On systems using systemd, such as Fedora => 15, Ubuntu (Server and Desktop) >= 15.04, and RHEL/CentOS >= 7:
systemctl status [servicename]
[servicename] is the service in question; for example,
systemctl status sshd.
This will show basic status information and any recent errors logged.
You can see further errors with
journalctl. For example,
journalctl -xe will load the last 1000 logged into a pager (like
less), jumping to the end. You can also use
journalctl -f, which will follow log messages as they come in.
To see logs for a particular service, use the
-t flag, like this:
journalctl -f -t sshd
Other handy options include
-p for priority (
-p warnings to see only warnings and above),
-b for "since last boot", and
-S for "since" — putting that together, we might do
journalctl -p err -S yesterday
to see all items logged as errors since yesterday.
If journalctl is not available, or if you are following application error logs which do not use the system journal, the
tail command can be used to show the last few lines of a file. A useful flag for tail is
-f (for "follow"), which causes tail continue showing data as it gets appended to the file. To see messages from most services on the system:
tail -f /var/log/messages
Or, if the service is privileged, and may log sensitive data:
tail -f /var/log/secure
Some services have their own log files, a good example is
auditd, the linux auditing daemon, which has its logs stored in
/var/log/audit/. If you do not see output from your service in
/var/log/messages try looking for service specific logs in