Difference between revisions of "Logs (Linux)"
(Created page with "Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses /syslog/, /syslog-ng/ or /rsyslog/ software for logging or sending them t...") |
(→Docker) |
||
(17 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
− | Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[ | + | Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection. |
Usage by Distribution: | Usage by Distribution: | ||
− | * Debian/Ubuntu: [[ | + | * [[Debian]]/Ubuntu: [[rsyslog]] |
* RHEL/Fedora: | * RHEL/Fedora: | ||
Standard logs: | Standard logs: | ||
− | * Debian/Ubuntu: <code>/var/log/syslog</code> | + | * Debian/Ubuntu: <code>/var/log/[[syslog]]</code> |
* RHEL/Fedora: <code>/var/log/message</code> | * RHEL/Fedora: <code>/var/log/message</code> | ||
Line 12: | Line 12: | ||
* Debian/Ubuntu: <code>/var/log/auth.log</code> | * Debian/Ubuntu: <code>/var/log/auth.log</code> | ||
* RHEL/Fedora: <code>/var/log/secure</code> | * RHEL/Fedora: <code>/var/log/secure</code> | ||
+ | |||
+ | Misc: | ||
+ | * [[SUSE]]: <code>/var/log/warn.log</code> | ||
+ | |||
+ | /var/log/message – Where whole system logs or current activity logs are available. | ||
+ | /var/log/[[auth.log]] – Authentication logs. | ||
+ | /var/log/[[kern.log]] – Kernel logs. | ||
+ | /var/log/cron.log – Crond logs (cron job). | ||
+ | /var/log/maillog – Mail server logs. | ||
+ | /var/log/boot.log – System boot log. | ||
+ | /var/log/mysqld.log – MySQL database server log file. | ||
+ | /var/log/[[secure]] – Authentication log. | ||
+ | /var/log/utmp or /var/log/wtmp : Login records file. | ||
+ | /var/log/yum.log: Yum log files. | ||
+ | |||
== Rsyslog == | == Rsyslog == | ||
Line 19: | Line 34: | ||
=== Rsyslog Configuration === | === Rsyslog Configuration === | ||
Default configuration files by Distribution: | Default configuration files by Distribution: | ||
− | * Debian: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf | + | * [[Debian]]: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf |
− | * Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code> | + | * [[Ubuntu]]: <code>/etc/rsyslog.d/50-default.conf</code> |
== [[Docker]] == | == [[Docker]] == | ||
− | <code>docker logs</code> command show docker logs. | + | * <code>[[docker logs]]</code> command show docker logs. |
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | ||
+ | * <code>[[docker container logs]]</code> | ||
+ | * <code>[[docker run]] -d --[[log-driver]]=[[journald]] YOUR_CONTAINER</code> | ||
+ | |||
+ | == Related == | ||
+ | * <code>[[journalctl -r]]</code> | ||
== See also == | == See also == | ||
− | * | + | * {{tail}} |
− | * | + | * {{journalctl}} |
* <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code> | * <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code> | ||
* [[auditd]]: https://linux.die.net/man/8/auditd | * [[auditd]]: https://linux.die.net/man/8/auditd | ||
* [[acct]] package | * [[acct]] package | ||
− | * | + | * {{monitoring}} |
* [[Netflow]] for network logging | * [[Netflow]] for network logging | ||
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]] | * Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]] | ||
* [[fluentd]] | * [[fluentd]] | ||
* [[logstash]] and [[filebeat]] products from Elastic | * [[logstash]] and [[filebeat]] products from Elastic | ||
− | * | + | * {{logging}} |
+ | * {{logs}} | ||
[[Category:Linux]] | [[Category:Linux]] |
Latest revision as of 10:33, 21 June 2022
Linux logs are save usually in /var/log
folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Misc:
- SUSE:
/var/log/warn.log
/var/log/message – Where whole system logs or current activity logs are available. /var/log/auth.log – Authentication logs. /var/log/kern.log – Kernel logs. /var/log/cron.log – Crond logs (cron job). /var/log/maillog – Mail server logs. /var/log/boot.log – System boot log. /var/log/mysqld.log – MySQL database server log file. /var/log/secure – Authentication log. /var/log/utmp or /var/log/wtmp : Login records file. /var/log/yum.log: Yum log files.
Rsyslog[edit]
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Rsyslog Configuration[edit]
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Docker[edit]
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
docker container logs
docker run -d --log-driver=journald YOUR_CONTAINER
Related[edit]
See also[edit]
- Files:
tail
,mtail
,promtail
,aws logs tail
,ktail, stern, kubectl logs
- systemd-journald:
journalctl
,/etc/systemd/journald.conf
,journalctl logs
,journalctl --list-boots
,journalctl --disk-usage
,journalctl -u kubelet
,journalctl -u prometheus
,journalctl --help
logger
andsystemd-cat
- auditd: https://linux.die.net/man/8/auditd
- acct package
- Monitoring: On call, Monitoring software, Monitoring services, Resource monitoring, Metric colletion tools, network monitoring, SLA Management Monitoring Tools, Alarm/Alert, Resource starvation, Alerts and notifications, Monitoring Kubernetes, VictoriaMetrics, Sensu, LogicMonitor, Distributed tracing, Datadog Monitors
- Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- logstash and filebeat products from Elastic
- Linux logging, Cisco IOS logging
- Logs, Log collector, log management, log explorer, Linux logging,
docker logs
,minikube logs
, Vector, Logstash, Filebeat, promtail, logfmt, Elasticsearch, fluentd, Mezmo (LogDNA), Scalyr, Loggly, Loki,tlog, cockpit
, NXLog, Winston, Amazon CloudWatch Logs Insights, Logz.io, Logflare, Coralogix
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Linux/logging
Advertising: