Ubuntu Guide For Windows Users: View Logs With System Log Viewer

For the purpose of this guide and to help Windows users become familiar with Ubuntu, we'll look at two methods for viewing system and application related messages using a Terminal window and a graphical tool called System Log Viewer.

On Unix and Linux systems such as Ubuntu, the majority of System logs reside in the directory /var/log. The main logs are:

syslog - The primary system log that contains message log output from, daemons and other running programs such as cron, init, dhclient, and some kernel related messages. On Windows, this is similar to the System log found in the event Viewer that also includes Services (daemons on Ubuntu) and system related information.

dmesg - This log lists all boot-time kernel logging for a system. Also included are other kernel messages related to devices and module loading. dmesg log should be the first place to look for what types of devices were detected by the kernel at boot time as well as errors from the kernel when loading modules. A similar log known as ntbtlog.txt can be found on Windows if enabled after selecting Safe Mode during startup.

kern.log - Similar to dmesg that contain kernel logs, but includes timestamps.

messages - Also contains some kernel log messages, along with output from certain system programs and other programs such as gconfd (database of Gnome user settings).

daemon.log - Similar to messages found in syslog, but without log output from kernel or other system that log to syslog.

mail.log - if an email server is installed, any messages generated for the email application will log here.

apache - used for logs messages related to apache web server. On Windows IIS logs are found in Event Viewer.

The default view displays a sidebar on the left listing several system logs with the selected log contents displayed in the right window pane. What I like about System Log Viewer is that you can easily select a date to view logs, instead of showing all dates as one listing. Also by default, message are updated in real time, but you can disable this by un-checking Monitor from the View menu.

If you want to add a log, for example dmesg, just select File \ Open and in the Open Log window, select the dmesg log file from /var/log directory. If you are looking for a specific message, you can filter searches by pressing Ctrl + F and the search box will appear at the bottom of the main window.

System Log Viewer is handy for users just starting out with Ubuntu and is easy to use when connected to the Console. But what if you are connected to a Terminal window locally or remotely via an SSH connection? You can easily view system and application logs from a Terminal session using several commands.

Let's look at the dmesg log file using the less command. At the prompt type:

less /var/log/dmesg

After typing the above command, you will be in an edit type mode, where you can use the up and down arrow keys to scroll through the log. Hit G (Shift + G) and you will scroll down to the bottom of the log, or use g to go to the top. Type F (Shift + F) and the less command will update (append) the log in real time as messages occur.

To search, type / followed by the keyword or phrase you are looking for. Search will highlight the keyword and you can type n to advance to the next match or N (Shift + N) to go back to the previous match.

Many other commands can be used, such as grep, cat, more, tail and others for viewing log files. This guide is kept simple to help Windows users switching over to Ubuntu to find and view system information for troubleshooting or just checking the Operating System health.