Difference between revisions of "Linux Logging"
Line 33: | Line 33: | ||
* {{grep}} | * {{grep}} | ||
* [[journald]]: <code>[[Journalctl]]</code> | * [[journald]]: <code>[[Journalctl]]</code> | ||
− | * <code>[[ | + | * <code>[[logger]]</code> and <code>[[systemd-cat]]</code> |
* {{audit}} | * {{audit}} | ||
* [[AWS Cloudtrail]] | * [[AWS Cloudtrail]] |
Revision as of 05:33, 30 December 2019
Linux logs are save usually in /var/log
folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Rsyslog
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Rsyslog Configuration
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Docker
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
Activities
- Understand container logging (part of CKAD certification)
See also
ack, ag, grep
,egrep, fgrep
,agrep
,ngrep
,pgrep
,awk
,sed
,strings
,tr
,tail
,mtail
,git grep
,wc
,uniq
,LogQL
,findstr (Windows)
,rg, git-grep, cut
- journald:
Journalctl
logger
andsystemd-cat
- Audit:
acct
,atop
,tripwire
,AIDE
,auditd
,debsums
, AWS Cloudtrail,logwatch
,logcheck
, Google Santa, Coguard - AWS Cloudtrail
- Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- Elastic: ELK,
Elasticsearch
,Logstash
,Kibana
, Installation, AWS Elasticsearch, Elastic SIEM, Elastic Beats,metricbeat
,filebeat
,journalbeat
, Elastisearch Service , Search guard, Elasticsearch logs, curator, ILM, Lumberjack protocol,aws_elasticsearch_domain
, KQL,elasticsearch.yml, elasticsearch-plugin, elasticsearch-certutil
, Elasticsearch release notes/changelog Logwatch
perl program- Linux logging, Cisco IOS logging
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging
Advertising: