There are a great many interesting things you’ll find in your logs, most of which will depend entirely on your infrastructure. To get you started, I recommend logging and paying attention to these: HTTP responses sudo usage SSH logins cron job results MySQL/ PostgreSQL slow queries Analyzing logs is largely a matter of which tool you use, whether it’s Splunk, the ELK stack, or some SaaS tool. I strongly encourage you to use a log aggregation tool for analyzing and working with your log data.2038 ↱
Practical Monitoring
Effective Strategies for the Real World
Mike Julian