LoggingThe Ultimate Guide

your open-source resource for understanding, analyzing, and troubleshooting system logs

curated byloggly

Sadequl Hussain

IT pro with more than fifteen years of experience in application development, database administration, training and technical writing. Love anything related to database and system administration (both Windows and Linux). Working with cloud and DevOps technologies at the moment and learning NoSQL/Big Data technologies like MongoDB. Enjoy technical writing, presenting and training.


Linux Logging Basics

First we’ll describe the basics of what Linux logs are, where to find them, and how they get created. If you already know this stuff, feel free to skip to the next section. Linux System Logs Many valuable log files are automatically created for you by Linux. You can find them in your /var/log directory. Here is what this directory looks like on a typical Ubuntu system: Some of the...


Analyzing Linux Logs

There’s a great deal of information waiting for you within your logs, although it’s not always as easy as you’d like to extract it. In this section, we will cover some examples of basic analysis you can do with your logs right away (just search what’s there). We’ll also cover more advanced analysis that may take some upfront effort to set up properly, but will save you time on the...


Troubleshooting with Linux Logs

Troubleshooting is the main reason people create logs. Often you’ll want to diagnose why a problem happened with your Linux system or application. An error message or a sequence of events can give you clues to the root cause, indicate how to reproduce the issue, and point out ways to fix it. Here are a few use cases for things you might want to troubleshoot in your logs. Cause of...


Managing Linux Logs

A key best practice for logging is to centralize or aggregate your logs in one place, especially if you have multiple servers or tiers in your architecture. We’ll tell you why this is a good idea and give tips on how to do it easily. It can be cumbersome to look at individual log files if you have many servers. Modern web sites and services often include multiple tiers of...


Windows Logging Basics

Logs are records of events that happen in your computer, either by a person or by a running process. They help you track what happened and troubleshoot problems. The most common location for logs in Windows is the Windows Event Log. It contains logs from the operating system and several applications such as SQL Server or Internet Information Server (IIS). The logs use a structured data format, making them easy...


Troubleshooting with Windows Logs

The most common reason people look at Windows logs is to troubleshoot a problem with their systems or applications. In this guide, we present common troubleshooting use cases and describe how to diagnose the root cause of the problem using events in your logs. Looking for Failed Logon Attempts Check Windows Security logs for failed logon attempts and unfamiliar access patterns. Authentication failures occur when someone or some application passes...


Centralizing Windows Logs

You can use the tools in this section to centralize your Windows Event Log from many servers or desktops. By properly administering your logs, you can track the health of your systems while keeping your log files secure, and filter their contents for finding the correct information. Why Centralize Logs? Centralizing your logs saves time and increases the reliability of your log data. When Windows log files are stored locally...


Using systemctl

Systemctl is a very powerful Linux utility that comes with systemd. It comes with a long list of options for different functionality, the most common of which are starting, stopping, restarting or reloading a daemon. In the following examples, we will see how we can use systemctl for some of the troubleshooting purposes. Listing Units To check which services are installed in the local Linux system, execute this command (we...


Managing Journal Size

We saw how systemd journal size can be controlled with configuration parameters. Even with default configuration values, systemd-journald will ensure that older journal records or journal files are deleted to keep the correct amount of disk space free. We can also use some of the options of journalctl to manage the journal. To check how much disk space is currently taken up by the journal, use the –disk-usage parameter: ...


Linux Logging with Systemd

Systemd is the new system and service manager for Linux. It has become the de facto system management daemon in various Linux distributions in recent years. Systemd was first introduced in Fedora. Other distributions like Arch Linux, openSUSE or CoreOS have already made it part of their operating systems. Red Hat Enterprise Linux (RHEL) and its downstream distros like CentOS started to use systemd natively from version 7. Another major...

This guide will help software developers and system administrators become experts at using logs to better run their systems. This is a vendor-neutral, community effort featuring examples from a variety of solutions. Each guide includes:

  • A basic overview of what’s in the logs and where to find them
  • How to search or analyze logs to find valuable information
  • How to troubleshoot common issues and find the root cause
  • How to centralize or aggregate logs in a large distributed system

This guide will help software developers and system administrators become experts at using logs to better run their systems. This is a vendor-neutral, community effort featuring examples from a variety of solutions

Meet Our Contributors Become a contributor