When troubleshooting a problem, you may appreciate the log files that contain different information and messages about the operating system. The logging system in Red Hat Enterprise Linux 7 is based on the built-in syslog protocol. Particular programs use this system to record events and organize them into log files, which are useful when auditing the operating system and troubleshooting various problems.
1.10.1. Services Handling the syslog Messages
The syslog messages are handled by two services:
systemd-journald daemon - Collects messages from the kernel, the early stages of the boot process, standard output and error of daemons as they start up and run, and syslog, and forwards the messages to the
rsyslog service for further processing.
rsyslog service - Sorts the syslog messages by type and priority, and writes them to the files in the
/var/log directory, where the logs are persistently stored.
1.10.2. Subdirectories Storing the syslog Messages
The syslog messages are stored in various subdirectories under the
/var/log directory according to what kind of messages and logs they contain:
var/log/messages - all syslog messages except those mentioned below
var/log/secure - security and authentication-related messages and errors
var/log/maillog - mail server-related messages and errors
var/log/cron - log files related to periodically executed tasks
var/log/boot.log - log files related to system startup