(Sometimes and root mountfsys umountfsys install sync is also) and so on is the root rank account number, also had sysop (system manager) jurisdiction.  

        Finally has the necessity to introduce UNIX the journal file. Many intruder did not hope that the invasion the computer traces them, how does that make that.  
        The system manager mainly depends upon system's LOG, namely we often said the journal file obtains IP which and other information the invasion the trace and the intruder come. Certainly also some managers use third party tool to record invade computer's information, what here mainly says is general U in the NIX system records invades trail's document.  

        The UNIX system has many editions, each system has the different LOG document, but the majority should have the similar depositing position, the ordinariest position is under these:  
/usr/adm, early edition UNIX;  
/var/adm, the new spot edition uses this position;  
/var/log, some edition's Solaris, Linux BSD, Free BSD uses this position;  
/etc, the majority UNIX editions place utmp here, some also place wtmp here, this are also the syslog.conf positions.  

        Below enumerates some documents the function, certainly they are also different according to the invasion system and are different.  
acct or pacct, record each user use the order record;  
access_log, mainly used the server to move NCSA HTTPD, this record file could have any stand to connect your server;  
aculog, is preserving the MODEMS record which you dial;  
lastlog, has recorded the user recent debarkation record and each user's initial destination, sometimes is finally not the successful debarkation record;  
loginlog, records some not normal debarkation record;  
messages, the record outputs the system control bench the record, other information produces by syslog;  
security, records some to use the UUCP system to attempt to enter the limit scope the instance;  
sulog, the record uses the record which su orders;  
utmp, the record current registers in system's all users, this document follows the user to enter and to leave the system and changes unceasingly;  
utmpx, UTMP expansion;  
wtmp, the record user registers with the withdrawal event;  
syslog, the most important journal file, uses the syslogd protection procedure to obtain.  
Diary information:  
the news which on the local machine /dev/log, a UNIX territory sleeve joint character, accepts moves the advancement which produces;