Difference between revisions of "Linux Logging"
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
| Line 56: | Line 56: | ||
* {{ELK}} | * {{ELK}} | ||
* {{stdin}} | * {{stdin}} | ||
| − | * | + | * {{show logging}} |
[[Category:Linux]] | [[Category:Linux]] | ||
Latest revision as of 06:34, 14 April 2021
Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog - RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log - RHEL/Fedora:
/var/log/secure
Ubuntu:
Contents
Rsyslog[edit]
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Log checkers[edit]
Rsyslog Configuration[edit]
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.confman rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Container logging: Docker[edit]
docker logscommand show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
Related terms[edit]
Activities[edit]
- Understand container logging (part of CKAD certification)
- Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
- Review linux Journalctl logs messages
See also[edit]
ack, ag, grep,egrep, fgrep,agrep,ngrep,pgrep,awk,sed,strings,tr,tail,mtail,git grep,wc,uniq,LogQL,findstr (Windows),rg, git-grep, cut- journald:
journalctljournald.conf,journalctl --help,/dev/console - Linux logging, Cisco IOS logging
- Audit:
acct,atop,tripwire,AIDE,auditd,debsums, AWS Cloudtrail,logwatch,logcheck, Google Santa, Coguard - Netflow for network logging
- MQ, PubSub, AMQP, NATS, Apache Kafka, IBM MQ, ActiveMQ, Fuse Message Broker, MQTT, NSQ, RabbitMQ, AWS Kinesis and NATS Messaging, ZeroMQ, Message-oriented middleware (MOM), Apache Pulsar, HiveMQ
- fluentd
- Elastic: ELK,
Elasticsearch,Logstash,Kibana, Installation, AWS Elasticsearch, Elastic SIEM, Elastic Beats,metricbeat,filebeat,journalbeat, Elastisearch Service , Search guard, Elasticsearch logs, curator, ILM, Lumberjack protocol,aws_elasticsearch_domain, KQL,elasticsearch.yml, elasticsearch-plugin, elasticsearch-certutil, Elasticsearch release notes/changelog - Standard streams:
/dev/stdin,/dev/stdout,/dev/stderr,/dev/null, File descriptor,set -x, 2>&1, stdbuf - Cisco IOS logging:
show logging
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging
Advertising:
