Logs are a good way to pin point issues or security breaches. You can configure what is logged by editing the /etc/rsyslog.conf file. The priority of the message will determine which file the logged text is going to be written to. There are 9 priorities that you should be familiar with. The priorities are none, debug, info, notice, warn, err, crit, alert, emerg where debug is the lowest priority and emerg is the highest and none means not to log anything. .
In order to assure that your logs are being written you need to make sure that the rsyslog service is running. You can do this by running the following.
service rsyslog status
The above command will inform you if the rsyslog is running or stopped. If its stopped you can start it using the following.
service rsyslog start
To make sure that rsyslog is started each time your system is booted you can run the following.
chkconfig rsyslog on
Locating Log Files
Your log files can be found in the /var/log directory. Here you will see a list of different log files each with a different purpose. You can familiarize yourself with each log by reading through the /etc/rsyslog.conf file. Below are some examples I often check.
Log Files
/var/log/messages = Logs anything of the info level or higher except for mail and authentication messages.
/var/log/secure = Logs all of the authentication attempts on the server.
/var/log/cron = Logs all cron related information.
/var/log/maillog = Logs all mail messages.
/var/log/boot.log = Logs boot related messages.
Post By: Frank Perez | Add to favorites
mducanada
Thursday, October 18, 2012
see also :
1.utmpdump /var/log/wtmp
(if you do it with vi, the file won’t be human readable)
2. dmesg
to print all boot messages