In both Windows and Linux, files can be created by the operating system, the user, or applications. In Linux, all configuration files are text files, so an administrator can make configuration changes via the command line, including over a remote shell connection (Telnet or SSH). In Windows systems, configuration changes rely much more heavily on the GUI:
Linux operating systems are often used in server setups. An associate in a SOC may, therefore, be required to review some of the logs. There are four types of log – application, event, service, and system – and these are recorded by default. The following table lists some common log files and their locations:
| Log | Purpose |
| /var/log/messages | Used to store non-critical system messages |
| /var/log/auth.log | Authentication-related events |
| /var/log/secure | Used by RedHat and CentOS and tracks sudo (enhanced privilege) logins and SSH (secure remote access) logins |
| /var/log/boot.log | Boot-related messages during startup |
| /var/log/dmesg | Kernel ring buffer messages |
| /var/log/kern.log | Kernel log information |
| /var/log/cron | Schedule of automated tasks |
| /var/log/mysqld.log or /var/log/mysql.log | MySQL database server log files |
Notice that they are all in the /var/ folder. This folder stores all the data that varies through the normal operation of the system. Logging files, printer spool directories, and transient and temporary files are all held in this folder.