Where to find Stored Syslog Messages

When it comes to Syslog messages in Linux it’s important to know that they are handled by two services:

  • systemd-journald daemon - gathers all the messages from the kernel including boot processes, error of daemons, standard outputs, and also forward some messages to rsyslog service.
  • rsyslog service - sorting the messages by priority and type and providing logs in the /var/log directories. Here I’m gonna list all types of syslog messages and where you can find them.


Subdirectories stored by the Syslog Messages

There are different subdirectories stored by the syslog messages depending on what kind of messages and information you need:

  • /var/log/messages - contains all kind of syslog messages except the below ones
  • /var/log/secure - only security and auth related messages and errors
  • /var/log/maillog - this subdirectory is aimed to provide mail server based messages and errors
  • /var/log/cron - stores logs messages and errors for scheduled cron jobs which are periodically executed
  • /var/log/boot.log - all kinds of logs related to the system startup


If you have any specific concerns or questions for all these different kinds of syslog messages don't hesitate to put a comment below.