Explore Linux logs and troubleshooting essentials with these practical, scenario-based questions. Assess your understanding of log file locations, key commands, and diagnostic steps often used by sysadmins to resolve issues in Linux environments.
Which file is commonly used to store general system messages in most Linux distributions, such as boot information and system startup logs?
Explanation: The /var/log/messages file typically contains general system messages, including boot and startup logs, on many Linux systems. /home/log/system.log is not a standard Linux log location and would only exist on custom systems. /usr/bin/logs is a non-existent path under normal configurations. /etc/syslogd is a configuration file directory, not a log file.
If you want to monitor the end of a log file in real time to watch new entries as they appear, which command would you use?
Explanation: The tail -f command allows you to follow a log file in real time, showing new lines as they are written. The cat -n command simply displays the file contents with line numbers, without real-time updates. The grep -r command searches recursively and is not suitable for real-time monitoring. Nano is a text editor, not a log monitoring tool.
When investigating repeated failed login attempts on a Linux system, which log file would typically provide detailed information about authentication events?
Explanation: The /var/log/auth.log file records authentication information, including successful and failed login attempts. /tmp/logins is not a standard log file and might be insecure. /etc/hosts configures hostname-to-IP mappings and contains no login data. /dev/auth is not a valid log file or device on standard systems.
If a background service is not starting as expected, which command would you commonly use to check the recent logs for that service managed by systemd?
Explanation: The journalctl command queries and displays logs collected by the systemd journal, including service errors and status messages. Logrotate manages log file rotation but does not display logs. Fdisk is used for disk partitioning, not log inspection. Mount is used to attach file systems, unrelated to log access.
Which command can help identify disk hardware errors by displaying kernel ring buffer messages relating to device failures or problems?
Explanation: The dmesg command displays kernel ring buffer messages, which often include disk hardware errors and other device-related information. Sudoers is a configuration file for sudo permissions, not a diagnostic command. Chmod is used to change file permissions, and lsusb lists USB devices but does not show kernel error messages.