Although in ArchLinux we have Systemd, Which systemctl We can see the system logs, there are still several of us who miss having logs like /var/log/auth.log or similar, which by default in ArchLinux we cannot find. why? ... simply because we are already adapted to using them like this, because in other distros such as Debian, Ubuntu, etc. they come like this, like a lifetime.
Take for example the auth.log which should be in / var / log / (it is not by default). If in ArchLinux we want to have that log back where it always is, in order to know authentication attempts on our computer and others, to have a certainty of security beyond the firewall, syslog-ng can be an excellent alternative.
First we must install it in ArchLinux:
sudo pacman -S syslog-ng
Once installed, we proceed to start it:
sudo systemctl start syslog-ng
Then, so that it starts automatically we enable it with enable:
sudo systemctl enable syslog-ng
Here is a screenshot:
As you can see, we already have log files that we did not have before, for example auth.log related to authentication, through which (and going into detail) we can know the attempts (failed or allowed) of login through SSH, internal logins as such, etc. Come on, that with him is like having a log of our house urgent locksmith 24h 7 days a week 😀
By the way, if you ask how I colored the logs, I did it with ccze.
And here the post ends. This more than anything is a memorandum for me, but I hope it will be useful to more than one 🙂