LinuxPapers.org: Using Log FilesMay 13, 2000, 13:17 (0 Talkback[s])
(Other stories by Gianluca Insolvibile)
"Even if you are only running your own Linux box at home, sooner or later you will face the task of having to solve some strange problems (PPP has stopped working, X is not starting anymore, and so on), where the only hint is some messages left in a log file. To prepare yourself for this, you should start peeking into log files right now, even if everything is working correctly (or, at least, that's what you think...)."
"Log files are just plain text files containing one message per line. To look at the messages inside any of them, all you have to do is use one of the many tools available in Linux that manage text files: a plain cat /var/log/messages would be sufficient to print all the messages onto the screen, but if you try it you will see a lot of text pages flowing over the screen probably too quickly to read. Log files are always very large, as they keep accumulated messages from the very first time you started your Linux system. In the future we will learn how to keep their size limited, but for the moment it suffices to notice that you cannot simply 'cat' them, and that it is probably a bad idea to try and open them with a text editor: firstly because you could easily run out of memory, and secondly because you are not expected to change the contents of a log file. A better way to look at log files is to use a pager, such as more or less, or to use grep if you are seeking specific messages. Let's try with less /var/log/messages first."
"...all the messages that go to the /var/log/messages file are nothing particularly serious or urgent. One interesting message is the so-called 'MARK', which is issued periodically (every 20 minutes by default) just to say that the system is still alive. ... Another typical use of the MARK message is for helping in a post-mortem diagnosis, giving the system administrator a hint about the last time the machine was running before an (unlikely) crash. ... The other two standard log files, /var/log/debug and /var/log/syslog, contain more important messages such as debug information and error notices."