Difference between revisions of "Logs (Linux)"

From wikieduonline
Jump to navigation Jump to search
(Created page with "Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses /syslog/, /syslog-ng/ or /rsyslog/ software for logging or sending them t...")
 
 
(17 intermediate revisions by the same user not shown)
Line 1: Line 1:
Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[/syslog/]], [[/syslog-ng/]] or [[/rsyslog/]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
+
Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
  
 
Usage by Distribution:
 
Usage by Distribution:
* Debian/Ubuntu: [[/rsyslog/]]
+
* [[Debian]]/Ubuntu: [[rsyslog]]
 
* RHEL/Fedora:  
 
* RHEL/Fedora:  
  
 
Standard logs:
 
Standard logs:
* Debian/Ubuntu: <code>/var/log/syslog</code>
+
* Debian/Ubuntu: <code>/var/log/[[syslog]]</code>
 
* RHEL/Fedora: <code>/var/log/message</code>
 
* RHEL/Fedora: <code>/var/log/message</code>
  
Line 12: Line 12:
 
* Debian/Ubuntu: <code>/var/log/auth.log</code>
 
* Debian/Ubuntu: <code>/var/log/auth.log</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
 +
 +
Misc:
 +
* [[SUSE]]: <code>/var/log/warn.log</code>
 +
 +
/var/log/message – Where whole system logs or current activity logs are available.
 +
/var/log/[[auth.log]] – Authentication logs.
 +
/var/log/[[kern.log]] – Kernel logs.
 +
/var/log/cron.log – Crond logs (cron job).
 +
/var/log/maillog – Mail server logs.
 +
/var/log/boot.log – System boot log.
 +
/var/log/mysqld.log – MySQL database server log file.
 +
/var/log/[[secure]] – Authentication log.
 +
/var/log/utmp or /var/log/wtmp : Login records file.
 +
/var/log/yum.log: Yum log files.
 +
  
 
== Rsyslog ==
 
== Rsyslog ==
Line 19: Line 34:
 
=== Rsyslog Configuration ===
 
=== Rsyslog Configuration ===
 
Default configuration files by Distribution:
 
Default configuration files by Distribution:
* Debian: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf
+
* [[Debian]]: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf
* Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code>
+
* [[Ubuntu]]: <code>/etc/rsyslog.d/50-default.conf</code>
  
 
== [[Docker]] ==
 
== [[Docker]] ==
<code>docker logs</code> command show docker logs.
+
* <code>[[docker logs]]</code> command show docker logs.
 
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
 
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
 +
* <code>[[docker container logs]]</code>
 +
* <code>[[docker run]] -d --[[log-driver]]=[[journald]] YOUR_CONTAINER</code>
 +
 +
== Related ==
 +
* <code>[[journalctl -r]]</code>
  
 
== See also ==
 
== See also ==
* [[tail]], [[mtail]]
+
* {{tail}}
* [[journald]], [[Linux Administration/System Services/System Logging/Journalctl|Journalctl]]
+
* {{journalctl}}
 
* <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code>
 
* <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code>
 
* [[auditd]]: https://linux.die.net/man/8/auditd
 
* [[auditd]]: https://linux.die.net/man/8/auditd
 
* [[acct]] package
 
* [[acct]] package
* [[Cloud computing/Amazon Web Services/AWS Cloudtrail|AWS Cloudtrail]]
+
* {{monitoring}}
 
* [[Netflow]] for network logging
 
* [[Netflow]] for network logging
 
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]]
 
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]]
 
* [[fluentd]]
 
* [[fluentd]]
 
* [[logstash]] and [[filebeat]] products from Elastic
 
* [[logstash]] and [[filebeat]] products from Elastic
* [[Logwatch]]
+
* {{logging}}
 +
* {{logs}}
  
 
[[Category:Linux]]
 
[[Category:Linux]]

Latest revision as of 10:33, 21 June 2022

Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.

Usage by Distribution:

Standard logs:

  • Debian/Ubuntu: /var/log/syslog
  • RHEL/Fedora: /var/log/message

SSH sessions logging:

  • Debian/Ubuntu: /var/log/auth.log
  • RHEL/Fedora: /var/log/secure

Misc:

  • SUSE: /var/log/warn.log
/var/log/message – Where whole system logs or current activity logs are available.
/var/log/auth.log – Authentication logs.
/var/log/kern.log – Kernel logs.
/var/log/cron.log – Crond logs (cron job).
/var/log/maillog – Mail server logs.
/var/log/boot.log – System boot log.
/var/log/mysqld.log – MySQL database server log file.
/var/log/secure – Authentication log.
/var/log/utmp or /var/log/wtmp : Login records file.
/var/log/yum.log: Yum log files.


Rsyslog[edit]

Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html

Rsyslog Configuration[edit]

Default configuration files by Distribution:

Docker[edit]

See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.

Related[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Linux/logging

Advertising: