System logs are an important part of every IT administrator's life. They can tell you how well your system is performing, how to troubleshoot problems, and what the users—both authorized and unauthorized—are doing on the system. 

In this chapter, I'll give you a brief tour of the Linux logging systems, and then show you a cool trick to help make your log reviews easier. Then, I'll show you how to set up a remote logging server, complete with Transport Layer Security (TLS)-encrypted connections to the clients. 

The topics that we will be covering are as follows:

• Understanding the Linux system log files
• Understanding rsyslog
• Understanding journald
• Making things easier with Logwatch
• Setting up a remote log server

The focus of this chapter is on logging tools that are either already built into your Linux distro or that are available in your distro repositories. Other Packt Publishing books, such as the Linux Administration Cookbook, show you some of the fancier, more advanced third-party log aggregation and analysis tools.

So, if you're ready and raring to go, let's look at those Linux log files.