See [RFC 5424](https://datatracker.ietf.org/doc/html/rfc5424) for more information on [[System Logging]]. **auth.log** files follow the following format according to RFC 5424: ``` <Timestamp> <Hostname> <Service>[<process_id>]: <Message> ``` These types of log files are in binary format and cannot be read by standard text editors or with Linux commands such as 'cat'. The proper method of reading the contents of a WTMP or UTMP file is by using the 'last' command. - The file /var/log/btmp records failed login attempts. - The file /var/run/utmp allows one to discover information about who is currently using the system. This file will contain information on a user's logins: on which terminals, logouts, system events and the current status of the system, system boot time (used by uptime) etc. - The file /var/log/wtmp provides an historical record of utmp data.