# 🗂️ Log Management Reference

**Category:** All About Ubuntu  
**Last Updated:** May 14th, 2025

---

### 📌 Default Log File Locations

Most Linux systems (especially Debian/Ubuntu) store logs in these locations:

<table id="bkmrk-path-purpose-%2Fvar%2Flo"><thead><tr><th>Path</th><th>Purpose</th></tr></thead><tbody><tr><td>`/var/log/`</td><td>Main system log directory</td></tr><tr><td>`/var/log/syslog`</td><td>General system messages</td></tr><tr><td>`/var/log/auth.log`</td><td>Authentication (sudo, SSH, etc.)</td></tr><tr><td>`/var/log/kern.log`</td><td>Kernel messages</td></tr><tr><td>`/var/log/dmesg`</td><td>Boot-time hardware logs</td></tr><tr><td>`/var/log/ufw.log`</td><td>UFW firewall logs</td></tr><tr><td>`/var/log/fail2ban.log`</td><td>Fail2Ban logs</td></tr><tr><td>`/var/log/apache2/`</td><td>Apache logs</td></tr><tr><td>`/var/log/mysql/`</td><td>MySQL logs</td></tr><tr><td>`/var/log/journal/`</td><td>`systemd` journal logs (binary format)</td></tr></tbody></table>

> 💡 **Best Practice:** Custom scripts should log to `/var/log/your-script-name.log` for consistency and ease of monitoring.

---

### 🔎 How to Locate Log Files

---

#### 1. **Explore the `/var/log` directory**

```bash
ls -lah /var/log

```

---

#### 2. **Search for `.log` files**

- Search entire system:

```bash
sudo find / -type f -iname '*.log' 2>/dev/null

```

- Search recent `.log` files (modified in last day):

```bash
sudo find / -type f -iname '*.log' -mtime -1 2>/dev/null

```

---

#### 3. **Use `locate` for fast results**

```bash
sudo updatedb
locate '*.log'

```

---

#### 4. **Search config files for log paths**

```bash
grep -R --include='*.conf' -n '\.log' /etc

```

---

#### 5. **Live view or tail logs**

- Tail latest lines:

```bash
tail -n 50 /var/log/syslog

```

- Live follow:

```bash
tail -f /var/log/fail2ban.log

```

---

### 🔁 Log Rotation with `logrotate`

To prevent log files from growing indefinitely, configure rotation using files in:

```bash
/etc/logrotate.d/

```

---

#### ✅ Example: Correct Logrotate Format

**File:** `/etc/logrotate.d/fail2ban-ip-lookup`

```bash
/var/log/fail2ban-ip-lookup.log {
    su root root
    daily
    rotate 7
    compress
    missingok
    notifempty
    create 644 root root
}

```

- `su root root` ensures correct user/group even when run via cron.
- `daily` rotates logs each day.
- `rotate 7` keeps 7 old copies.
- `compress` gzips old logs.
- `notifempty` skips rotation if the file is empty.
- `create 644 root root` sets the new log file’s permissions and ownership.

---

### 🧪 Test &amp; Force Rotation

- **Dry run** of logrotate:

```bash
sudo logrotate -d /etc/logrotate.conf

```

- **Force rotate** a specific config:

```bash
sudo logrotate -f /etc/logrotate.d/fail2ban-ip-lookup

```

---

### 🧼 Clear Log File Without Deleting

Preserve file permissions:

```bash
sudo truncate -s 0 /var/log/your-log-file.log

```

---

### 📬 Optional: Email Alerts on Log Events

Example for alerting on high abuse score:

```bash
grep "Abuse Score: 100" /var/log/fail2ban-ip-lookup.log | mail -s "🔥 High Abuse Score Alert" you@example.com

```

---