Log files record events and anomalies to help debug issues, trace errors, and check for intrusions. Common log files are stored in /var/log and include kernel logs, web server logs, and logs from programs like iptables and Snort. Log files can help trained security analysts determine if activity is legitimate or indicates potential attacks like SQL injection by examining details like file dependencies, request types, and network scan patterns.