Linux Server Security Guide: Part 2

System Logs

Every Linux operating system keeps logs for system processes and applications. You can use those logs to monitor server performance and also sniff out any abnormalities that may be security security related.

There are some common Linux logs that are more important than others, such as the kernel log, authentication log, web server log, and database server log. Most of these logs are located in /var/log and go through a normal rotation of recording and archiving system information.

To view a log file, you can use a tool like “less”. For example, from the command line, type:

less /var/log/syslog

The less command will present the log in a scrollable document that you can browse. Simply press “q” when you want to exit. If you need to find something specific in the log, you can search through it using Grep.

Most server logs include timestamps that can tell you exactly when something is happening. If you ever want to see events emerge from a log in real time, you can use the “tail” command. For example:

tail -f /var/log/mail.log

To end the tail, press CTRL+C to exit. You can learn more about viewing log files here and learn about viewing logs in cPanel here.