Logfiles may be generated either by the default Linux installation or by installing utilities to create additional logging.
These logfiles assist process accounting by retaining details that can aid in troubleshooting and detecting attacks. Normally, you can find these files in the
var/log directory, broken up into groups relating to networks, users, and processes.
The default Red Hat installation provides mechanisms for gathering information on network connections. Two network logs are automatically created, one for tracking FTP connections,
/var/log/xferlog, and the other listing all failed remote connection attempts,
/var/log/secure.
Both these files can be viewed using the
less or
head command, which will show you the latest additions.
Logfiles are also automatically created to keep track of what users are doing. The file
/var/run/utmp provides a listing of all currently connected users, which you can view by issuing the
who command.
A history of all users logged in is kept in the
/var/log/utmp file, and can also be viewed by issuing the
who command.
Viewing the files may assist you in finding people who are abusing your system.
The logfiles that keep track of process executions are not created automatically for you, and must be configured into your system. Once installed and enabled, the file
/var/log/pacct will contain the information of process execution and may be viewed by issuing the
lastcomm
command. This information may be valuable in troubleshooting and security problems.
Log Files Contents