/var/log/secure

[root@zetawiki ~]# cat /var/log/secure
... (생략)
Aug 13 15:39:16 localhost sshd[2668]: Accepted password for root from 192.168.0.246 port 1089 ssh2
Aug 13 15:39:16 localhost sshd[2668]: pam_unix(sshd:session): session opened for user root by (uid=0)
Aug 13 15:52:19 localhost useradd[2841]: new group: name=testuser, GID=501
Aug 13 15:52:19 localhost useradd[2841]: new user: name=testuser, UID=501, GID=501, home=/home/testuser, shell=/bin/bash
Aug 13 15:52:23 localhost su: pam_unix(su-l:session): session opened for user testuser by root(uid=0)
Aug 13 15:52:27 localhost su: pam_unix(su-l:session): session closed for user testuser
Aug 13 15:54:20 localhost userdel[2893]: delete user 'testuser'
Aug 13 15:54:20 localhost userdel[2893]: removed group 'testuser' owned by 'testuser'
... (생략)

[root@zetawiki ~]# ll /var/log/secure*
-rw------- 1 root root   1780 Aug 14 07:47 /var/log/secure
-rw------- 1 root root   5675 Aug 10 17:41 /var/log/secure.1
-rw------- 1 root root   7221 Aug  4 00:53 /var/log/secure.2
-rw------- 1 root root  11558 Jul 28 00:25 /var/log/secure.3
-rw------- 1 root root 418444 Jul 21 03:30 /var/log/secure.4