/var/log/
tail -f /var/log/syslog
grep "Failed password" /var/log/auth.log
zgrep "ssh" /var/log/auth.log.*
/var/log/<app_name>/
logs generated by user-installed programs
/var/log/apache2/access.log
/var/log/apache2/error.log
/var/log/mysql/error.log
Daemon Logs
logs from background services (daemons)
/var/log/syslog
/var/log/messages
/var/log/daemon.log
/var/log/secure (RHEL/CentOS)
- Same as
auth.logbut for RedHat-based systems
/var/log/syslog
- General system activity logs
- Services, kernel messages (non-critical)
systemd[1]: Started Session 123 of user user1.
/var/log/messages
- General logs (similar to syslog on some distros)
/var/log/kern.log
- Kernel-specific logs
/var/log/dmesg
- Boot-time kernel ring buffer logs (snapshot)
/var/log/faillog
- Tracks failed login attempts (per user)
/var/log/lastlog
- Last login per user
/var/log/wtmp
- Login/logout history
/var/log/btmp
- Failed login attempts
/var/log/cron
- Scheduled task execution logs