User Accounting   «Prev  Next»

Lesson 6 Logfiles
Objective Use logfiles for accounting and auditing.

Use logfiles for Accounting and Auditing

Logfiles may be generated either by the default Linux installation or by installing utilities to create additional logging.
These logfiles assist process accounting by retaining details that can aid in troubleshooting and detecting attacks. Normally, you can find these files in the var/log directory, broken up into groups relating to networks, users, and processes.
The default Red Hat installation provides mechanisms for gathering information on network connections. Two network logs are automatically created, one for tracking FTP connections, /var/log/xferlog, and the other listing all failed remote connection attempts, /var/log/secure. Both these files can be viewed using the less or head command, which will show you the latest additions.
Logfiles are also automatically created to keep track of what users are doing. The file /var/run/utmp provides a listing of all currently connected users, which you can view by issuing the who command. A history of all users logged in is kept in the /var/log/utmp file, and can also be viewed by issuing the who command. Viewing the files may assist you in finding people who are abusing your system.
The logfiles that keep track of process executions are not created automatically for you, and must be configured into your system. Once installed and enabled, the file /var/log/pacct will contain the information of process execution and may be viewed by issuing the lastcomm command. This information may be valuable in troubleshooting and security problems.
Log Files Contents

View the Slide Show below to see what these logfiles look like.

end of the messages log in RedHat Linux

The next lesson concludes this module.
Before moving on to the next lesson, click the link below to learn more about logfiles.
View Log Files Command