LoggingThe Ultimate Guide

your open-source resource for understanding, analyzing, and troubleshooting system logs

curated byloggly

Sadequl Hussain

IT pro with more than fifteen years of experience in application development, database administration, training and technical writing. Love anything related to database and system administration (both Windows and Linux). Working with cloud and DevOps technologies at the moment and learning NoSQL/Big Data technologies like MongoDB. Enjoy technical writing, presenting and training.


Linux Logging Basics

Operating system logs provide a wealth of diagnostic information about your computer, and Linux is no exception. Everything from kernel events to user actions are logged by Linux, allowing you to see almost any action performed on your servers. In this section, we’ll explain what Linux logs are, where you can find them, and how to interpret them. Linux System Logs Linux has a special directory for storing logs called...


Analyzing Linux Logs

There’s a great deal of information stored within your Linux logs, but the challenge is knowing how to extract it. There are a number of tools you can use to do this, from command-line tools to more advanced analytics tools capable of searching on specific fields, calculating summaries, generating charts, and much more. In this section, we’ll show you how to use some of these tools, and how log management...


Troubleshooting with Linux Logs

Troubleshooting is one of the main reasons people create logs. When a problem occurs, you’ll want to diagnose it to understand why it happened and what the cause was. An error message or a sequence of events can give you clues to the root cause, indicate how to reproduce the issue, and guide you towards solutions. This section presents scenarios where you can use Linux logs for troubleshooting. Login Failures...


Managing Linux Logs

A key best practice for logging is to centralize or aggregate your logs in a single location, especially if you have multiple servers or architecture tiers. Modern applications often have multiple tiers of infrastructure that can include a mix of on-premise servers and cloud services. Trying to hunt down the right file to troubleshoot an error would be incredibly difficult, and trying to correlate problems across systems would be even...


Windows Logging Basics

Logs are records of events that happen in your computer, either by a person or by a running process. They help you track what happened and troubleshoot problems. The most common location for logs in Windows is the Windows Event Log. It contains logs from the operating system and several applications such as SQL Server or Internet Information Server (IIS). The logs use a structured data format, making them easy...


Troubleshooting with Windows Logs

The most common reason people look at Windows logs is to troubleshoot a problem with their systems or applications. In this guide, we present common troubleshooting use cases and describe how to diagnose the root cause of the problem using events in your logs. Looking for Failed Logon Attempts Check Windows Security logs for failed logon attempts and unfamiliar access patterns. Authentication failures occur when someone or some application passes...


Centralizing Windows Logs

You can use the tools in this section to centralize your Windows Event Log from many servers or desktops. By properly administering your logs, you can track the health of your systems while keeping your log files secure, and filter their contents to find the correct information. Why Centralize Logs? Centralizing your logs saves time and increases the reliability of your log data. When Windows log files are stored locally...


Using systemctl

Systemctl is an extremely powerful Linux utility that comes with systemd. It comes with a long list of options for different functionality, the most common of which are starting, stopping, restarting, or reloading a daemon. In the following examples, we will see how we can use systemctl for some of the troubleshooting purposes. Listing Units To check which services are installed in the local Linux system, execute this command (we are...


Managing Journal Size

We saw how systemd journal size can be controlled with configuration parameters. Even with default configuration values, systemd-journald will ensure that older journal records or journal files are deleted to keep the correct amount of disk space free. We can also use some of the options of journalctl to manage the journal. To check how much disk space is currently taken up by the journal, use the –disk-usage parameter: ...


Linux Logging with Systemd

Systemd is the new system and service manager for Linux. It has become the de facto system management daemon in various Linux distributions in recent years. Systemd was first introduced in Fedora. Other distributions like Arch Linux, openSUSE, or CoreOS have already made it part of their operating systems. Red Hat Enterprise Linux (RHEL) and its downstream distros like CentOS started to use systemd natively from version 7. Another major distribution, Ubuntu—which...

This guide will help software developers and system administrators become experts at using logs to better run their systems. This is a vendor-neutral, community effort featuring examples from a variety of solutions. Each guide includes:

  • A basic overview of what’s in the logs and where to find them
  • How to search or analyze logs to find valuable information
  • How to troubleshoot common issues and find the root cause
  • How to centralize or aggregate logs in a large distributed system

This guide will help software developers and system administrators become experts at using logs to better run their systems. This is a vendor-neutral, community effort featuring examples from a variety of solutions

Meet Our Contributors Become a contributor