Difference between revisions of "Linux Logging"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[Rsyslogd|rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
+
Linux [[logs]] are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[Rsyslogd|rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
  
 
Usage by Distribution:
 
Usage by Distribution:
Line 10: Line 10:
  
 
[[SSH]] sessions logging:
 
[[SSH]] sessions logging:
* Debian/Ubuntu: <code>/var/log/auth.log</code>
+
* Debian/Ubuntu: <code>/var/log/[[auth.log]]</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
  
 
Ubuntu:
 
Ubuntu:
* <code>/var/log/[[kern.log]]</code>
+
* <code>[[/var/log/]][[kern.log]]</code>
  
 
== Rsyslog ==
 
== Rsyslog ==
Rsyslogd supports queued operations to handle offline outputs.
+
[[Rsyslogd]] supports queued operations to handle offline outputs.
 
Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
 
Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
  
Line 35: Line 35:
  
 
* <code>[[docker-compose logs]]</code>
 
* <code>[[docker-compose logs]]</code>
 +
 +
 +
== Related terms ==
 +
* [[Zabbix agent]]
 +
* [[Cisco logging]]
  
 
== Activities ==
 
== Activities ==
 
* Understand [[container logging]] (part of [[CKAD]] certification)
 
* Understand [[container logging]] (part of [[CKAD]] certification)
 
* Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
 
* Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
 +
* Review linux [[Journalctl logs]] messages
  
 
== See also ==
 
== See also ==
Line 46: Line 52:
 
* {{audit}}
 
* {{audit}}
 
* [[Netflow]] for network logging
 
* [[Netflow]] for network logging
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]]
+
* {{MQ}}
 
* [[fluentd]]
 
* [[fluentd]]
 
* {{ELK}}
 
* {{ELK}}
 
* {{stdin}}
 
* {{stdin}}
* [[Cisco IOS]]: <code>[[show logging]]</code>, <code>[[show archive]]</code>
+
* {{show logging}}
  
 
[[Category:Linux]]
 
[[Category:Linux]]

Latest revision as of 06:34, 14 April 2021

Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.

Usage by Distribution:

  • Debian/Ubuntu: rsyslog
  • RHEL/Fedora:

Standard logs:

  • Debian/Ubuntu: /var/log/syslog
  • RHEL/Fedora: /var/log/message

SSH sessions logging:

  • Debian/Ubuntu: /var/log/auth.log
  • RHEL/Fedora: /var/log/secure

Ubuntu:

Rsyslog[edit]

Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html

Log checkers[edit]


Rsyslog Configuration[edit]

Default configuration files by Distribution:

Container logging: Docker[edit]

See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.


Related terms[edit]

Activities[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging

Advertising: