There are differences in the path and contents of the log files depending on the Linux type and version. Check "/etc/syslog.conf" or "/etc/rsyslog.conf" to get a detailed view of the logs that your Linux system is handling.
Log file | Description |
/var/log/demesg /var/log/boot.log | System booting related logs. |
/var/log/cron | Cron related logs. |
/var/log/messages | General system logs including execution status of the daemon. |
/var/log/secure | Authentication related logs including remote access. |
/var/log/auth.log | System authentication log such as login. |
/var/log/daemon.log | Background daemon related logs. |
/var/log/yum.log | Yum utility related logs. |
/var/log/lastlog | Users' recent login information logs. |
/var/log/maillog | Mail related logs.
* sendmail, qmail, ipop, imap etc.
|
/var/log/xferlog | FTP related logs.
* proftpd, vsftpd etc.
|
/var/log/wtmp /var/log/wtmpx | User log-in, log-out, system shutdown, booting logs.
* "last" command shows this file's contenents.
|
/var/run/utmp /var/run/utmpx | Current logged-in users logs..
* "who", "w", "whodo", "users", "finger" commands show this file's contents.
|
/var/log/btmp | Log-in fail related logs.
* "lastb" command shows this file's contents.
|
/var/log/account/acct /var/log/account/pacct | User inputted command and time logs.
* "lastcomm" command shows this file's contents.
|
/var/log/lastlog | Users' last login time and host related logs.
* "lastlog" command shows this file's contents.
|
/run/adm/sulog | su command related logs. |
/run/log/journal | Journal logs. It stores all system events in binary format.
* The journal log is removed when system reboot.
* "journalctl" command shows this file's contents.
* It is operated by the "systemd-journald" service and has nothing to do with "rsyslogd".
|
FYI.
# logger -p authpriv.crit "hello" : How to leave a trace intentionally in the log file reflected in rsyslog.