I was checking my syslog file in the var/log directory. I am using Linux Mint. First of all, the log file is only showing the log for today's date. The log for yesterday is not showing. Does the syslog in linux erase itself everyday or something? Or is the fact that the log for the day before is missing be something I should be worried about? Another question, I am dual booting Windows 8 and Linux Mint. Let's say my computer was turned on but not logged in to either the Windows or Linux, would the activity still show on the logs for both? Also, is there anything else you think I should know about logs?
Add a comment
|
1 Answer
Logs in Linux are rotated (using logrotate command -- manual page) every day or every now and then. There are yesterday's log files whose names end in *.1 or are zipped as *.gz to save up space.
Important log files are dmesg, syslog and kern.log.
$ ls /var/log/dmesg*
/var/log/dmesg /var/log/dmesg.1.gz /var/log/dmesg.3.gz
/var/log/dmesg.0 /var/log/dmesg.2.gz /var/log/dmesg.4.gz
$ ls /var/log/syslog*
/var/log/syslog /var/log/syslog.3.gz /var/log/syslog.6.gz
/var/log/syslog.1 /var/log/syslog.4.gz /var/log/syslog.7.gz
/var/log/syslog.2.gz /var/log/syslog.5.gz
$ ls /var/log/kern.log*
/var/log/kern.log /var/log/kern.log.2.gz /var/log/kern.log.4.gz
/var/log/kern.log.1 /var/log/kern.log.3.gz
You can get a "mixture" of these logs using the dmesg command.
