The first step is to locate and comprehend all log activities, second to determine triggers for undesirable events and conditions, third to text if this/these happen, and fourth to send email summaries of log changes.
I doubt I'll ever complete this post, as there's so many ways to skin this cat, both in CLI and GUI. Overall it's part of SIEM and should be accomplished with some thought.
directories
At the simplest level, this is the local directory:
/var/log
And of course to see how much use:
$ du -sh /var/log
And of course to limit the largest offender journalctl, in the first place:
# nano /etc/systemd/journald.conf
SystemMaxUse=200K
log programs
1. Linux log apps (webpage), 2022. Several log apps show information.
