CodeClarityLab / Glossary
Ctrl K
← CodeClarityLab Home
Browse by Category
+ added · updated 7d
⚖ Terms of Use
← Back to glossary

Linux Log Files

linux Intermediate

Also Known As

syslog journald logrotate journalctl /var/log

TL;DR

Log locations, rotation, and analysis tools on Linux — /var/log/ structure, journald, logrotate, and essential log analysis commands.

Explanation

Key log locations: /var/log/syslog or /var/log/messages (system events), /var/log/auth.log (authentication), /var/log/nginx/ (web server), /var/log/php/ (PHP errors), /var/log/mysql/ (database). journald stores logs in binary format — use journalctl to query. logrotate manages log rotation: compresses old logs, deletes aged logs, and signals services to reopen log files. Essential commands: tail -f (live follow), grep -i error, awk for field extraction, zcat/zgrep for compressed rotated logs.

Common Misconception

Application logs are automatically rotated — logrotate must be explicitly configured per application; PHP error logs and nginx access logs grow unboundedly without rotation config.

Why It Matters

A server with no log rotation fills its disk with logs, causing all applications to crash — and without log visibility, diagnosing incidents is impossible.

Common Mistakes

  • PHP error_log pointing to a file without logrotate config — grows to gigabytes over months.
  • Not configuring postrotate in logrotate to signal PHP-FPM to reopen logs — continues writing to the renamed file.
  • Grepping uncompressed current log instead of all rotated logs — misses historical events.
  • Not knowing journalctl --since 'yesterday' for time-filtered system logs.

Code Examples

✗ Vulnerable 
# No logrotate for PHP app — log grows unbounded:
; php.ini:
error_log = /var/log/php/app.log
; 6 months later: app.log = 47GB
; Server disk: 100% full
; All services crash
✓ Fixed 
# /etc/logrotate.d/php-app:
/var/log/php/app.log {
    daily
    rotate 14         # Keep 14 days
    compress          # gzip old logs
    delaycompress     # Keep yesterday uncompressed for tail
    missingok
    notifempty
    create 0640 www-data adm
    postrotate
        # Signal PHP-FPM to reopen log file:
        /bin/kill -USR1 $(cat /run/php-fpm.pid 2>/dev/null) 2>/dev/null || true
    endscript
}

# Query recent errors:
journalctl -u php-fpm --since '1 hour ago' | grep -i error
grep -r 'Fatal error' /var/log/php/
Added 16 Mar 2026
Edited 22 Mar 2026
Views 33

Curated in Warsaw under one editorial standard. 1,445 terms, single voice.  About this reference →

Rate this term
No ratings yet
🤖 AI Guestbook educational data only
| |
Last 30 days
0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 0 pings F 0 pings S 0 pings S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 2 pings S 0 pings S 1 ping M 0 pings T 1 ping W 0 pings T 1 ping F 0 pings S 1 ping S 0 pings M 0 pings T 0 pings W 0 pings T 1 ping F 1 ping S
Agents 1
Amazonbot 9 Perplexity 4 Google 3 Unknown AI 3 Ahrefs 2 SEMrush 2
Also referenced
Linux Processes 74 Three Pillars of Observability 26 Structured Logging 22 Linux File System Hierarchy 21
How they use it
crawler 21 crawler_json 1 pre-tracking 1
Related categories
devops 1.1k observability 986 linux 507
DEV INTEL Tools & Severity
🟠 High ⚙ Fix effort: Low
⚡ Quick Fix
Configure logrotate for all PHP application log files — without rotation, logs fill the disk and cause PHP to stop logging silently or crash the server
📦 Applies To
any web cli
🔗 Prerequisites
🔍 Detection Hints
PHP error log without logrotate config; large application log files consuming disk; no disk space alerts before log fills disk
Auto-detectable: ✓ Yes logrotate datadog prometheus-node-exporter
⚠ Related Problems
🤖 AI Agent
Confidence: Medium False Positives: Medium ✗ Manual fix Fix: Medium Context: File
CWE-312 CWE-532
✓ schema.org compliant