Hey I like how you explain what various logs contain, but I would like to know if there are other types of system logs (ex. not those by user installed programs) that could be of interest to understand what the system does and what they mean.
That's not a simple task. For example...
Code:
ls /var/log
anaconda btmp-20240401 firewalld lynis.log ppp spooler-20240331
audit chrony glusterfs lynis-report.dat private spooler-20240407
BackupPC cron grafana maillog qemu-ga spooler-20240414
blivet-gui cron-20240324 hawkey.log maillog-20240324 README sssd
boot.log cron-20240331 hawkey.log-20240324 maillog-20240331 samba swtpm
boot.log-20240326 cron-20240407 hawkey.log-20240331 maillog-20240407 secure tallylog
boot.log-20240328 cron-20240414 hawkey.log-20240407 maillog-20240414 secure-20240324 wtmp
boot.log-20240330 cups hawkey.log-20240414 messages secure-20240331 Xorg.0.log
boot.log-20240402 dnf.librepo.log httpd messages-20240324 secure-20240407 Xorg.0.log.old
boot.log-20240404 dnf.log journal messages-20240331 secure-20240414 Xorg.9.log
boot.log-20240410 dnf.log.1 lastlog messages-20240407 speech-dispatcher
boot.log-20240413 dnf.log.2 libvirt messages-20240414 spooler
btmp dnf.rpm.log lightdm openvswitch spooler-20240324
Debian/Ubuntu/Mint systems wouldn't have the dnf logs, as they don't use dnf.
Also drawing the line bewteen "system" logs, and "application" logs is sometimes difficult.
In my case, lynis is an app, grafana is an app, libvirt is an app, httpd is an app, those ones are obvious.
But BackupPC is that a system log or an application log? (I don't use TimeShift) is Xorg a system app or application?
But some are obvious. messages, wtmp, boot.log, journal, those are the obvious "system" ones.
There is a command called "dmesg" in almost all Linux distro's I have ever used.
It's just an aggregate of some of the system log output mentioned above.
You can use combinations of cat and grep to view the main system logs in messages.
boot.log obviously shows system boots, reboots, the time and who done it.
cron is similar, what cron jobs are running, which ones failed, what time did they fail?
wtmp is usually a binary file, don't use "cat" on that one. It'll confuse your terminal.
However you can use "strings" ( i.e. strings wtmp ) to view tohe contents of that file. That gives you who is logged in and when they logged in and out. There is a lot more, but that should get you started, and keep in mind, all distro's don't have the same log files, with the same names.