> For the complete documentation index, see [llms.txt](https://notes.radifine.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://notes.radifine.com/linux-fundamentals/log-scanning.md). # Log Scanning Log Scanning is beneficial for troubleshooting service errors and searching malicious activity Logwatch is an excellent tool to achieve the above objective. One can refer [this](https://www.digitalocean.com/community/tutorials/how-to-install-and-use-logwatch-log-analyzer-and-reporter-on-a-vps) link to learn the same. auditd is the daemon that has to be installed to achieve the same. One can refer [this ](https://sematext.com/glossary/auditd/)link to learn more. aureport is used for generation of report and ausearch is used for searching within the logs collected by auditd. auditctl is used for configuring log collection rules Note: Please check the locale using command date '+%x' and then pass it to ausearch with start and end dates as: ausearch -ts \ -te \ --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://notes.radifine.com/linux-fundamentals/log-scanning.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.