Manually watching these logs is frankly unintesting and time-consuming. Many utilities exist which automatically scan logs for signatures of suspicious events. These include:
Output from log-watching utilities should be sent to a remote machine to minimise the risk of an intruder tampering with the reports, for example, LogWatch can be configured to do this --- see /etc/log.d/logwatch.conf for details.
| ...previous | up (conts) | next... |