Jul 102015

This is a re-post of the original article byJason SkowronskiAmy Echeverri and Sadequl Hussain first posted on http://www.loggly.com

Linux Logging Basics

First we’ll describe the basics of what Linux logs are, where to find them, and how they get created. If you already know this stuff, feel free to skip to the next section.

Linux System Logs

Many valuable log files are automatically created for you by Linux. You can find them in your /var/log directory. Here is what this directory looks like on a typical Ubuntu system:


Some of the most important Linux system logs include:

  • /var/log/syslog or /var/log/messages stores all global system activity data, including startup messages. Debian-based systems like Ubuntu store this in /var/log/syslog. RedHat-based systems like RHEL or CentOS store this in /var/log/messages.
  • /var/log/auth.log or /var/log/secure stores logs from the Pluggable Authentication Module (pam) including successful logins, failed login attempts, and authentication methods. Ubuntu and Debian store authentication messages in /var/log/auth.log. RedHat and CentOS store this data in /var/log/secure.
  • /var/log/kern stores kernel error and warning data, which is particularly helpful for troubleshooting custom kernels.
  • /var/log/cron stores information about cron jobs. Use this data to verify that your cron jobs are running successfully.

Continue reading »

Flattr this!

Nov 012011

sshguardI’ve already talked about fail2ban and logcheck, 2 tools that can scan your logs and do actions, based on rules that you can give/modify, usually modify your iptables rules to stop active attacks against your server or simply send you a warning if some thing is found in the logs.

Today we’ll see a similar tool, sshguard, it is different from the other two in that it is written in C, so it’s uses less memory and CPU while running, but still achiving the same results.
Continue reading »

Flattr this!