How to Extract Linux Log Files from Intel® NUC Products

Documentation

Troubleshooting

000090743

05/11/2022

Linux logs give you a visual history of everything that’s been happening in the operating system. They give a useful overview of events in order to help you troubleshoot the system.

There are several log files captured by the operating system, see examples below:

System logs
These logs may contain information about authorizations, system daemons, and system messages.

  • Authorization log. Keeps track of authorization systems, such as password prompts, the sudo command, and remote logins.
    • Location: /var/log/auth.log
  • Daemon Log. Daemons are programs that run in the background, usually without user interaction. For example, display server, SSH sessions, printing services, bluetooth, and more.
    • Location: /var/log/daemon.log
  • Debug log. Provides debugging information from the Ubuntu system and applications.
    • Location: /var/log/debug
  • Kernel log. Logs from the Linux kernel.
    • Location: /var/log/kern.log
  • System log. Contains more information about your system. If you can’t find anything in the other logs, this is the most likely location.
    • Location: /var/log/syslog

Application logs
Some applications also create logs in /var/log. Below are some examples:

  • Apache logs. Apache creates several log files in the /var/log/apache2/ subdirectory. The access.log file records all requests made to the server to access files. /error.log records all errors returned by the server.
    • Location: /var/log/apache2/ (subdirectory)
  • X11 server logs. The X11 server creates a separate log file for each of your displays. Display numbers start at zero, so your first display (display 0) will log to Xorg.0.log. The next display (display 1) would log to Xorg.1.log, and so on.
    • Location: /var/log/Xorg.0.log

Non-human-readable logs. 
Not all log files are meant to be readable by humans. Some were made to be parsed by applications. Below are some of examples.

  • Login failures log. Contains info about login failures. You can view it with the faillog command.
    • Location: /var/log/faillog
  • Last logins log. Contains info about last logins. You can view it with the lastlog command.
    • Location: /var/log/lastlog
  • Login records log Contains login info used by other utilities to find out who’s logged in. To view currently logged in users, use the who command.
    • Location: /var/log/wtmp

Viewing Log Files
The most basic way to view files from the command line is using the cat command. You simply pass in the file name, and it outputs the entire contents of the file: cat file.txt.
This can be inconvenient when dealing with large files (which isn’t uncommon for logs). We could use an editor, although that may be overkill just to view a file.
This is where the less command comes in. We pass it the file name (less file.txt), and it will open the file in a simple interface. From here, we can use the arrow keys (or j/k if you’re familiar with Vim) to move through the file, use / to search, and press q to quit.
There are a few more features, all of which are described by pressing h to open the help menu.
If you’re running Ubuntu 17.10 or above, it will be called Logs. Otherwise, it will be under the name System Log
The log viewer has a simple interface. The sidebar on the left shows a list of open log files, with the contents of the currently selected file displayed on the right.
The log viewer not only displays but also monitors log files for changes.