1.10. Using the Log Files to Troubleshoot Problems

When troubleshooting a problem, you may appreciate the log files that contain different information and messages about the operating system. The logging system in Red Hat Enterprise Linux 7 is based on the built-in syslog protocol. Particular programs use this system to record events and organize them into log files, which are useful when auditing the operating system and troubleshooting various problems.
For more information on log files, see Chapter 23, Viewing and Managing Log Files.

1.10.1. Services Handling the syslog Messages

The syslog messages are handled by two services:
  • the systemd-journald daemon - Collects messages from the kernel, the early stages of the boot process, standard output and error of daemons as they start up and run, and syslog, and forwards the messages to the rsyslog service for further processing.
  • the rsyslog service - Sorts the syslog messages by type and priority, and writes them to the files in the /var/log directory, where the logs are persistently stored.

1.10.2. Subdirectories Storing the syslog Messages

The syslog messages are stored in various subdirectories under the /var/log directory according to what kind of messages and logs they contain:
  • var/log/messages - all syslog messages except those mentioned below
  • var/log/secure - security and authentication-related messages and errors
  • var/log/maillog - mail server-related messages and errors
  • var/log/cron - log files related to periodically executed tasks
  • var/log/boot.log - log files related to system startup