The Linux Boot Process and System Logging
The Linux Boot Process

In this course, you'll learn about the essentials of the Linux boot process including BIOS, the boot loader, the Linux kernel, and runlevels. Then you'll watch a demonstration that walks you through the Linux boot process.

Then we'll look at system logging, covering the syslog standard, facilities, and severities, syslog servers, logging rules, how to determine what files are used for which messages, how to generate your own log messages, and how to automatically rotate log files.

This course is part of the Linux Administration Bootcamp learning path, designed to get you up and running with Linux.

Learning Objectives

  • Understand the key aspects of the Linux boot process
  • Learn how to carry out logging in Linux

Intended Audience

  • Anyone with basic knowledge of Linux who wants to learn more
  • Professionals who want to learn more about Linux to enhance their career prospects


This is an intermediate-level course so some knowledge of Linux is expected. If you're just starting out, then try our Linux Fundamentals course first.


In this lesson, you'll learn about the Linux boot process. You'll learn about the BIOS, the boot loader, the Linux kernel, and runlevels. BIOS stands for Basic Input/Output System. It's a special type of firmware used in the booting process, and it's the first piece of software that is run when a computer is powered on. The BIOS is operating system independent. Its primary purpose is to test the underlying hardware components and to load a boot loader or operating system. The BIOS performs a POST, which stands for Power-On Self Test. The POST perform some basic checks of various hardware components, such as the CPU, memory, and storage devices. Only if the POST succeeds will the BIOS attempt to load the boot loader.

The BIOS contains a list of boot devices such as hard disks, a DVD drive, USB devices, and others depending on the hardware being used. The BIOS searches that list for a bootable device in the order specified. You can change this order by interrupting the boot sequence and entering into the configuration for the BIOS. The key combination used to do this will vary from one hardware manufacturer to another. Once a bootable device has been found, the BIOS will run the boot loader. Typically the GRUB boot loader will be used, but you may run into some older Linux systems that still use the LILO boot loader. LILO stands for Linux Loader, while GRUB stands for Grand Unified Bootloader.

In any case, the primary purpose of the boot loader is to start the operating system. Typically you will see a message, or a series of messages from the boot loader, that will allow you to interrupt the boot process and interact with a boot loader. If there are multiple operating systems installed, you can tell the boot loader which operating system to run. You can also tell the boot loader to pass different boot options to the operating system. The initial RAM disk, abbreviated initrd, is a temporary file system that's loaded into memory when the system boots. This file system can contain helpers that perform hardware detection and load the necessary modules, sometimes called drivers, to get the actual file system mounted. For example, if the root file system is stored on an LVM volume or Logical Volume Manager volume, the initrd image will contain the kernel modules required to mount that logical volume as the root file system.

Once the initrd mounts the actual root file system, its job is done and the operating system continues loading from the real root file system. The Linux kernel, the initial RAM disk, and other files needed to boot the operating system are stored in /boot. Here's a listing of the /boot directory for an Ubuntu system. The kernel is typically named vmlinux or vmlinuz. If the kernel is compressed, its name ends in Z. In this example, the kernel is vmlinuz-3.13.0-46-generic. The initial RAM disk in this example is initrd.img-3.13.0-46-generic. The kernel ring buffer contains messages related to the Linux kernel. A ring buffer is a data structure that is always the same size. Once the buffer is completely full, old messages are discarded when new messages arrive.

To see the contents of the kernel ring buffer, use the dmesg command, spelled D-M-E-S-G. On most Linux distributions, these messages are also stored on disk in the /var/log/dmesg's file. Between the dmesg command and the /var/log/dmesg log file, you will be able to see the messages the kernel is generating, even during the earliest stages of the boot process when those messages can quickly fly by your screen on boot up. Linux uses runlevels to determine what processes and services to start. Each distribution can be configured differently, but in general, runlevel zero is used to power off a system, runlevel one is single user mode, runlevels two through five are for normal system operations, and runlevel six is used to reboot a system.

Traditionally, runlevels were controlled by the init program. The init configuration was stored in /etc/inittab. To change the default runlevel using init, you would edit the /etc/inittab file and set the runlevel number on the initdefault line. Here's an example of setting runlevel three to be the default run level. However, init alternatives such as systemd and upstart are quickly taking the place of init, with systemd currently being the most widely adopted replacement. Instead of runlevel, systemd has the concept of targets. These targets are roughly equivalent to runlevels. To see the list of available targets, look in /lib/systemd/system. You'll notice the runlevel targets are actually symlinks to the real targets being used. For example, is a symlink to To change the default runlevel, or target, with systemd, use the systemctl command followed by set-default and finally the desired target.

Optionally, you can manually create a symlink to the desired target from the etc/systemd/system file. This example sets the default target to be graphical which is equivalent to run level five. With the init system, you can change run levels using the telinet command. Simply supply the run level you want to change to to the telinet command. To change the target to run level equivalent for systemd, use the systemctl command followed by isolate and finally the desired target. Here's how to change to the graphical target. Even though there is a run level for rebooting, or target for rebooting if you're using systemd, you can also use the reboot or shutdown commands. Here's how to reboot with init, telinet space 6.

To reboot with systemd, use the systemctl command, systemctl space isolate space To reboot using the reboot command, simply execute reboot. The format of the shutdown command is shown on your screen. The option to tell shutdown to perform a reboot is -r. You can specify the time to shut down using the hour, hour, minute, minute format. You can also use plus n, where n represents the number of minutes to wait before performing the action.

Finally, you can use the now keyword to start immediately. You may also specify a wall message that will be broadcast to all users logged into the system. A simple way to reboot the system is to run shutdown space -r space now. To power off a system use run level zero, the power off target, or the power off command. Again, using init, you can run telinet 0 and with systemd, run systemctl isolate, or finally the easiest way to do it is simply to run the poweroff command.

In this lesson you learned about the Linux boot process. You learned that the job of the BIOS is to perform basic hardware checks and to start the boot loader from a bootable device. You learned about the two most commonly used boot loaders, LILO and GRUB. The primary job of the boot loader is to start the operating system. You also learned that the files required to boot a Linux system are stored in the /boot directory. The initial RAM disk, or initrd, is a temporary file system that is loaded into memory. Its main job is to mount the file system where the operating system is stored.

The Linux kernel is typically named vminux, or if it's compressed, vmlinuz. You learned how to view the messages in the kernel ring buffer by using the dmesg command or by examining the var/log/dmesg's file. You also learned about runlevels and how systemd has an equivalent concept known as targets. You learned to change the runlevel with a telinit command for the traditional init system, and the systemctl command for the systemd system. Finally, you learned about the shutdown, reboot and poweroff commands.

About the Author
Learning Paths

Jason is the founder of the Linux Training Academy as well as the author of "Linux for Beginners" and "Command Line Kung Fu." He has over 20 years of professional Linux experience, having worked for industry leaders such as Hewlett-Packard, Xerox, UPS, FireEye, and Nothing gives him more satisfaction than knowing he has helped thousands of IT professionals level up their careers through his many books and courses.

Covered Topics