Can someone please tell me how and where to read the log files on my server? Im runnng web host manager and Cpanel, I tried to read the the log that was in Var/Log when I downloaded it and tried to view it I got a bunch of giberish, how do I do it?

What is it that you are trying to accomplish? Are you trying to sort it per user? Sort it per day? Just keep backups? Calculate transfer?

I just want to read them, I want to see stuff like server errors, who is accessing my server etc.. I tried downloading some 9 MB file called "lastrun" then I tried to read it and and it was a bunch of jibberish.
Where are my log files located? which directory? what is the filename? do I need to rename it or do anything special to read them?

Thanks

Error logs are generally in /etc/httpd/logs/error_log.
Mail logs are generally in /var/log/maillog or /var/log/exim_mainlog, depending on what you use. You should look at /etc/httpd/logs and /var/log to see what's in there, as those are the main places your log files will wind up.

To read them, you can do a
cat (filename)
more (filename)
tail (filename) ( add a -f for constant refreshes, very handy is you're troubleshooting, say, an email issue.)

Originally posted by Annette
Error logs are generally in /etc/httpd/logs/error_log.
Mail logs are generally in /var/log/maillog or /var/log/exim_mainlog, depending on what you use. You should look at /etc/httpd/logs and /var/log to see what's in there, as those are the main places your log files will wind up.

To read them, you can do a
cat (filename)
more (filename)
tail (filename) ( add a -f for constant refreshes, very handy is you're troubleshooting, say, an email issue.)

In many systems, /var/log/messages is the key one or /var/adm/messages.

Yep. They are everywhere. Since we don't know what type of system he's running, or what he's after, it's really hard to say - better to give a broad picture, eh? We could pile on him with all the various logfiles we've encountered in our travels - what do you say? :)

Originally posted by Annette
Yep. They are everywhere. Since we don't know what type of system he's running, or what he's after, it's really hard to say - better to give a broad picture, eh? We could pile on him with all the various logfiles we've encountered in our travels - what do you say? :)

lol agreed...

What OS are you running DOOD? :D

Thanks for the info!
Im running linux 6.2 and basically I want to look at my logs for a few reasons, to troubleshoot script errors, and also to learn how to read them, I have never read server logs before.. its all new to me, I want to learn how to read them so if someday someone hacks my server I can look at the logs and find out who did how they did it and try do take steps to prevent it in the future...

It must be alot different for Unix because Im looking at unix system right now and I dont see any of the paths you mentioned madman ( var/log/messages ) but i do see var/log/syslog

or anything you mentioned Annette ( etc/http -- http dir doesnt even exist on this server)

I will check out all these paths on my box though ( my linux box ) and thanks again for the info.

Even the most vanilla linux/apache installs should have /etc/httpd (note the 'd'). You should also check under /usr/local/apache/logs as well, since some installations separate secure call error logs from generics. Here are some examples of where logs can be - this listing is from a system running linux 6.2, cPanel, WHM, Exim:

root@ [/etc/httpd/logs]# ls -la
total 37512
drwxr-xr-x 2 root root 4096 Jun 7 10:35 ./
drwxr-xr-x 13 root root 4096 Jun 3 08:23 ../
-rw-r--r-- 1 root root 1494098 Jun 7 11:13 access_log
-rw-rw-r-- 1 root root 36085556 Jun 7 11:13 error_log

root@ [/var/log]# ls -la
total 105204
drwxr-xr-x 11 root root 4096 Jun 3 04:02 ./
drwxr-xr-x 24 root root 4096 Jun 6 04:29 ../
drwxr-xr-x 3 root root 4096 May 3 00:00 bandwidth/
-rw-r--r-- 1 root root 10464 Jun 7 10:42 boot.log
-rw-r--r-- 1 root root 10840 Jun 2 22:36 boot.log.1
-rw-r--r-- 1 root root 15131 May 27 01:54 boot.log.2
-rw-r--r-- 1 root root 10986 May 21 00:36 boot.log.3
-rw-r--r-- 1 root root 0 May 6 04:02 boot.log.4
-rw-rw-r-- 1 root root 413783 Jun 7 11:13 chkservd.log
-rw------- 1 root root 919216 Jun 7 11:14 cron
-rw------- 1 root root 1421364 Jun 3 04:02 cron.1
-rw------- 1 root root 1171419 May 27 04:02 cron.2
-rw------- 1 root root 1498763 May 21 04:02 cron.3
-rw------- 1 root root 1360087 May 13 04:02 cron.4
-rw-r--r-- 1 root root 5157 May 26 10:41 dmesg
-rw-r----- 1 root root 2855428 Jun 7 11:11 exim_mainlog
-rw-r----- 1 root root 3193438 Jun 3 04:02 exim_mainlog.1
-rw-r----- 1 root root 1213857 May 27 04:02 exim_mainlog.2
-rw-r----- 1 root root 733871 May 21 04:02 exim_mainlog.3
-rw-r----- 1 root root 408585 May 13 04:02 exim_mainlog.4
-rw-r----- 1 root root 0 Jun 3 04:02 exim_paniclog
-rw-r----- 1 root root 0 May 27 04:02 exim_paniclog.1
-rw-r----- 1 root root 0 May 21 04:02 exim_paniclog.2
-rw-r----- 1 root root 0 May 13 04:02 exim_paniclog.3
-rw-r----- 1 root root 0 May 6 04:02 exim_paniclog.4
-rw-r----- 1 root root 71944 Jun 7 11:09 exim_rejectlog
-rw-r----- 1 root root 81793 Jun 3 03:32 exim_rejectlog.1
-rw-r----- 1 root root 27733 May 27 03:43 exim_rejectlog.2
-rw-r----- 1 root root 16617 May 20 19:42 exim_rejectlog.3
-rw-r----- 1 root root 7574 May 12 20:56 exim_rejectlog.4
drwxr-xr-x 2 root root 4096 Feb 3 2000 fax/
-rw-r--r-- 1 root root 0 Apr 20 2000 htmlaccess.log
drwxr-xr-x 2 root root 4096 Jun 3 04:02 httpd/
-rw-r--r-- 1 root root 6354 Jun 6 07:37 kernel.messages
-rw-r--r-- 1 root root 9402400 Jun 7 11:13 lastlog
-rw------- 1 root root 10580341 Jun 7 11:14 maillog
-rw------- 1 root root 14656226 Jun 3 04:01 maillog.1
-rw------- 1 root root 5771082 May 27 04:01 maillog.2
-rw------- 1 root root 3904519 May 21 04:01 maillog.3
-rw------- 1 root root 2896550 May 13 04:01 maillog.4
-rw------- 1 root root 13 Jun 7 04:02 maillog.offset
-rw------- 1 root root 5415403 Jun 7 11:14 messages
-rw------- 1 root root 8392643 Jun 3 04:02 messages.1
-rw------- 1 root root 3339281 May 27 04:02 messages.2
-rw------- 1 root root 1487859 May 21 04:02 messages.3
-rw------- 1 root root 1166155 May 13 04:02 messages.4
-rw------- 1 root root 13 Jun 7 04:02 messages.offset
-rw-r--r-- 1 root root 0 Jun 1 04:02 netconf.log
-rw-r--r-- 1 root root 0 May 3 04:02 netconf.log.1
-rw-r--r-- 1 root root 0 Apr 20 2000 netconf.log.2
drwxrwxr-x 3 news news 4096 Apr 20 2000 news/
-rw------- 1 root root 0 Feb 3 2000 pacct
drwx------ 2 root root 4096 Mar 6 2000 phhttpd/
drwx------ 2 root root 4096 May 7 21:25 samba/
-rw------- 1 root root 0 Feb 3 2000 savacct
-rw------- 1 root root 3087891 Jun 7 11:14 secure
-rw------- 1 root root 3217196 Jun 3 04:00 secure.1
-rw------- 1 root root 1946329 May 27 04:01 secure.2
-rw------- 1 root root 1982535 May 21 04:01 secure.3
-rw------- 1 root root 785815 May 13 04:00 secure.4
-rw------- 1 root root 13 Jun 7 04:02 secure.offset
-rw-rw-r-- 1 root root 1037548 Jun 7 11:11 sendmail.log
-rw------- 1 root root 0 Jun 3 04:02 spooler
-rw------- 1 root root 0 May 27 04:02 spooler.1
-rw------- 1 root root 0 May 21 04:02 spooler.2
-rw------- 1 root root 0 May 13 04:02 spooler.3
-rw------- 1 root root 0 May 6 04:02 spooler.4
drwxr-x--- 2 squid squid 4096 Feb 14 2000 squid/
-rw------- 1 root root 0 Feb 3 2000 usracct
drwxr-xr-x 2 uucp uucp 4096 Apr 20 2000 uucp/
drwxr-xr-x 2 root root 4096 Mar 7 2000 vbox/
-rw-rw-r-- 1 root utmp 4784640 Jun 7 11:13 wtmp
-rw-rw-r-- 1 root utmp 17362944 Jun 1 05:01 wtmp.1
-rw------- 1 root root 14823 May 25 07:13 xferlog
-rw------- 1 root root 0 Apr 20 2000 xferlog.1

root@ [/usr/local/apache/logs]# ls -la
total 37516
drwxr-xr-x 2 root root 4096 Jun 7 10:35 ./
drwxr-xr-x 13 root root 4096 Jun 3 08:23 ../
-rw-r--r-- 1 root root 1494171 Jun 7 11:14 access_log
-rw-rw-r-- 1 root root 36088213 Jun 7 11:15 error_log
-rw-r--r-- 1 root root 6 Jun 7 10:35 httpd.pid
-rw-rw-r-- 1 root root 769813 Jun 7 10:35 ssl_engine_log

And so on. As you can see, there is a wealth of information logged by the system, in the event you need to troubleshooting script errors, mail issues, or antyhing else related to the operation of the server.