Change your user to another (for example from regular user to root) and input a wrong password. How and from what log file in /var/log path you can retrieve the information from this failed login attempt?
How do you retrieve the logged information from journald from last 24 hours so that newest entries are displayed first (at the top)?
How much do stored journal files take up disk space?
Open journald for real-time logging. Now open SSH connection to your Ubuntu (refer to Putty guide in here). Try to login by typing first the invalid and then the correct password. How are these entries logged?
Open authentication log file (auth.log) and check the content. How can you print only lines from this log file to the CLI containing new sessions from your user (tip: use grep)?
In previous exercise (EX-11) you installed Apache2 web server (if you haven’t, install it with sudo apt install apache2). What log files does this service have (see /var/log directory)?