What
is System Logging ?
n
An
important part of maintaining a secure system is keeping track of the
activities that take place on the system. If you know what usually happens,
such as understanding when users log into your system, you can use log files to
spot unusual activity
n
Two main logging daemons
l klogd :The
kernel log daemon service logs kernel messages and events
l syslogd :The
syslog daemon logs all other process activity. You can use the log files that
syslogd generates to track activities on your system
Log Files
n
/var/log/dmesg : Kernel log messages
n
/var/log/messages : Standard system error messages
n
/var/log/maillog : Mail System messages
n
/var/log/secure : Security, authentication, and xinetd messages
utmpdump
/var/log/wtmp
