

  • πŸ“Š Monitor system performance and stability

  • πŸ”§ Troubleshoot boot, hardware, and service failures

Mastering logs is a core skill for Linux administrators, DevOps engineers, and SREs.

πŸ“ Key Log Locations in Linux

Path Purpose
/var/log/syslog General system messages (Debian/Ubuntu)
/var/log/messages General system messages (RHEL/CentOS)
/var/log/auth.log Authentication and sudo events
/var/log/dmesg Kernel ring buffer messages
/var/log/boot.log System boot process logs

πŸ“Œ Note: Log files vary slightly by Linux distribution, but /var/log is the standard log directory.

🧾 Inspecting Logs with journalctl

Modern Linux systems use systemd, which stores logs in a structured binary format accessed using journalctl.

πŸ”§ Common Commands

 
journalctl -xe

  • Shows recent logs with detailed context and errors

 
journalctl --since "1 hour ago"

  • Filters logs by time

 
journalctl -u sshd

  • Displays logs for a specific service

journalctl is powerful for tracing service failures and debugging production issues.

🧠 Kernel Logs with dmesg

The dmesg command displays kernel and hardware-related messages, especially during boot.

 
dmesg | less

  • View kernel logs interactively

 
dmesg -T

  • Shows human-readable timestamps

Use dmesg when troubleshooting:

  • Disk and filesystem errors

  • Network and driver issues

  • Hardware detection problems

πŸ”„ Managing Logs with logrotate

Without log rotation, log files can grow endlessly and consume disk space. logrotate automates log maintenance.

πŸ“ Configuration Location

  • /etc/logrotate.conf

  • /etc/logrotate.d/

πŸ“„ Example Log Rotation Rule

 
/var/log/nginx/*.log { weekly rotate 4 compress missingok }

This configuration:

  • Rotates logs weekly

  • Keeps 4 old copies

  • Compresses old logs

  • Avoids errors if logs are missing

🧠 Pro Tips for Log Monitoring

  • πŸ“‘ Live log monitoring:

     
    tail -f /var/log/syslog

  • πŸ” Search logs for errors:

     
    grep "error" /var/log/syslog

  • πŸ§ͺ Debug logrotate rules:

     
    logrotate -d /etc/logrotate.conf

These commands are invaluable during outages and incident response.

Advertisement

R
RSH Network

39 posts published

Sign in to subscribe to blog updates