Linux Log Analysis

Key logs in Linux systems

/var/log/syslog – general system events
/var/log/auth.log – authentication attempts
/var/log/messages – kernel and system messages
~/.bash_history – command history of users

grep "Accepted password" /var/log/auth.log

Check for flags

grep "CTF{" /var/log/*