In order to make your logs as comprehensive as possible, I recommend a few changes to your /etc/syslog.conf file. Add the following lines: *.warn;*.err /var/log/syslog kern.* /var/log/kernel ftp.info /var/log/ftplog daemon.info /var/log/daemonlog Be sure to use tabs between the element, and not spaces. Now locate the following line *.info;mail.none;news.none;authpriv.none /var/log/messages and change it to: *.info;mail,ftp,daemon,authpriv.none /var/log/messages These changes will separate various system messages into more logs, so any problems will be easier to track down. More on this below. Next, you will have to create the new logs and change their permissions so that prying friendly eyes will not be able pursue them: touch /var/log/ftplog /var/log/daemonlog touch /var/log/syslog /var/log/kernel chmod 600 /var/log/ftplog /var/log/daemonlog chmod 600 /var/log/syslog /var/log/kernel Finally, to make these changes take immediate effect, enter: killall HUP syslogd |