- Basically syslog is a system V initialization script present in /etc/rc.d/init.d/
- When this script is executed it starts and manages two daemons syslogd and klogd
- Linux applications use the syslog utility to export all their errors and status messages to files located in the /var/log directory, these files are termed as log files.
- log files give the information about system activities, will be most help full during troubleshooting the system problems.
- By looking atthe log files one can know the system state just before the problem occured to diagnose the problem and come to about intrusion activities.
/var/log/dmesg: kernel boot messages
/var/log/messages:standard system error messages
/var/log/maillog:Mail system mesages
/var/log/secure:Security, authentication, and xinetd messages
/var/log/audit/audit.log:kernel auditing messages
There are various other log files that store info from other appln like ( Apache, Squid etc)
Why use a log file to record happenings on systems?
If you are being notified of login attempts and failures, system errors and possible security problems then you will find that:
-
A log will keep track of what is happening on your system at all times.
-
It will alert you to problems before they arise, for example; if your partition is becoming full or if there is an impending attack.
-
The problem would be seen prior to your "healthy" backups being cycled out.
