Linux Security Log File locations for Web Servers

Posted on September 16, 2013

In lieu of my upcoming posts on Log Management, I thought I would start out with an important list of Linux System and Security log file locations. This is a good starting point for anyone needing to find system logs, or setup an external logging server. This should cover everything just about everything except specific PHP Domain Errors (which I will get into in a different post).

/var/log/message: General message and system related stuff
/var/log/auth.log: Authenication logs
/var/log/kern.log: Kernel logs
/var/log/cron.log: Crond logs (cron job)
/var/log/maillog: Mail server logs
/var/log/qmail/ : Qmail log directory (more files inside this directory)
/var/log/httpd/: Apache access and error logs directory
/var/log/php-fpm/error.log: PHP-FPM error logs
/var/log/nginx/error.log: NGINX access error logs
/var/log/nginx/access.log: NGINX access logs
/var/log/lighttpd: Lighttpd access and error logs directory
/var/log/boot.log : System boot log
/var/log/mysqld.log: MySQL database server log file
/var/log/secure: Authentication log
/var/log/utmp or /var/log/wtmp : Login records file
/var/log/yum.log: Yum log files

Contact Us

Have a question? Send us a message. We'll get back to you soon.