---restore content starts---
Log Save location
The default Var/log directory
Primary log files
Kernel and public message log: Message
Scheduled Task log: Cron
System Peach LOG: Demsg
Mail system log: Maillog
User login log:/var/log/lastlog,/var/log/secure,/var/log/wtmp,/var/run/utmp
Kernel and System logs:
Unified management by System service RSYSLOGD
? Package: rsyslog-5.8.10-8.el6.x86_64
? Main program:/SBIN/RSYSLOGD
? Configuration file:/etc/rsyslog.conf the location where the log files are placed, and the log files can be placed from the new definition. Restart the service after you have defined it.
Rpm-q Rsyslog Installation
Service Rsyslog Status Start
User log Analysis
Saved user login, exit system and other related information
/var/log/lastlog: Recent user logon events directly Lastlog Open
/var/log/wtmp: User login, Logoff and system on, shutdown events. 2 binaries viewed with last command, no file path required
/var/run/utmp: Details for each user who is currently logged on. 2 binary files view with users, W, who commands
/var/log/secure: No user authentication related security events are viewed with the tail command
/VAR/LOG/BTMP: Login failure information, password error, etc. LASTB Command View
Analysis tools
Users, who, W, last, Lastb
Linux Log file analysis