Let us point the solution straight away! You have an immediate solution to solve both software and security issues by checking the server logs. Few services like application run, services, kernel and webserver some kind of events will occur possibly. An administrator role is to keep an eye on those events without fail. So, to keep a record of all those event activities some applications should help administrators right! Yes! Here comes the role of Logfiles! Log files are the one that helps the administrator to show the records.
Where the log files are located? It is a very common question for all users and administrators. You can see the log files under the path /var/log directory where up to the Linux it is a repository that is centralized for all purposes. Logs files are classified into four types as System logs, Service logs, Event logs and Application logs.
Let us take the necessary step to check the log files one by one:
Monitor.log: One of the biggest and very challenging achievements is to check all the log files by analyzing and monitoring. To find out the correct information from the big record it is easy to track certain information by executing the below command:
In servers like Ubuntu and Debian, the authentication process is done here. Even, an authorization log file helps you to get the mechanism of authorization. If you get any problem in security type then you will get indicators at a certain point. You can see the javascript suspicious file for correcting it.
Secure.log: Most of the users prefer secure.log instead of auth.log. Not only users, systems like CentOS-based systems and RedHat also prefer secure.log. More than authorization logs, these secure logs gives you more information. It gives you more messages such as related to security, failures of authentication etc. It takes responsibility to track services, daemons system, ssh logins and sudo logins.
It detects and shows the information related to login failure attempts and unauthorized movement in the system. Simultaneously, it shows the tracking method of users who are valid to login and login which is set to successful mode.
Boot.log: Use the below-mentioned command to boot the logs:
/etc/init.d/bootmisc.sh – This is a script for initialization! From this part, it starts to store all the information related to booting. As said previously, while starting up the system, booting messages are stored here. If you found any activities like a failure of booting, reboots that are unplanned, shutdown done improperly can cross-check the details in this log file. Even if you get a system shutdown unexpectedly it gives you information related to the downtime of system duration accurately.
Dmesg: Use the mentioned command: cat /var/log/dmesg
Buffer messages from the kernel ring are stored here. Logging of drivers and hardware ones are saved with proper authentication. Sometimes the process of booting starts by associating the webserver with the hardware which is detected by the kernel. At that time, it gives unique messages, errors in hardware and the status of the device.
Better usage of troubleshooting problems like not detecting the hardware or improper settings of hardware is set up in this file.
Kern.log: Use the command mentioned below:
Kernel related login details are stored here. You can even consider it as warning messages too! It is very useful in customizing the kernel troubleshoots as well as finding the issues in connectivity.
Failog: Use the command mentioned below:
It gives you details based on the login attempts which end in failure. It even find attacks on brute-force and other hacking identification of username as well as password.
Other checks are:
Where the log files are located? It is a very common question for all users and administrators. You can see the log files under the path /var/log directory where up to the Linux it is a repository that is centralized for all purposes. Logs files are classified into four types as System logs, Service logs, Event logs and Application logs.
Let us take the necessary step to check the log files one by one:
Monitor.log: One of the biggest and very challenging achievements is to check all the log files by analyzing and monitoring. To find out the correct information from the big record it is easy to track certain information by executing the below command:
Code:
cat /var/log/messages- The activity of logs in the generic system: All the log files contain activity that is recorded in the generic system. It is recommended to save all the information.
- Logfile check result: Sometimes, while starting up the system it may show you some error. It is been solved by tracking with the help of a log file. Not only startup error also considers application service error and non-kernel boot errors.
Code:
cat /var/log/auth.logSecure.log: Most of the users prefer secure.log instead of auth.log. Not only users, systems like CentOS-based systems and RedHat also prefer secure.log. More than authorization logs, these secure logs gives you more information. It gives you more messages such as related to security, failures of authentication etc. It takes responsibility to track services, daemons system, ssh logins and sudo logins.
It detects and shows the information related to login failure attempts and unauthorized movement in the system. Simultaneously, it shows the tracking method of users who are valid to login and login which is set to successful mode.
Boot.log: Use the below-mentioned command to boot the logs:
Code:
cat /var/log/boot.logDmesg: Use the mentioned command: cat /var/log/dmesg
Buffer messages from the kernel ring are stored here. Logging of drivers and hardware ones are saved with proper authentication. Sometimes the process of booting starts by associating the webserver with the hardware which is detected by the kernel. At that time, it gives unique messages, errors in hardware and the status of the device.
Better usage of troubleshooting problems like not detecting the hardware or improper settings of hardware is set up in this file.
Kern.log: Use the command mentioned below:
Code:
cat /var/log/kern.logFailog: Use the command mentioned below:
Code:
cat /var/log/faillogOther checks are:
- /var/log/cron - cat /var/log/cron
- /var/log/yum.log - cat /var/log/yum.log
- /var/log/maillog or /var/log/mail.log - cat /var/log/mail.log
- /var/log/httpd/ - cat /var/log/httpd/
- /var/log/mysqld.log or /var/log/mysql.log - cat /var/log/mysqld.log
