TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
 
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
As a JavaScript developer, what non-React tools do you use most often?
Angular
0%
Astro
0%
Svelte
0%
Vue.js
0%
Other
0%
I only use React
0%
I don't use JavaScript
0%
 
NEW! Try Stackie AI
Cloud Native Ecosystem Containers Databases Edge Computing Infrastructure as Code Linux Microservices Open Source Networking Storage
3 Factors Many Platform Engineers Still Get Wrong
May 27th 2025 8:00am, by Doug Sillars
Cloud Realities Are Slowing AI Ambitions
May 23rd 2025 4:18pm, by Mike Hicks
Red Hat's AI Platform Now Has an AI Inference Server
May 21st 2025 12:00pm, by Steven J. Vaughan-Nichols
6 IaC Tips for Cloud Practitioners
May 21st 2025 9:00am, by Ido Neeman
How To Accelerate Edge Application Deployment at Scale
May 20th 2025 1:30pm, by Alexsander Petrenko
Future-Proofing AI: Repeating Mistakes or Learning From the Past?
Jun 3rd 2025 7:00am, by Alex Zenla
How To Fill the Open Source Cracks in Your Container Foundation
Jun 2nd 2025 9:00am, by Vicki Walker
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by Steven J. Vaughan-Nichols
Docker’s Best-Kept Secret: How Observability Saves Developers’ Sanity
May 31st 2025 10:00am, by Aditya Gupta
Build GenAI Applications Locally With Docker Model Runner
May 23rd 2025 6:00am, by Janakiram MSV
The Power of TIG Stack: Mastering Time Series Data Management
Jun 3rd 2025 9:00am, by Anais Dotis-Georgiou
Enterprise AI Success Demands Real-Time Data Platforms
Jun 2nd 2025 7:00am, by Tim Rottach
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by Loraine Lawson
Top 4 Observability Risks
May 30th 2025 9:10am, by Abby Ross
PostgreSQL 18 Delivers Significant Performance Gains for OLTP and Analytics
May 28th 2025 6:00am, by Jelani Harper
Why Devs Must Rethink Their Role in Modern CDNs and the Edge
Jun 4th 2025 7:02am, by Richard MacManus
How To Accelerate Edge Application Deployment at Scale
May 20th 2025 1:30pm, by Alexsander Petrenko
How to Use AI to Detect PPE Compliance in Edge Environments
May 13th 2025 7:00am, by Sathiyadev Thangaswamy
Remote MCP Servers: Inevitable, Not Easy
May 12th 2025 12:00pm, by Michael Field
Q&A: Nutanix CEO Rajiv Ramaswami on the Cloud Native Enterprise
May 12th 2025 7:00am, by Joab Jackson
Why CI/CD Alone Won’t Cut It for Infrastructure as Code
May 29th 2025 10:00am, by Marcin Wyszynski
The AI Code Generation Problem Nobody's Talking About
May 29th 2025 8:00am, by Michelle Gienow
Red Hat Ansible and HashiCorp Terraform Will Be Coming Together
May 28th 2025 7:00am, by Steven J. Vaughan-Nichols
6 IaC Tips for Cloud Practitioners
May 21st 2025 9:00am, by Ido Neeman
IaC Is Too Complicated. Where’s That ‘Easy Button’?
May 19th 2025 6:06am, by Vicki Walker
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by Steven J. Vaughan-Nichols
OpenSUSE Tumbleweed: A Powerhouse, Rock-Solid Linux Desktop Distro
May 31st 2025 6:00am, by Jack Wallen
Red Hat Goes All in on AI-Powered Lightspeed System Admin Tools 
May 30th 2025 6:00am, by Steven J. Vaughan-Nichols
Linux Kernel 6.15 Boosts Virtualization, GPU, and CPU Performance
May 29th 2025 5:00am, by Damon M. Garn
Ubuntu Budgie 25.04: One of the Best Desktops on the Market
May 24th 2025 8:00am, by Jack Wallen
Reimagining Environments for Cloud Native Architectures
May 19th 2025 11:00am, by Arjun Iyer
Why Microservice Environments Break: Lack of Unification
May 12th 2025 6:07am, by Anirudh Ramanathan
Why Coordinating Microservice Changes Is Still a Mess
Apr 24th 2025 10:00am, by Anirudh Ramanathan
How to Implement the Saga Architectural Pattern in Microservices
Apr 21st 2025 6:28am, by Zziwa Raymond Ian
Scale Microservices Testing Without Duplicating Environments
Apr 15th 2025 9:00am, by Arjun Iyer
AI Agents Let Developers Kiss These 4 Chores Goodbye
May 30th 2025 7:40am, by Loraine Lawson
PostgreSQL 18 Delivers Significant Performance Gains for OLTP and Analytics
May 28th 2025 6:00am, by Jelani Harper
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Open Source KubeVirt: VM Management With Kubernetes Is a Work in Progress
May 27th 2025 12:16pm, by B. Cameron Gain
Traceloop Launches an Observability Platform for LLM-Based Apps
May 27th 2025 8:30am, by Frederic Lardinois
Why Devs Must Rethink Their Role in Modern CDNs and the Edge
Jun 4th 2025 7:02am, by Richard MacManus
Companies Must Embrace Bespoke AI Designed for IT Workflows
May 23rd 2025 10:00am, by Ramprakash Ramamoorthy
CNCF and Synadia Reach an Agreement on NATS
May 5th 2025 7:33am, by Steven J. Vaughan-Nichols
Gateway API or Ingress: A Developer’s Guide to Kubernetes Routing
May 2nd 2025 6:00am, by Janakiram MSV
Synadia Attempts To Reclaim NATS Trademark Back From CNCF
Apr 29th 2025 8:00am, by Steven J. Vaughan-Nichols
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by Tyler Rockwood
Modernization: Storage Strategies for the Cloud Era
May 28th 2025 1:00pm, by Carol Platz
Nutanix Unveils Major Platform Expansions at .NEXT 2025
May 8th 2025 12:00pm, by Chris J. Preimesberger
Eliminate Application Timeouts With Software-Defined Storage
May 8th 2025 9:00am, by Carol Platz
Kafka Tiered Storage: Store More, But Pay Less
May 7th 2025 2:00pm, by Anil Inamdar
AI AI Engineering API Management Backend development Data Frontend Development Large Language Models Security Software Development WebAssembly
FinOps Foundation Launches New FinOps for AI Certification
Jun 4th 2025 6:13am, by
A Chief AI Officer Won't Fix Your AI Problems
Jun 3rd 2025 1:00pm, by
Dream 7B: A Powerful and Open Diffusion Language Model
Jun 3rd 2025 10:00am, by
OpenAI’s Sam Altman: AI Is Now Ready for the Enterprise
Jun 3rd 2025 8:25am, by
Future-Proofing AI: Repeating Mistakes or Learning From the Past?
Jun 3rd 2025 7:00am, by
Future-Proofing AI: Repeating Mistakes or Learning From the Past?
Jun 3rd 2025 7:00am, by
Snowflake Streamlines Data Analysis for Enterprise AI
Jun 3rd 2025 6:00am, by
Microsoft Targets AI 'Holy Grail' With Windows ML 2.0
May 31st 2025 9:00am, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
AI Agents Let Developers Kiss These 4 Chores Goodbye
May 30th 2025 7:40am, by
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by
Boomi Delivers Agentstudio for AI Agent Development
May 22nd 2025 4:00pm, by
Beyond API Uptime: Modern Metrics That Matter
May 22nd 2025 6:17am, by
5 'Cheat Codes' for Building Better APIs
May 21st 2025 8:00am, by
Why APIs Are Essential and MCP Is Optional (for Now)
May 8th 2025 8:00am, by
Next.js Deployment Spec Simplifies Frontend Hosting
May 6th 2025 12:00pm, by
A Practical Guide To Building a RAG-Powered Chatbot
May 5th 2025 12:00pm, by
JavaScript's Missing Link: Wasp Offers Full Stack Solution
Mar 26th 2025 2:00pm, by
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by
Apollo: GraphQL Now Connects to REST APIs With Little Fuss
Mar 11th 2025 7:30am, by
The Power of TIG Stack: Mastering Time Series Data Management
Jun 3rd 2025 9:00am, by
Snowflake Streamlines Data Analysis for Enterprise AI
Jun 3rd 2025 6:00am, by
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by
Can OpenSearch Shut Down Those Bad Vector Search Results? 
May 30th 2025 10:56am, by
Top 4 Observability Risks
May 30th 2025 9:10am, by
Why Devs Must Rethink Their Role in Modern CDNs and the Edge
Jun 4th 2025 7:02am, by
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by
When To Use Progressive Web Apps and When To Go Native
May 29th 2025 2:00pm, by
Empowering IT Teams Through Seamless UI and AI Agents
May 27th 2025 6:00am, by
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by
Dream 7B: A Powerful and Open Diffusion Language Model
Jun 3rd 2025 10:00am, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
TanStack Adds Database, WordPress Creates AI Team
May 31st 2025 5:00am, by
New Tools Help LLM Developers Choose Better Pre-Training Data
May 29th 2025 9:00am, by
Self-Aware AI: Building Adaptive LLM Decision Agents
May 29th 2025 7:00am, by
How To Fill the Open Source Cracks in Your Container Foundation
Jun 2nd 2025 9:00am, by
WizOS: A New Enterprise Linux Built on Alpine’s Secure Foundation
Jun 2nd 2025 6:00am, by
What HAL 9000 Teaches Us About AI-Driven Authorization
May 30th 2025 12:00pm, by
Linux Kernel 6.15 Boosts Virtualization, GPU, and CPU Performance
May 29th 2025 5:00am, by
Security Firm Snyk Tackles AI Coding's Perfect Storm
May 28th 2025 10:06am, by
What Is Output Formatting in Python and How Do You Do It?
Jun 2nd 2025 3:00pm, by
Scratch That Itch for Young Developers
Jun 1st 2025 6:01am, by
Microsoft Targets AI 'Holy Grail' With Windows ML 2.0
May 31st 2025 9:00am, by
Claude Opus 4 With Claude Code: A Developer Walkthrough
May 31st 2025 8:00am, by
Google Study: 65% of Developer Time Wasted Without Platforms
May 30th 2025 3:00pm, by
The State of JavaScript Debugging in WebAssembly
May 19th 2025 1:30pm, by
Build Edge Native Apps With WebAssembly
May 7th 2025 8:00am, by
GraalVM (Finally) Gets Java for WebAssembly
Apr 22nd 2025 4:00pm, by
Hyperlight Wasm: Azure Goes the Final Wasi Mile
Apr 3rd 2025 9:00am, by
Endor: WebAssembly-Based Server in the Browser
Mar 29th 2025 1:00pm, by
AI Operations CI/CD Cloud Services DevOps Kubernetes Observability Operations Platform Engineering
Why Streaming Is the Power Grid for AI-Native Data Platforms
Jun 2nd 2025 11:00am, by Tyler Rockwood
Time Series Forecasting: An Open Source, No-Code Solution
May 27th 2025 8:00am, by Anais Dotis Georgiou
AI Is Quickly Making IT Teams and Developers From Invisible to Indispensable
May 23rd 2025 11:00am, by Neil McRae
Developers Can Now ‘Uber’ GPUs With NVIDIA’s Lepton Platform
May 20th 2025 11:30am, by Agam Shah
SAP Unveils New AI Tools for Developers
May 20th 2025 7:20am, by Loraine Lawson
Why 90% of Microservices Still Ship Like Monoliths
Jun 3rd 2025 8:00am, by Arjun Iyer
Why CI/CD Alone Won’t Cut It for Infrastructure as Code
May 29th 2025 10:00am, by Marcin Wyszynski
Why Mobile App Reliability Is So Complicated
May 28th 2025 8:00am, by Virna Sekuj
Build an AI Chat Assistant With Stream and OpenAI
May 23rd 2025 12:00pm, by Danny Adams
CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor
May 22nd 2025 1:00pm, by Darryl K. Taft
SAP Simplifies ERP Data Access for Developers
May 28th 2025 5:00pm, by Loraine Lawson
AWS Revives and Updates Its Customer Carbon Footprint Tool
May 28th 2025 11:00am, by Charles Humble
Cloud Realities Are Slowing AI Ambitions
May 23rd 2025 4:18pm, by Mike Hicks
Clouds, Code, and Control: The New Open Source Power Struggle
May 22nd 2025 10:10am, by Dawn Foster
Running AI Workloads Responsibly in the Cloud
May 14th 2025 11:00am, by Sam Prakash Bheri
A Chief AI Officer Won't Fix Your AI Problems
Jun 3rd 2025 1:00pm, by Rohit Choudhary
Red Hat Ansible and HashiCorp Terraform Will Be Coming Together
May 28th 2025 7:00am, by Steven J. Vaughan-Nichols
AI Is Quickly Making IT Teams and Developers From Invisible to Indispensable
May 23rd 2025 11:00am, by Neil McRae
IaC Is Too Complicated. Where’s That ‘Easy Button’?
May 19th 2025 6:06am, by Vicki Walker
Keeping Up With AI: The Painful New Mandate for Software Engineers
May 16th 2025 11:15am, by Manjunath Bhat
Kubernetes vs. Docker Compose: Which Orchestration Tool Should You Choose?
Jun 3rd 2025 4:00am, by Sunny Yadav
From YAML to Platforms: The Kubernetes Deployment Journey
May 29th 2025 11:00am, by Bhushan Nemade
Open Source KubeVirt: VM Management With Kubernetes Is a Work in Progress
May 27th 2025 12:16pm, by B. Cameron Gain
How To Remove a Deployment in Kubernetes: Methods, Steps and Tools
May 22nd 2025 5:00am, by Sunny Yadav
OrbStack: A Deep Dive for Container and Kubernetes Development
May 16th 2025 6:00am, by Janakiram MSV
Zymtrace Launches End-to-End GPU and CPU Observability
Jun 3rd 2025 11:00am, by Charles Humble
Bridging the Gap Between Monitoring and Incident Resolution
Jun 2nd 2025 8:00am, by Cristina Dias
Docker’s Best-Kept Secret: How Observability Saves Developers’ Sanity
May 31st 2025 10:00am, by Aditya Gupta
Can OpenSearch Shut Down Those Bad Vector Search Results? 
May 30th 2025 10:56am, by B. Cameron Gain
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
Aptori Is Building an Agentic AI Security Engineer
Jun 3rd 2025 12:00pm, by Frederic Lardinois
Zymtrace Launches End-to-End GPU and CPU Observability
Jun 3rd 2025 11:00am, by Charles Humble
Bridging the Gap Between Monitoring and Incident Resolution
Jun 2nd 2025 8:00am, by Cristina Dias
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
Red Hat Goes All in on AI-Powered Lightspeed System Admin Tools 
May 30th 2025 6:00am, by Steven J. Vaughan-Nichols
Google Study: 65% of Developer Time Wasted Without Platforms
May 30th 2025 3:00pm, by Todd R. Weiss
Fluent Bit, a Specialized Event Capture and Distribution Tool
May 30th 2025 10:00am, by Phil Wilkins
3 Factors Many Platform Engineers Still Get Wrong
May 27th 2025 8:00am, by Doug Sillars
To Fix Platform Engineering, Build What Users Actually Want
May 18th 2025 10:00am, by Shweta Vohra
Building Trust in AI-Driven QA: Ensuring Transparency and Explainability With GenAI
May 16th 2025 5:00am, by Saqib Jan
C++ Developer tools Go Java JavaScript Programming Languages Python Rust TypeScript
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
EngFlow Makes C++ Builds 21x Faster and Software a Lot Safer
Apr 3rd 2025 3:00pm, by Darryl K. Taft
Memory-Safe C: TrapC's Pitch to the C ISO Working Group
Mar 12th 2025 7:00am, by David Cassel
Bjarne Stroustrup on How He Sees C++ Evolving
Mar 7th 2025 6:00am, by David Cassel
Curl's Daniel Stenberg on Securing 180,000 Lines of C Code
Feb 23rd 2025 6:00am, by David Cassel
The AI Code Generation Problem Nobody's Talking About
May 29th 2025 8:00am, by Michelle Gienow
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by Karissa Jacobsen
The New Bottleneck: AI That Codes Faster Than Humans Can Review
May 27th 2025 11:00am, by Michelle Gienow
Exploring the JetBrains AI Assistant for Visual Studio Code
May 24th 2025 7:00am, by David Eastman
CodeRabbit's AI Code Reviews Now Live Free in VS Code, Cursor
May 22nd 2025 1:00pm, by Darryl K. Taft
Prepare Your Mac for Go Development
Apr 12th 2025 7:00am, by Damon M. Garn
Pagoda: A Web Development Starter Kit for Go Programmers
Mar 19th 2025 6:10am, by Loraine Lawson
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Introduction to Go Programming Language
Jan 17th 2025 9:00am, by TNS Staff
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Azul CTO: Java at 30 Still Rules Enterprise Dev
May 23rd 2025 1:00pm, by Darryl K. Taft
Dead Code Detection Just Got Easier for Java Developers
May 15th 2025 5:00pm, by Darryl K. Taft
Java at 30: The Genius Behind the Code That Changed Tech
May 15th 2025 9:00am, by Darryl K. Taft
GraalVM (Finally) Gets Java for WebAssembly
Apr 22nd 2025 4:00pm, by B. Cameron Gain
How to Use Docusign APIs to Embed Custom Document Signing in an App
May 28th 2025 2:00pm, by Karissa Jacobsen
The State of JavaScript Debugging in WebAssembly
May 19th 2025 1:30pm, by B. Cameron Gain
Does LLM Write Performant Code? Study Says No
May 17th 2025 5:00am, by Loraine Lawson
Build a Real-Time Voting App With Stream Chat and Next.js
May 14th 2025 7:00am, by Ankur Tyagi
Svelte Adds Asynchronous Sync Inside Components
May 10th 2025 7:00am, by Loraine Lawson
What Is Output Formatting in Python and How Do You Do It?
Jun 2nd 2025 3:00pm, by Jack Wallen
How Java Sparked an Open Source Revolution 30 Years Ago
May 27th 2025 4:00pm, by Darryl K. Taft
Azul CTO: Java at 30 Still Rules Enterprise Dev
May 23rd 2025 1:00pm, by Darryl K. Taft
How to Build Multistep Forms in React
May 22nd 2025 12:00pm, by Vinod Pal
Java at 30: The Genius Behind the Code That Changed Tech
May 15th 2025 9:00am, by Darryl K. Taft
What Is Output Formatting in Python and How Do You Do It?
Jun 2nd 2025 3:00pm, by Jack Wallen
Time Series Forecasting: An Open Source, No-Code Solution
May 27th 2025 8:00am, by Anais Dotis Georgiou
Python Pandas Ditches NumPy for Speedier PyArrow
May 27th 2025 7:00am, by Joab Jackson
Python's Security Savior: Chainguard Battles Supply Chain Risk
May 14th 2025 9:00am, by Darryl K. Taft
Python's Open Source DNA Powers Anaconda's New AI Platform
May 13th 2025 4:00pm, by Jeffrey Burt
Microsoft TypeScript Devs Explain Why They Chose Go Over Rust, C#
Mar 18th 2025 7:00am, by David Cassel
Go Power: Microsoft's Bold Bet on Faster TypeScript Tools
Mar 12th 2025 1:00pm, by Darryl K. Taft and Loraine Lawson
Oracle Won’t Release ‘JavaScript’ Without a Fight
Jan 11th 2025 5:00am, by Loraine Lawson
The Year in JavaScript: Top JS News Stories of 2024
Dec 27th 2024 6:30am, by Loraine Lawson
How OOP Developers Can Get To Know TypeScript Through Deno
Oct 19th 2024 8:00am, by David Eastman
Linux / Observability

How To Manage Linux Log Services

This article explains the rsyslog logging service and compares it to the newer journald system. It uses practical command examples to manage the services and update configuration files.
Aug 3rd, 2024 9:00am by
Featued image for: How To Manage Linux Log Services
Feature image via Unsplash.
This article on services fits into a larger series of Linux articles covering various sysadmin topics, including hardware identification and managing system processes. You can build a lab environment by following the information in the Linux: Companion Lab for Linux Skill Blocks Repository article.  In this series, we also covered how to pick a distribution and installation platform, how the Linux kernel interacts with hardware and how Linux manages system services, storage, file permissions, system processes, and user and group permissions.

Log files are a critical tool for Linux users troubleshooting system issues, auditing uptime and managing security configurations. Like other operating systems, Linux includes robust logging features that track information like login attempts (successful and failed), software installation, application errors, system halts and more. Modern Linux systems rely on two logging services: syslog and journald. The common syslog implementation is rsyslog. Maintaining and reviewing system logs is a critical part of any Linux administrator’s job.

This article explains the rsyslog logging service and compares it with the newer journald system. It uses practical command examples to manage the services and update configuration files.

This discussion of log files fits into a broader series of Linux articles covering various sysadmin topics, including hardware identification and managing system processes. You can build a lab environment to try these commands yourself by following the information in the Linux: Companion Lab for Linux Skill Blocks Repository article. If you need to review Linux command syntax, read Understand the Linux Command Line.

This series also covered how to pick a distribution and how the Linux kernel interacts with hardware.

Note: It is poor security practice to log on to a Linux system as the root (administrator) user. Most systems force you to log on as a regular user and then use the sudo (super user do) command to elevate your privileges. You may be prompted for your password when using sudo .

Understand and Manage the rsyslog Service

Use the systemctl  command to manage the rsyslog service. You can start, stop and restart the service. These options are handy when making changes to the configuration file. The rsyslog service must be restarted to read the updated configuration file settings.


You can cause the service to start or stop the service from starting when the system boots by using the systemctl  enable  and disable  commands. Here are examples of each:



These are the same commands and approaches you use to manage other services.

Identify Specific Logs in /var/log

Linux distributions use a standard storage location for log files. The location is the /var/log  directory. Additional logs and subdirectories exist in that directory. These vary by distribution and installed applications.

Use the cd  command to change to the /var/log  directory, and then list the contents using the ls  command.

Here are the common log files for Fedora and Ubuntu Linux. Notice that some of the logs vary between the two distributions. This is a common occurrence with Linux distributions.

Examples of log files found in Fedora Linux:

  • /var/log/messages : System logs like kernel, authentication and services
  • /var/log/secure  or /var/log/auth.log : Authentication logs
  • /var/log/boot.log : Boot log
  • /var/log/kern.log : Linux kernel log entries
  • /var/log/dnf.log : Installations and other package manager events
  • /var/log/utmp : Current system logins and connections
  • /var/log/btmp : Failed login information
  • /var/log/wtmp : Historical record of utmp  entries

Note that some logs referenced above are found in older Linux versions. Log entries for the kernel, services, authentication and other functions have been moved to the journald logs on many distributions.

Figure 1: Contents of the /var/log directory on a Fedora Linux system.

Examples of log files found in Ubuntu Linux:

  • /var/log/syslog : System logs like kernel, authentication and services
  • /var/log/kern.log : Linux kernel log entries
  • /var/log/auth.log : User logins and sudo credential use
  • /var/log/fail.log : Failed authentication attempts
  • /var/log/lastlog : Most recent logins by users
  • /var/log/apt : Installations and other package management events

Some distributions add or remove logs in the /var/log  directory, so you may need to check the documentation for your specific Linux distro. Some logs above are now part of the journald logging mechanism and may no longer appear in the /var/log  directory.

Application Log Files

Many applications integrate with rsyslog to manage their logs. For example, rsyslog can manage and forward log files for the common Apache webserver program. Apache’s logs are usually at /var/log/httpd  on Red Hat-based systems or /var/log/apache2  on Debian-based distros. Tools like the Nginx webserver and MySQL database use a similar logging scheme.

Read and Search Log Files

Syslog log files are simple text documents, easy to open and read with applications like cat  and less . Tools like grep  and tail  also enable robust filtering and search capabilities to help you find exactly what you’re looking for.

Use grep to Search Logs

Most log files store their information in plain text, making them easy to read and search. For example, you may wish to check /var/log/dnf.log  to see whether the vim  software package is installed. Use the grep  pattern-matching utility to check for the application.


Figure 2: Using grep to filter DNF package manager logs for the Vim application.

Any log file entries with the vim  string should be displayed. The grep  pattern matcher is helpful in these situations. The -i option used above causes it to ignore case.

Use tail to Search Logs

Another helpful tool for checking log files is the tail  command. It displays the bottom of a file. Log files store the most recent entries at the bottom, so you can see the most current information by examining the end of the log file.


You can adjust how many lines tail  displays by using the -n  switch and the number of lines you want to see. The following example displays 20 lines instead of the default 10.


However, the most useful flag for tail might be -f . This option periodically refreshes the tail  output, allowing you to open a terminal window, tail  a log file and see the window update periodically with most recent log entries.

What Is journald?

Today, most Linux distributions rely on systemd for system initialization and service management because it offers modern advantages over the older init system. You’ll use commands like systemctl restart sshd  to manage services with systemd.

Another aspect of systemd is log file management. systemd needed a different and more robust logging mechanism than rsyslog could offer. The result is journald, a new log file mechanism available on most current distributions. It collects information from the Linux kernel. It also logs information from services and applications that systemd manages.

However, many discussions of Linux logs make it sound as though you must pick one logging engine or the other. In reality, you’ll probably use both journald and rsyslog to keep an eye on what’s happening on your system.

journald Advantages and Disadvantages

Like any other utility, journald has its advantages and disadvantages compared to similar services. The following are a few considerations.

Advantages:

  • journald indexes entries, making lookups much faster.
  • Easily filter and prioritize log file entries.
  • Privileged access, where users can see logs pertaining to their jobs, and root can see all log entries.
  • Flexible log rotation built in.

Disadvantages:

  • It cannot natively forward logs to a central server for aggregation.
  • It does not use standard text files to record information, making reading log entries with anything other than the journalctl  command tougher.

View Logs Using journalctl

The journalctl  command allows administrators to configure journald settings and display log file entries. It offers extensive customization and flexibility.

There are two primary journald resources to be aware of:

  • The default persistent storage location for journald logs is /var/log/journal .
  • The primary configuration file is /etc/systemd/journald.conf .

Be sure to use the sudo  command if the privilege is delegated to you. journald carefully filters what it displays depending on the user.

The journalctl  command without arguments shows recent log entries in chronological order (oldest entries first). It automatically uses the less  utility to break results into pages, so navigate the entries the same way you would with less .

Use the q key to exit the journal. Below is the partial output from the journalctl  command.

Figure 3: Partial output of the journalctl command with no filtering flags.

To display logs in reverse order (most recent entries first), type:


Use the -n flag with a specified number to display a limited number of entries. For example, to display five entries, type:


Figure 4: Use the -n flag to display a specified number of lines in the log file.

Some Linux users will be familiar with the trick of viewing log files in real time using the tail -f command. The -f  option functions the same way with the journalctl  command, automatically refreshing the command output to show you the latest log entries in real time. Exit the output by using Ctrl+C.


The -k  option displays kernel messages. This flag is useful when troubleshooting problems at the kernel level without the clutter of service log entries.

Figure 5: Use the -k flag to display kernel messages (partial output shown).

Add the | grep {string}  command to filter your journalctl  output. For example, perhaps you’re looking for errors or misconfigurations in your system’s bootup sequence that might be slowing it down. One term to search for is “Unknown.” Use grep  and the -k  option to display kernel information.


Figure 6: Use grep to search the kernel output for unknown messages.

Some of the most important and interesting results will come from specific services. Specify the service name as the argument to the journalctl  command. For example, to display logs related to firewalld, type:


Figure 7: Display service-specific entries by using the service name as an argument for the journalctl command.

The -u  flag stands for unit and offers administrators further control over the output displayed.

These are a handful of the journalctl  options. It also offers filtering by time intervals and log entry severity. It’s easy to see why journalctl  is popular with administrators who take the time to learn it — it offers great flexibility for filtering and managing log data.

Integrating journald With rsyslog

A certain amount of integration is available between rsyslog and journald. While journald doesn’t forward log files to a remote central server for aggregation, it can forward log entries to rsyslog, which can then forward them to remote systems. This approach lets administrators continue to centralize logs for auditing and analysis while still benefiting from the additional information journald receives from the kernel and services managed by systemd.

You’ll likely use both mechanisms to monitor your Linux servers.

Wrap Up

Administrators should regularly review log files for odd behavior, unexpected actions, suspicious login attempts, etc. Doing so helps you understand the system better and identify potential security or performance problems. You may also be required to demonstrate log file maintenance in compliance or security audits. Commands like grep , tail , and less  help you view and manipulate rsyslog log file entries. You’ll use the journalctl  command to view log entries managed by journald.

If you manage more than a few Linux systems, consider centralizing log files on a single server using rsyslog’s built-in forwarding mechanism. This is tougher to accomplish with journald logs, but it can be done.

One of the most confusing parts of managing Linux logs is the variations among distributions. Hopefully, your organization has standardized on just one or two specific distributions. If that’s the case, review the documentation or wiki for the distro and note the log files it uses. This process is tougher if your company uses many different distros.

Begin now to learn what logs exist, where they are found, and how to filter or search them to find what you need.

TRENDING STORIES
Created with Sketch.
Damon M. Garn owns Cogspinner Coaction, LLC, an IT writing and editing company. He authors articles, tutorials, and labs for today’s top IT industry leaders. He regularly contributes to The New Stack, TechTarget, and CompTIA. Damon has 20 years of...
Read more from Damon M. Garn
SHARE THIS STORY
TRENDING STORIES
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.