Log Viewer is a simple GUI tool that houses all your log files in one convenient location with a point and click interface and a user-friendly calendar that helps you navigate through dates.

Fire It Up

Starting Log View is simple. Go to the Applications menu and click the System Tools sub menu. Within the System Tools sub menu you will see the System Log entry which, when clicked, will ask for your root password. After you enter the root password the Log Viewer application will start.

Log Viewer

When you first open Log Viewer it will most likely default to the Xorg.0.log file. You will have access to any of the log files within the the /var/log directory. And any of those logs that have dated entries will allow you to click through the calendar to view other dates of your log file. If the log file you are viewing does not have dated entries (or archived entries) the calendar will be grayed out.

To view archived logs you will click the Version dropdown which will reveal how ever many versions (or archives) of the particular log file you are viewing.  For instance if I click on the Xorg.0.log file I have the current entry and one other archive. If I click on the messages log file I will see the current entry as well as archives 1 – 4.

You can also add a filter to your viewing. This will be very helpful when you are troubleshooting. Say, for example, you are trying to track down a particular rogue IP address within the secure log. Click the Ctrl-f combination to open the Filter text box and enter the IP address when viewing the secure log file. If the IP address you are searcing for is in the log file, any entry containing that IP address will show up in the viewing area.

Final Thoughts

I am a frequent viewer of log files. Any time I am troubleshooting the /var/log directory is the first place I turn. But sometimes searching for a needle in a haystack can require more time than I have. With the help of Log Viewer this task is made much easier.

dmesg

When I have a problem (or when I am attaching a usb device) one of the first places I go is the dmesg command. The dmesg command prints out the kernel keyring buffer. The information you will get will be all of the information you do not see when your system is booting. This is a great place to get information (low level) on your hardware. On one of my laptops, I run dmesg and near the top I see:

Phoenix BIOS detected: BIOS may corrupt low RAM, working it around.
last_pfn = 0x7f6d0 max_arch_pfn = 0x100000
x86 PAT enabled: cpu 0, old 0x7040600070406, new 0x7010600070106
kernel direct mapping tables up to 38000000 @ 10000-15000
Using x86 segment limits to approximate NX protection
RAMDISK: 37c6a000 - 37fef4a2


From that I can tell I have a Phoenix bios. Pretty obvious. A little later I see:

Security Framework initialized
SELinux:  Initializing.
SELinux:  Starting in permissive mode

Now I know Security Enhanced Linux is starting, in permissive mode, at bootup. And even further on down the line I see:

CPU1: Intel(R) Pentium(R) Dual  CPU  T2390  @ 1.86GHz stepping 0d
checking TSC synchronization [CPU#0 -> CPU#1]: passed.
Brought up 2 CPUs
Total of 2 processors activated (7447.76 BogoMIPS)

The above shows me information about my CPU. Good to know.

The most important information you will probably get from dmesg is the information regarding attached USB devices. When you plug in a USB device you will need to know what special device this is attached to so you can mount it. This will occur at the bottom of the dmesg command output.

The output of dmesg is quite long and will scroll by very quickly. When I run this command I always pipe it through the less command like so:

dmesg | less

This way I can view the output one page at a time.

/var/log

This special directory is the Mac Daddy of information gathering. Fire up a terminal window and issue the command ls /var/log/ and see what it contains. You see, included in this listing, such log files and log directories as:

• boot.log – boot information
• cron – cron logs
• cups – directory of all printing logs
• httpd – Apache logs
• mail – Mail server logs
• maillog – The mail log
• messages – Post-boot kernel information
• secure – Security log
• Xorg.0.log – X Server log

You can see the listing of log files in the /var/log directory, but in order to actually read the log files you have to be the root user (or use sudo).

Viewing with tail

One of the handiest methods of viewing log files is using the tail command. What tail does is follow the running output of a log file. For instance if I want to follow my /var/log/secure log to watch for security issues I would enter the command tail -f /var/log/secure. The f switch tells tail to follow. If  you don’t add the f switch tail will just list the output all at once (as if you just issued less /var/log/secure.)

Final Thougths

There is so much information to be gained from reading log files. The Linux operating system makes reading log files easy, once you know which log file does what. Take a poke around /var/log to find out exactly what you have and where you need to look for the problem you are having.