Logfiles may be generated either by the default Linux installation or by installing utilities to create additional logging.
These logfiles assist process accounting by retaining details that can aid in troubleshooting and detecting attacks. Normally, you can find these files in the
var/log
directory, broken up into groups relating to networks, users, and processes.
The default Red Hat installation provides mechanisms for gathering information on network connections. Two network logs are automatically created, one for tracking FTP connections,
/var/log/xferlog
, and the other listing all failed remote connection attempts,
/var/log/secure
.
Both these files can be viewed using the
less
or
head
command, which will show you the latest additions.
Logfiles are also automatically created to keep track of what users are doing. The file
/var/run/utmp
provides a listing of all currently connected users, which you can view by issuing the
who
command.
A history of all users logged in is kept in the
/var/log/utmp
file, and can also be viewed by issuing the
who
command.
Viewing the files may assist you in finding people who are abusing your system.
The logfiles that keep track of process executions are not created automatically for you, and must be configured into your system. Once installed and enabled, the file
/var/log/pacct
will contain the information of process execution and may be viewed by issuing the
lastcomm
command. This information may be valuable in troubleshooting and security problems.
Log Files Contents