Logs and Auditing
¨Syslog daemon
–Syslogd
¨/etc/syslog.conf
¨/var/log
–/var/log/messages
–/var/log/http
¨Accounting files
–Utmp
•Records who is currently logged into a system
•used by who command
–Wtmp
•records all logins and logouts
•used by last command
–lastlog
•Records time and location of each user’s last login to system