In this chapter, we looked at the different types of log files, with an emphasis on files that contain security-related information. Then, we looked at the basic operation of the rsyslog and journald logging systems. To make log reviews a bit easier, we introduced Logwatch, which automatically creates a summary of the preceding day's log files. We wrapped things up by setting up a central, remote log server that collects log files from other network hosts.

In the next chapter, we'll look at how to do vulnerability scanning and intrusion detection. I'll see you there.