This section contains info regarding logging for Unix.
Log files for Unix vary from flavor to flavor. But there are a few guidelines as to where these logs are kept.
System log files and accounting files are in /var/adm, /var/log, or sometimes /usr/adm.
Common log files include messages
, syslog
, and on some systems sulog
.
Checking /etc/defaults
and /etc/syslog.conf
may reveil more. Also wtmp
,
utmp
, and lastlog
will contain information regarding logins.
The most important one will probably be syslog. Most utilities, including security add-on programs can write to syslog, so it make a handy location for dumping info. But bear in mind that there are a lot of processes that might log to separate log files. Here are some potential files to look for:
File Purpose ------------------- --------------------------------------- /var/spool/cron/log Cron log file /var/log/maillog Logs inbound and outbound mail activity /var/spool/lp/log Log file for printing
There are more, but this should give you an idea.
Most of these files are text files and can be easily edited, assuming you have the
permission to do so. But some of these files require you to write special tools to
edit them, mainly the utmp
, wtmp
, and possibly lastlog
.
A good "universal" editor (meaning it will run on most Unix systems) can be found at
http://www.nmrc.org/files/unix/remove.c. It will allow you to selectively remove
entries from these files.