When you face an issue on an Ubuntu server or desktop system, checking the log files is the key to understanding the cause. Log files are continuously maintained in the background and almost every error leaves a trace there.
On Ubuntu and all Debian-based systems, log files are usually located in the following directory:
/var/log/
Under this directory, you will find logs for different parts of the system.
/var/log/syslog
Records general system events. Hardware errors, network connections, and service startups appear here.
/var/log/auth.log
Contains authentication logs (login attempts, SSH connections, sudo usage).
/var/log/kern.log
Shows kernel-level errors and warnings.
/var/log/dmesg
Displays hardware-related boot messages and errors.
Example: to read the syslog file:
sudo less /var/log/syslog
To see only the last few lines:
sudo tail /var/log/syslog
To follow logs live as they come in:
sudo tail -f /var/log/syslog
On modern Ubuntu systems that use systemd, the journalctl command is also widely used:
sudo journalctl
To see the last 100 lines:
sudo journalctl -n 100
To check logs for a specific service, for example SSH:
sudo journalctl -u ssh
For example, to search for lines containing the word "error" in the logs:
sudo grep "error" /var/log/syslog
For a more detailed search using journalctl and grep together:
sudo journalctl | grep error
To understand why a service is not working
To detect security breaches
To identify hardware failures early
To analyze performance issues on your server
Turkey (Türkçe)
Worldwide (English)