Use faillog command to display the content of this file.į) /var/log/secure – Contains information related to authentication and authorization privileges. who command uses this file to display the information.Į) /var/log/faillog – Contains user failed login attemps. Using wtmp you can find out who is logged into the system. For example, “last -f /var/log/btmp | more”ĭ) /var/log/wtmp or /var/log/utmp – Contains login records. Use the last command to view the btmp file. You should use lastlog command to view the content of this file.Ĭ) /var/log/btmp – This file contains information about failed login attemps. There are several things that are logged in /var/log/messages including mail, cron, daemon, kern, auth, etc.Ī) /var/log/auth.log – Contains system authorization information, including user logins and authentication machinsm that were used.ī) /var/log/lastlog – Displays the recent login information for all the users.
Many other files are generated and will be important for system administration and troubleshooting.Ī) /var/log/messages – Contains global system messages, including the messages that are logged during system startup. Some log files are distribution specific and this directory can also contain applications such as samba, apache, lighttpd, mail etc.įrom a security perspective, here are 5 groups of files which are essential. If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them.
0 kommentar(er)
