Linux logs
Linux logs are mostly stored in clear text, generally stored in the/var/log directory, Linux system mainly has three log subsystem: Connection time log, process statistics log, error log.
Connection Time Log
The connection time log is executed by several programs, logging the log to/var/log/wtmp/var/run/utmp/var/log/lastlog three files, these three files record the user login system and the information about the exit, Utmp saves each user's information for the current user, wtmp logs the log-off and system startup, shutdown events for each user, Lastlog records the last logged-in information for each user.
Both the wtmp and utmp files are binary and cannot be viewed using the cat and tail commands, but you can view information about two files using the Who W users last command
who [parameters]
-A show all information
-M only displays login user information for the current terminal
-Q Displays only the names and number of users currently logged on to the system, and other parameters are ignored when used in conjunction with other parameters
Log file
Most log files are stored under the/var/log/directory, which is the contents of various log files and records.
transmission of Assess-log Records and Http/web
Secure record Log in system access information messages
Btmp log failed messages
Lastlog records The most recent successful logon events and the last unsuccessful login
Messages log information from syslog (some are connected to a syslog file)
Sudolog records the commands that sudo sends
Sulog Record use of the SU command
Utmp Record Each user who is currently logged on
Wtmp A user's permanent record of entry and exit each time they log on
Syslog is usually connected to the messages file
Xferlog logged the ftp session
Linux can be configured log files, you need to modify the log file syslog.conf configuration, usually not configured, unless the special use of people, but also graphical view of the analysis log, there is not much to introduce
Commander
Introduction to Logs in Linux