March 29, 2018

Linux log files

There are differences in the path and contents of the log files depending on the Linux type and version. Check "/etc/syslog.conf" or "/etc/rsyslog.conf" to get a detailed view of the logs that your Linux system is handling.

Log fileDescription
/var/log/demesg
/var/log/boot.log
System booting related logs.
/var/log/cronCron related logs.
/var/log/messagesGeneral system logs including execution status of the daemon.
/var/log/secureAuthentication related logs including remote access.
/var/log/auth.logSystem authentication log such as login.
/var/log/daemon.logBackground daemon related logs.
/var/log/yum.logYum utility related logs.
/var/log/lastlogUsers' recent login information logs.
/var/log/maillogMail related logs.
* sendmail, qmail, ipop, imap etc.
/var/log/xferlogFTP related logs.
* proftpd, vsftpd etc.
/var/log/wtmp
/var/log/wtmpx
User log-in, log-out, system shutdown, booting logs.
* "last" command shows this file's contenents.
/var/run/utmp
/var/run/utmpx
Current logged-in users logs..
* "who", "w", "whodo", "users", "finger" commands show this file's contents.
/var/log/btmpLog-in fail related logs.
* "lastb" command shows this file's contents.
/var/log/account/acct
/var/log/account/pacct
User inputted command and time logs.
* "lastcomm" command shows this file's contents.
/var/log/lastlogUsers' last login time and host related logs.
* "lastlog" command shows this file's contents.
/run/adm/sulogsu command related logs.
/run/log/journalJournal logs. It stores all system events in binary format.
* The journal log is removed when system reboot.
* "journalctl" command shows this file's contents.
* It is operated by the "systemd-journald" service and has nothing to do with "rsyslogd".

FYI. 
# logger -p authpriv.crit "hello" : How to leave a trace intentionally in the log file reflected in rsyslog.