Examining the system logs is an important part of system administration. To ensure that problems are caught and resolved in a timely fashion, you should check your system's logs for significant events.
View the table below to see how to identify commonly logged, significant events
If you have built a monolithic kernel for your firewall (strongly suggested), check for module insertion activity with grep insmod /var/log/messages.
A monolithic kernel should not have any modules inserted into it; if someone tried, it might be a sign of security compromise.