Learn how to read and act on the files under /var/log to diagnose Linux problems quickly. 15.11.2025 | reading time: 2 min When a service fails or the system behaves oddly, the first place an administrator checks is /var/log; these files record kernel events, daemons and application messages and tell the story of what happened. Start by listing and tailing Tell: show the files and read the newest entries to get immediate clues; do: list the directory and inspect the active system log with a live tail: ```bash\n$ ls -l /var/log | head -n 8\n-rw-r----- 1 root adm 0 Aug 10 09:01 boot.log\n-rw-r----- 1 root adm 524 Aug 10 12:45 syslog\n$ sudo tail -n 50 /var/log/syslog\nAug 10 12:34:56 myhost systemd[1]: Started Network Manager.\nAug 10 12:35:01 myhost myservice[1234]: ERROR: failed to bind socket\n``` Chase older or compressed logs Do not stop at the latest file: rotated logs live as .gz and must be searched too; example commands include `zgrep` for compressed archives and `grep -i` for case-insensitive search, for instance use `zgrep -i "error" /var/log/syslog.*.gz` to find older occurrences. Permissions, timestamps and context Tell: logs are often owned by root and readable by adm or syslog groups, so use sudo when necessary; pay attention to timestamps and host tags in entries, correlate related logs (kernel, daemon, auth) and note that time skew or timezone mismatches can mislead the timeline. Other tools that add value Do more than plain file reads: `journalctl` gives unified access to systemd journals, `ausearch` can find auditd events, and `logrotate` handles retention and compression; combine these tools to build a repeatable troubleshooting workflow. Wrap up and next steps Reading /var/log is the most direct way to see what the system reports; practice by reproducing faults, reading related logs and scripting common searches to save time, and consider deepening certification knowledge with courses and exam preparation such as CompTIA Linux+ or LPIC-1 through bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. filesystem utilities troubleshooting security
