How To Search CentOS 7 Log Files
Every server logs certain information to different files and servers running CentOS 7 are no exception. There is a log file for everything, SSH, Exim, Apache, MySQL and if you are trying to pinpoint exact issues it’s the log files where you should start. cPanel Servers that log information to different paths so we will cover cPanel log files in another post. For CentOS 7 Log files the vast majority of log files are inside the /var/log folder, for easy-to-use search functions and to see how to view files in real-time use the search terms at the bottom of this blog post.
/var/log/ folder
SYSlog will log messages from important services to the /var/log folder.
/var/log/messages
Startup logs, kernel logs, and logs from other services are all located in the /var/log/messages file.
/var/log/dmesg
Important information from your Kernel is logged to the /var/log/dmesg log file
/var/log/boot.log
The boot log contains information from services started at boot. Any services that have trouble starting should be logged to this file.
/var/log/lastlog
last log contains information on recent logins to your system either by the root user or by end-users.
/var/log/exim_mainlog
/var/log/eximlog holds information for every email sent and received on your server.
/var/log/yum.log
When you install a service via yum or update your server via yum this will be logged to the /var/log/yum.log file
/var/log/cron
When a cron is run the /var/log/cron file will keep a record of the action and result.
/var/log/secure
/var/log/secure file keeps a record of login information by ssh.
How to view the various log files
View log files with Tail. You can tail the log files to give you the most recent information. For example, if you wanted to search the centos log files for the last 200 lines logged to the /var/log/secure file you would use;
tail -200 /var/log/secure
Or if you wanted to see the last 500 lines from the Exim mainlog you would use;
tail -500 /var/log/eximlog
Search CentOS 7 log files with GREP
You could also search the log files for specific search terms. To do this you could use grep. I want to search the cron log for information related to a user called mb500. I would use;
grep "mb500" /var/log/cron
Aug 14 22:15:01 CROND[151930]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:20:01 CROND[154027]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:25:01 CROND[156017]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:30:01 CROND[158047]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)<br>Aug 14 22:35:02 CROND[160068]: (mb500) CMD (php /home/mb500/public_html/admin/tasks/process_file_queue.cron.php >> /dev/null 2>&1)
Here I can see the user mb500 is running a cron every 5 minutes, it tells me the locations of the cron and that the output of that cron is being suppressed.
Watch log file in real-time
But by using the -f flag we can watch log files whilst they are generated. This is useful if your watching for something to happen.
tail -f /path/to/file.txt