Check log files
cd /var/log ls
here you find text files that contain a detailed log of various activities
- installation of new apps
- login/logout of users
- successful logins
- failed logins
- bootup logs
- kernel logs
- system logs
Enable ssh logs
edit this file
sudo nano /etc/ssh/sshd_config
goto the line and remove the hash key
# Logging
SyslogFacility AUTH
LogLevel VERBOSE
Press Control S to save and Control X to exit
restart ssh
sudo systemctl restart ssh
check in terminal
Open 2 terminals side by side, on the left terminal type this command
and on the right terminal try to login with a fake-user account
watch tail /var/log/auth.log
Press control C to exit the watch screen
Check Apache log
watch tail /var/log/apache2/access.log
- open a browser and try to access and existing page on that machine
- open another non-existent page such as login.html
Tools
- watch
- grep
- tail
- head