Operating System Log location and Operating System Log location on various operating systems

Operating System Log location and Operating System Log location on various operating systems
Linux:/var/log/messages

AIX:/bin/errpt-a (redirect this to a file called messages. out)

Solaris:/var/adm/messages

HP-UX:/var/adm/syslog. log

Tru64:/var/adm/messages

Windows: save Application Log and System Log as. TXT files using Event Viewer
What are the logs of the XP operating system?

In fact, there are logs in XP. No matter you are not on the Internet, you can find out when you start and when to shut down.
The method is as follows:
Right-click my computer"
Select "manage" to open the computer management window.
Select "Event Viewer" in "System Tools" on the left"
Then select "system"
Then, the system event list will be listed in the window on the right.
Find the event whose source is "EventLog" and double-click it to open it. Pay attention to the following two situations:
When the event content is "Event Log Service started", it indicates that you have started the system.
When the event content is "The Event Log Service has stopped", it indicates that you have shut down.
This record cannot be modified, but can be cleared. The method is as follows:
Right-click system on the left and select clear all events ".

What is log management in the operating system?

System logs are derived from marine logs: When people go overseas, they always need to make marine logs so as to provide a basis for future work. As a special file in Microsoft Windows operating systems, log files have irreplaceable values in terms of security. Every day, logs faithfully record what happened to the system. Using System Log Files, system administrators can quickly record and predict potential system intrusions, however, unfortunately, most people ignore its existence. Instead, hackers may remind us of this important system log file.

7.1 special characteristics of log files

To understand the log file, we must first talk about its particularity, saying that it is special because the file is managed and protected by the system. In general, normal users cannot change it at will. You cannot edit a common TXT file. For example, WPS series, Word Series, WordPad, Edit, etc. We cannot even perform "RENAME", "delete", or "move" operations on it. Otherwise, the system will tell you that the access is denied. Of course, some general operations can be performed on a pure DOS state (such as Win98 State), but you will soon find that your modifications are useless, when Windows 98 is restarted, the system automatically checks this special text file and generates one if it does not exist. If it exists, logs are appended to the text.

7.1.1 Why are hackers interested in log files?

After obtaining the system administrator privilege of the server, hackers can freely destroy files on the system, including log files. However, all this will be recorded by system logs, so hackers must modify the logs to hide their intrusion traces. The simplest way is to delete system log files, but this is generally done by novice hackers. Real senior hackers always use the log modification method to prevent system administrators from tracking themselves, there are many programs dedicated to such features on the network, such as Zap and Wipe.

7.1.2 introduction to Windows series log systems

1. Windows 98 log files

Because the vast majority of users still use Windows 98 as the operating system, this section begins with the Windows 98 log file. Common users in Windows 98 do not need to use system logs unless they have special purposes. For example, when Windows 98 is used to create a personal Web server, you need to enable system logs as a reference for server security. When you have used Windows 98 to create a personal Web server, you can perform the following operations to enable the log function.

(1) double-click the "Personal Web server" icon on the "control panel". (You must have configured the relevant network protocol and added "Personal Web server ).

(2) On the "management" tab, click the "manage" button;

(3) On the "Internet service administrator" page, click "WWW management ";

(4) On the "WWW management" page, click the "logs" tab;

(5) Select the Enable Log check box and make changes as needed. Name the log file "Inetserver_event.log ". If no log file directory is specified on the logs tab, the file is saved in the Windows folder.

Common users can find the log file schedlog.txt in the Windows 98's system folder. We can find it in the following ways. Find it in "start"/"Search", or start "Task Scheduler", and click "view log" in the "advanced" menu to view it. The log files of common Windows 98 users are simple. They only record some preset task running processes. Compared with the server's NT operating system, hackers are rarely interested in Windows 98. Therefore, logs under Windows 98 are not valued by people.

2. Windows NT Log System

Windows NT is an operating system that is currently under a large number of attacks. In Windows NT, the log file is almost required for every transaction in the system ...... the remaining full text>