Skip to content

Linux & Kali Linux Guide

17 Logging

Linux & Kali Linux Guide

Home
Kali Tools
Kali Tools
- 00 Introduction
  00 Introduction
  - Overview
  - Warning
- 01 Information Gathering
  01 Information Gathering
  - DNSenum
  - Gobuster
  - Nmap
  - Recon ng
  - WHOIS
  - WhatWeb
- 02 Vulnerability Analysis
  02 Vulnerability Analysis
  - Lynis
  - Nikto
  - OpenVas
  - WPScan
- 03 Web Explotation
  03 Web Explotation
  - Burp Suite
  - Commix
  - SQLmap
  - ZAProxy
- 04 Password Attacks
  04 Password Attacks
  - Cewl
  - Hashcat
  - Hydra
  - John
  - Medusa
- 05 Wireless Attacks
  05 Wireless Attacks
  - Aircrack ng
  - Kismet
  - Reaver
  - Wifite
- 06 Reverse Engineering
  06 Reverse Engineering
  - Edb debugger
  - Gdb
  - Jadx
  - Radare2
- 07 Exploitation Tools
  07 Exploitation Tools
- 08 Sniffing and Spoofing
  08 Sniffing and Spoofing
  - Bettercap
  - Ettercap
  - TCPdump
  - Wireshark
- 09 Maintaining Access
  09 Maintaining Access
  - Netcat
  - SSH
  - Socat
- 10 Digital Forensics
  10 Digital Forensics
  - Autopsy
  - Binwalk
  - Sleuthkit
  - Volatility
- 11 Reporting
  11 Reporting
  - Dradis
  - Faraday
  - Maltego
- 12 Other
  12 Other
  - Exiftool
  - Steghide
  - Stegseek
  - Strings
Linux Basics
Linux Basics
- 00 Introduction
- 01 File Navigation
- 02 Hidden Files
- 03 File Operations
- 04 Viewing Files
- 05 Searching Files
- 06 File Permissions
- 07 Users and Groups
- 08 Processes
- 09 System Info
- 10 Networking Basics
- 11 Archives and Compression
- 12 Editors
- 13 Scripting Basics
- 14 Environment Variables
- 15 Symbolic Links
- 16 Package Management
- 17 Logging 17 Logging
  Table of contents
  - Purpose
  - Core Commands
    
    Logging Commands
- 18 Redirection & Pipes
- 19 Wildcards & Globbing
- 20 Cron Jobs
- 21 SSH Basics
- 22 Services
Master Command Sheets
Master Command Sheets
- Kali Tools
- Linux Basics

17 Logging

Purpose¶

Logs provide critical information about what is happening on a system. In CTFs, checking logs can reveal misconfigurations, failed logins, or hidden activity. In the real world, sysadmins and penetration testers rely on logs for troubleshooting, monitoring, and forensic analysis.

Core Commands¶

$ cd /var/log
#Default Directory That Contains System and Application Logs

$ ls /var/log/
auth.log  syslog  dmesg  kern.log
#Lists Common Logs (Authentication, System, Kernel)

$ cat /var/log/auth.log
#View Authentication Log Entries

$ tail -f /var/log/syslog
#Follow the System Log in Real Time

$ dmesg | less
#Displays Kernel Ring Buffer Messages (Hardware/Driver Info)

Logging Basics

/var/log/ is the main directory for logs.
auth.log → authentication attempts; syslog → general system events; dmesg → kernel info.
tail -f is great for live monitoring logs during attacks or troubleshooting.
Logs are key in incident response and digital forensics.

Logging Commands ¶