Linux servers are typically configured to use a syslog based logging system for handling events. There is a wide collection of syslog implementations, each with their own little take on log handling. By default, Ubuntu servers are configured with rsyslog, which is a fast and feature-full syslog implementation.

The configuration for rsyslog is defined in /etc/rsyslog.conf, as well as in any *.conf files included in /etc/rsyslog.d/. If you look in /etc/rsyslog.d/50-default.conf, you will see configuration entries, such as:

auth,authpriv.*                 /var/log/auth.log
*.*;auth,authpriv.none          -/var/log/syslog

The left-hand side shows the facility/severity of the syslog events. You can specify more than one of them using a comma separating ...