NetSeven
 My control panel
 Return to article list

The logger Linux utility

Published:  02/04/2026 15:00

Introduction

The logger system utility has been around since the 90s but is rarely used in practice.

Its main use case is for scripts or adding your own entries in the system log for the record or future review.

System logs

We'll have another article in the future regarding journalctl and modern Linux system logging.

For the time being we can consider two places where logging occurs:

  • /var/log/syslog or /var/log/messages — Depending on the distribution — Holds file based logging on "older" distributions;
  • journald handles system logging for systemd based Linux systems; Some distributions also copy output to /var/log/syslog.

Querying the modern system logs is done using the journalctl utility which roughly works like so:

# Follow live output for everything:
journalctl -f

# Get the last 200 lines of log for everything:
journalctl -n 200

# List log messages starting from today:
# --since also supports various date formats
journalctl --since today

The command uses a pager by default that can be removed using --no-pager.

Using logger

By default, logger will output to syslog using your current user name and current PID of your shell as the identifier.

Systemd also saves the priority level and "facility" for messages (the second is not relevant to what we're doing here in our opinion). The default priority being notice.

logger "Some message to add to system logs"
echo "We can also pipe output to logger" | logger

With the following results:

Apr 02 13:42:39 my-server my-user[49112]: Some message to add to system logs
Apr 02 13:42:39 my-server my-user[49114]: We can also pipe output to logger

Priority

We can specify the priority of the message using the -p option with one of these text values:

  • emerg — The worst level ("emergency");
  • alert;
  • crit;
  • err — Level err and above show as red in the journalctl output;
  • warning — Appears in yellow in journalctl output;
  • notice — Default log level;
  • info;
  • debug;

We provide priority levels like so:

logger -p alert "Something went wrong"
logger -p warning "Something went moderately wrong"
logger -p info "Now working fine"

These show as different color in modern journalctl output:

colored output for the 3 messages, first is red, second yellow, third white

Tagging messages

A very important option is -t as it will tag messages to help identify where they came from instead of the default being your current user name.

For instance:

logger -t "MY_SCRIPT" "Notification"

Will yield:

Apr 02 14:31:45 my-server MY_SCRIPT[53636]: Notification

The journalctl command also has a -t option to filter by tag.

The option also works fine on older systems.

Other interesting options

  • -s — Also outputs to standard error. Quite frankly easier to do than using output redirection;
  • -f <FILE> — Logs to content of the file given as argument with a default size limit of 1024 bytes, logging each line individually including empty lines;
  • -e — Often combined with the previous option to avoid logging empty lines;

Permissions

Writing to syslog is almost always allowed for any and all users because it goes through the special device /dev/log which should be writable by all.

However, reading the system logs often requires permissions.

Some distribution have a special group that is allowed to query journalctl.

Logging to both standard output and syslog

Since logger is mostly useful in scripting, here's a quick function to duplicate logging to standard output and syslog:

#!/bin/sh
 
log_msg() {
  echo "$@"
  logger -t "MY_SERVICE" "$@"
}
 
log_msg "Starting script..."
log_msg "Script finished."

Happy logging.

Comments

Loading...