Skip to main content
CTF Support
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. CTF Support
  2. /
  3. Forensics
  4. /
  5. Logs & System Artifacts
  6. /
  7. Linux Log Analysis
Edit page

Linux Log Analysis

Key logs in Linux systems

  • /var/log/syslog – general system events
  • /var/log/auth.log – authentication attempts
  • /var/log/messages – kernel and system messages
  • ~/.bash_history – command history of users

Example: Find login activity 

grep "Accepted password" /var/log/auth.log

Check for flags 

grep "CTF{" /var/log/*