Using log files is critical to monitoring the Operating System and troubleshooting any problems. CentOS 7 has a built-in syslog that is used to build your log files.
What Logs Does Syslog Generate?
/var/log : The directory that you can find any logs generated by the syslog in this directory
/var/log/messages : Stores all of the syslog messages other than those mentioned below.
/var/log/secure stores authentication and security-related messages and errors. This also keeps track of authentication requests.
/var/log/maillog : Where you can find mail-related messages. This also keeps track of email error messages.
/var/log/cron : Contains files that are kept for automated tasks
/var/log/boot.log : Has system startup logfiles
What Should I Monitor Logs?
If something goes wrong with your VPS, the first place you will want to look is /var/log/messages to determine if there are any critical errors.
It is always wise to check /var/log/secure to ensure that logins are being monitored. Having a piece of mind that you have not been brute force attacked, a username and password has been compromised, or finding any failed login attempts are highly suggested to monitor consistently. This should be the first place to look if you find any malicious files or suspicious files on your server so you can identify right away that only trusted users have authenticated to your server.
You can review any ssh login activity and errors logged by the system security daemon in the following path.
If there are problems with your server being shut down, or if you are having an issue booting up your server, /var/log/boot.log can help you determine the duration of unplanned downtime.
Automation is used frequently, and to ensure your system can continue automation, checking the file below can confirm that any planned execution is going as scheduled.
Mail sent from your server is important to monitor and can be investigated further by monitoring the mail logs frequently.
Sometimes, just knowing where to look is half the battle, and this guide is intended to lead you in the right direction to monitor your logs frequently and actively.