4.3 Where Data is Stored (Weight: 3)
📘Linux Essentials (LPI 010-160)
1. What are System Logs?
System logs are files where Linux records events happening on the system. They are like a diary that keeps track of everything that happens. Logs are useful to:
- Troubleshoot problems (why a service failed)
- Monitor system performance
- Track security issues (like failed login attempts)
- Keep audit records (what users did)
Where are logs stored?
- Most system logs are stored in the
/var/log/directory. - Example common log files:
| Log File | What it Records |
|---|---|
/var/log/syslog | General system events (Ubuntu/Debian) |
/var/log/messages | General system events (Red Hat/CentOS) |
/var/log/auth.log | Authentication events, like login attempts |
/var/log/kern.log | Kernel messages |
/var/log/dmesg | Boot messages and hardware info |
/var/log/boot.log | Boot process logs |
/var/log/faillog | Failed login attempts |
/var/log/httpd/ or /var/log/apache2/ | Web server logs |
Tip for exams: Remember
/var/logis the main location for logs. Auth logs are for security, syslog/messages are general events.
2. Viewing System Logs
Linux provides commands to read logs:
cat/less/more– To read logs directly. cat /var/log/syslog
less /var/log/sysloglessis preferred because it lets you scroll and search easily.
tail– View the last few lines of a log (useful for recent events) tail /var/log/syslog
tail -f /var/log/syslog # real-time monitoringjournalctl– For systems usingsystemd(most modern Linux) journalctl # view all logs
journalctl -u ssh # logs for SSH service only
journalctl -b # logs since last boot
journalctl -f # follow logs in real-time
Logs can be huge, so filtering and searching is important:
grep "error" /var/log/syslog
3. What are Configuration Files?
Configuration files tell programs and the system how to behave. They are like instruction manuals for Linux and applications.
- Usually, configuration files are plain text.
- Most are stored in the
/etc/directory. - Changing them requires administrative rights (
root).
Common Configuration Files in Linux
| File / Directory | Purpose |
|---|---|
/etc/passwd | Stores user accounts info |
/etc/shadow | Stores user passwords securely |
/etc/group | Stores user group info |
/etc/hostname | System hostname |
/etc/hosts | Maps IP addresses to hostnames locally |
/etc/resolv.conf | DNS resolver configuration |
/etc/fstab | Filesystem mount points (disks, partitions) |
/etc/network/interfaces (Debian) or /etc/sysconfig/network-scripts/ (RHEL) | Network configuration |
/etc/ssh/sshd_config | SSH server configuration |
/etc/sudoers | User permissions for sudo |
Tip for exams:
/etc/is where system and service configuration files live.
4. Editing Configuration Files
To modify configuration files:
- Use text editors like: nano /etc/hostname
vi /etc/ssh/sshd_config - After changing some files, you may need to restart services to apply changes: systemctl restart sshd
systemctl restart networking
5. Differences Between Logs and Configuration Files
| Aspect | Logs | Configuration Files |
|---|---|---|
| Purpose | Record events | Define system/application behavior |
| Location | /var/log/ | /etc/ |
| Editable | Generally read-only | Editable by admin |
| Exam Focus | Monitoring, troubleshooting | System setup, network, services |
6. Real IT Examples
- Server Monitoring: A sysadmin checks
/var/log/auth.logto see failed SSH logins, helping prevent security breaches. - Web Server Setup: Edit
/etc/apache2/apache2.confto change server settings. Logs are in/var/log/apache2/for errors or access reports. - Network Troubleshooting: Check
/var/log/syslogor/var/log/messagesto see network interface errors after a reboot.
✅ Exam Key Points
- Logs =
/var/log/, used for monitoring, security, troubleshooting. - Configuration files =
/etc/, define system or service behavior. - Commands:
cat,less,tail,journalctlfor logsnano,vi,systemctlfor configs
- Security-related logs =
/var/log/auth.log - Network configuration =
/etc/network/or/etc/sysconfig/network-scripts/ - Always distinguish logs (record of events) from configs (instructions).
