Difference between revisions of "Linux Logging"
Jump to navigation
Jump to search
Tags: Mobile web edit, Mobile edit |
|||
| (23 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[Rsyslogd|rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection. | + | Linux [[logs]] are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[Rsyslogd|rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection. |
Usage by Distribution: | Usage by Distribution: | ||
| Line 10: | Line 10: | ||
[[SSH]] sessions logging: | [[SSH]] sessions logging: | ||
| − | * Debian/Ubuntu: <code>/var/log/auth.log</code> | + | * Debian/Ubuntu: <code>/var/log/[[auth.log]]</code> |
* RHEL/Fedora: <code>/var/log/secure</code> | * RHEL/Fedora: <code>/var/log/secure</code> | ||
| + | |||
| + | Ubuntu: | ||
| + | * <code>[[/var/log/]][[kern.log]]</code> | ||
== Rsyslog == | == Rsyslog == | ||
| − | Rsyslogd supports queued operations to handle offline outputs. | + | [[Rsyslogd]] supports queued operations to handle offline outputs. |
Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html | Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html | ||
| + | |||
| + | == Log checkers == | ||
| + | * <code>[[logcheck]]</code> https://salsa.debian.org/debian/logcheck | ||
| + | * <code>[[logwatch]]</code> https://git.code.sf.net/p/logwatch/git | ||
| + | |||
=== Rsyslog Configuration === | === Rsyslog Configuration === | ||
| Line 22: | Line 30: | ||
* Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code> | * Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code> | ||
| − | == [[Docker]] == | + | == [[Container logging]]: [[Docker]] == |
| − | <code>docker logs</code> command show docker logs. | + | * <code>[[docker logs]]</code> command show docker logs. |
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | ||
| + | * <code>[[docker-compose logs]]</code> | ||
| + | |||
| + | |||
| + | == Related terms == | ||
| + | * [[Zabbix agent]] | ||
| + | * [[Cisco logging]] | ||
== Activities == | == Activities == | ||
* Understand [[container logging]] (part of [[CKAD]] certification) | * Understand [[container logging]] (part of [[CKAD]] certification) | ||
| + | * Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs | ||
| + | * Review linux [[Journalctl logs]] messages | ||
== See also == | == See also == | ||
* {{grep}} | * {{grep}} | ||
| − | * | + | * {{journald}} |
| − | * | + | * {{logging}} |
* {{audit}} | * {{audit}} | ||
| − | |||
* [[Netflow]] for network logging | * [[Netflow]] for network logging | ||
| − | * | + | * {{MQ}} |
* [[fluentd]] | * [[fluentd]] | ||
* {{ELK}} | * {{ELK}} | ||
| − | * | + | * {{stdin}} |
| − | * {{logging}} | + | * {{show logging}} |
[[Category:Linux]] | [[Category:Linux]] | ||
Latest revision as of 06:34, 14 April 2021
Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog - RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log - RHEL/Fedora:
/var/log/secure
Ubuntu:
Contents
Rsyslog[edit]
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Log checkers[edit]
Rsyslog Configuration[edit]
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.confman rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Container logging: Docker[edit]
docker logscommand show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
Related terms[edit]
Activities[edit]
- Understand container logging (part of CKAD certification)
- Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
- Review linux Journalctl logs messages
See also[edit]
ack, ag, grep,egrep, fgrep,agrep,ngrep,pgrep,awk,sed,strings,tr,tail,mtail,git grep,wc,uniq,LogQL,findstr (Windows),rg, git-grep, cut- journald:
journalctljournald.conf,journalctl --help,/dev/console - Linux logging, Cisco IOS logging
- Audit:
acct,atop,tripwire,AIDE,auditd,debsums, AWS Cloudtrail,logwatch,logcheck, Google Santa, Coguard - Netflow for network logging
- MQ, PubSub, AMQP, NATS, Apache Kafka, IBM MQ, ActiveMQ, Fuse Message Broker, MQTT, NSQ, RabbitMQ, AWS Kinesis and NATS Messaging, ZeroMQ, Message-oriented middleware (MOM), Apache Pulsar, HiveMQ
- fluentd
- Elastic: ELK,
Elasticsearch,Logstash,Kibana, Installation, AWS Elasticsearch, Elastic SIEM, Elastic Beats,metricbeat,filebeat,journalbeat, Elastisearch Service , Search guard, Elasticsearch logs, curator, ILM, Lumberjack protocol,aws_elasticsearch_domain, KQL,elasticsearch.yml, elasticsearch-plugin, elasticsearch-certutil, Elasticsearch release notes/changelog - Standard streams:
/dev/stdin,/dev/stdout,/dev/stderr,/dev/null, File descriptor,set -x, 2>&1, stdbuf - Cisco IOS logging:
show logging
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging
Advertising:
