--> systemctl = utility to manages services --> journalctl = utility to manages logs

Check log files

$sudo journalctl -S -3m = display the last 3 minutes from the journal

$sudo journalctl -fxe = f switch is to see all long lines (full)

$cat /var/logs/syslog = view syslog file

$tail -n 20 /var/logs/syslog = view last 20 lines from system log file

$tail -1 /etc/passwd = check assigned shell of the last added user (-1)

$tail -f /var/log/auth.log = monitor ssh login attempts and their error messages in real time 

$grep sshd /var/log/auth.log | less = check authorised users connection log file

$echo “$(/bin/date) - hi there” >> logfile.log = this will append the current date and message “hi there” to the end of logfile.log

$zcat /var/log/syslog.2.gz = view the content of archived syslog file without decompressing it

$ grep -B 5 -A 2 --color 'keyword' /path/to/file.log = show before 5 lines and after 2 lines when you find 'keyword' on file.log