linux log

/var/log/messages — Contains overall system information, including logs during system startup. Also, things like mail, cron, daemon, kern and auth are logged in var/log/messages log.
/var/log/dmesg — Contains kernel ring buffer information. During system startup, a number of hardware-related information is displayed on the screen. They can be viewed with dmesg.
/var/log/auth.log — Contains system authorization information, including user login and authorization mechanisms used.
/var/log/boot.log — Contains logs from system startup.
/var/log/daemon.log — Contains various system daemon log information.
/var/log/dpkg.log – Contains logs for installing or dpkg command purge packages.
/var/log/kern.log - Contains logs generated by the kernel, useful for troubleshooting problems when customizing the kernel.
/var/log/lastlog — Logs recent information for all users. This is not an ASCII file, so you need to view the contents with the lastlog command.
/var/log/maillog /var/log/mail.log — Contains log information from the system running the email server. For example, sendmail log messages are all sent to this file.
/var/log/user.log — A log that records user information for all levels.
/var/log/Xorg.x.log — Log messages from X.
/var/log/alternatives.log - Update alternatives are logged in this file.
/var/log/btmp - Logs all failed logins. Use the last command to view btmp files. For example, "last -f /var/log/btmp | more".
/var/log/cups — Logs involving all printing information.
/var/log/anaconda.log — When installing Linux, all installation information is stored in this file.
/var/log/yum.log — Contains information about packages installed using yum.
/var/log/cron — Whenever a cron process starts a job, information about it is logged in this file.
/var/log/secure - Contains authentication and authorization information. For example, sshd will log all messages (including failed logins) here.
/var/log/wtmp or /var/log/utmp - contains login information. Use wtmp to find out who is logging into the system, who is using commands to display this file or information, etc.
/var/log/faillog – Contains user login failure information. In addition, error login commands are also logged in this file.
In addition to the above Log files, /var/log also contains the following subdirectories based on the specific application of the system:
/var/log/httpd/ or /var/log/apache2 — Contains server access_log and error_log information.
/var/log/lighttpd/ — Contains access_log and error_log for light HTTPD.
/var/log/mail/ - This subdirectory contains additional logs for the mail server.
/var/log/prelink/ — Contains information about .so files modified by prelink.
/var/log/audit/ — Contains information stored by the Linux audit daemon.
/var/log/samba/ – Contains information stored by samba.
/var/log/sa/ — Contains the daily sar files collected by the sysstat package.
/var/log/sssd/ – for daemon security services.
In addition to manually archiving and purging these log files, logrotate can be used to automatically delete files after they reach a certain size. You can try to view these log files with commands such as vi, tail, grep, and less.