Linux Logs Explanation

-

*/var/log/syslog or /var/log/messages: general messages, as well as system-related information. Essentially, this log stores all activity data across the global system. Note that activity for Redhat-based systems, such as CentOS or Rhel, are stored in messages, while Ubuntu and other Debian-based systems are stored in Syslog.

* /var/log/auth.log or /var/log/secure: store authentication logs, including both successful and failed logins and authentication methods. Again, the system type dictates where authentication logs are stored; Debian/Ubuntu information is stored in /var/log/auth.log, while Redhat/CentrOS is stored in /var/log/secure.

*/var/log/boot.log: a repository of all information related to booting and any messages logged during startup.

*/var/log/maillog or var/log/mail.log: stores all logs related to mail servers, useful when you need information about postfix, smtpd, or any email-related services running on your server.

*/var/log/kern: stores Kernel logs and warning data. This log is valuable for troubleshooting custom kernels as well.

*/var/log/dmesg: messages relating to device drivers. The command dmesg can be used to view messages in this file.

*/var/log/faillog: contains information all failed login attempts, which is useful for gaining insights on attempted security breaches, such as those attempting to hack login credentials as well as brute-force attacks.

*/var/log/cron: stores all Crond-related messages (cron jobs), such as when the cron daemon initiated a job, related failure messages, etc.

*/var/log/yum.log: if you install packages using the yum command, this log stores all related information, which can be useful in determining whether a package and all components were correctly installed.

*/var/log/httpd/: a directory containing error_log and access_log files of the Apache httpd daemon. The error_log contains all errors encountered by httpd. These errors include memory issues and other system-related errors. access_log contains a record of all requests received over HTTP.

*/var/log/mysqld.log or /var/log/mysql.log : MySQL log file that logs all debug, failure and success messages. Contains information about the starting, stopping and restarting of MySQL daemon mysqld. This is another instance where the system dictates the directory; RedHat, CentOS, Fedora, and other RedHat-based systems use /var/log/mysqld.log, while Debian/Ubuntu use the /var/log/mysql.log directory.

* /var/log/daemon.log: tracks services running in the background that perform important tasks, but has no graphical output

*/var/log/btmp: recordings of failed login attempts

*/var/log/utmp: current login state, by user

*/var/log/wtmp: login/logout history

*/var/log/lastlog: information about the last logins for all users. This binary file can be read by command lastlog.

*/var/log/pureftp.log: runs the pureftp process that listens for FTP connections. All connections, FTP logins, and authentication failures get logged here

*/var/log/spooler: rarely used and often empty. When used, it contains messages from USENET

*/var/log/xferlog: contains all FTP file transfer sessions, including information about the file name and user initiating FTP transfers

Comments

Post a Comment

Popular posts from this blog

Static IP In Linux

-
  Configure a static IP address on CentOS 7 / RHEL 7 URL :-  How to configure a static IP address on CentOS 7 / RHEL 7 Path :-   cat /etc/sysconfig/network-scripts/ifcfg-enp0s3                      BOOTPROTO=static                             IPADDR=192.168.1.150                             NETMASK=255.255.255.0                             GATEWAY=192.168.1.1                               DNS=8.8.8.8 Path :-     cat /etc/resolv.conf                          # Generated by NetworkManager ...
Read more

Bash Script

-
  Introduction to the Bash Shell :- The Linux command line is provided by a program called the shell. File extension of .sh. ex:- example.sh #! /usr/bin/bash echo "Hello World" Provide execution rights to your user:- chmod u+x example.sh Run the script :- You can run the script in the following ways: ./example.sh How to define variables We can define a variable by using the syntax  variable_name=value . To get the value of the variable, add  $  before the variable. #!/usr/bin/bash # A simple variable example greeting=Hello name=Tux echo $greeting $name How to read user input #!/usr/bin/bash echo "Enter a numner" read a echo "Enter a numner" read b var = $(( a + b )) echo $var
Read more