Difference between revisions of "Linux Logging"

From wikieduonline
Jump to navigation Jump to search
Tags: Mobile web edit, Mobile edit
 
(35 intermediate revisions by the same user not shown)
Line 1: Line 1:
Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses [[/syslog/]], [[/syslog-ng/]] or [[/rsyslog/]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
+
Linux [[logs]] are save usually in <code>/var/log</code> folder. Most linux distribution uses [[syslog]], [[syslog-ng]] or [[Rsyslogd|rsyslog]] software for logging or sending them to remote servers. Analytics and visualisation software such a [[Elasticsearch]] and [[Kibana]] can be used for log inspection.  
  
 
Usage by Distribution:
 
Usage by Distribution:
* Debian/Ubuntu: [[/rsyslog/]]
+
* Debian/Ubuntu: [[rsyslog]]
 
* RHEL/Fedora:  
 
* RHEL/Fedora:  
  
Line 10: Line 10:
  
 
[[SSH]] sessions logging:
 
[[SSH]] sessions logging:
* Debian/Ubuntu: <code>/var/log/auth.log</code>
+
* Debian/Ubuntu: <code>/var/log/[[auth.log]]</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
 
* RHEL/Fedora: <code>/var/log/secure</code>
 +
 +
Ubuntu:
 +
* <code>[[/var/log/]][[kern.log]]</code>
  
 
== Rsyslog ==
 
== Rsyslog ==
Rsyslogd supports queued operations to handle offline outputs.
+
[[Rsyslogd]] supports queued operations to handle offline outputs.
 
Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
 
Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
 +
 +
== Log checkers ==
 +
* <code>[[logcheck]]</code> https://salsa.debian.org/debian/logcheck
 +
* <code>[[logwatch]]</code> https://git.code.sf.net/p/logwatch/git
 +
  
 
=== Rsyslog Configuration ===
 
=== Rsyslog Configuration ===
Line 22: Line 30:
 
* Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code>
 
* Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code>
  
== [[Docker]] ==
+
== [[Container logging]]: [[Docker]] ==
<code>docker logs</code> command show docker logs.
+
* <code>[[docker logs]]</code> command show docker logs.
 
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
 
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
 +
 +
* <code>[[docker-compose logs]]</code>
 +
 +
 +
== Related terms ==
 +
* [[Zabbix agent]]
 +
* [[Cisco logging]]
 +
 +
== Activities ==
 +
* Understand [[container logging]] (part of [[CKAD]] certification)
 +
* Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
 +
* Review linux [[Journalctl logs]] messages
  
 
== See also ==
 
== See also ==
* [[tail]], [[mtail]]
+
* {{grep}}
* [[journald]]: <code>[[Journalctl]]</code>
+
* {{journald}}
* <code>[[logger|logger]]</code> and <code>[[systemd-cat]]</code>
+
* {{logging}}
* [[auditd]]: https://linux.die.net/man/8/auditd
+
* {{audit}}
* [[acct]] package
 
* [[AWS Cloudtrail]]
 
 
* [[Netflow]] for network logging
 
* [[Netflow]] for network logging
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]]
+
* {{MQ}}
 
* [[fluentd]]
 
* [[fluentd]]
* [[logstash]] and [[filebeat]] products from [[Elasticsearch|Elastic]]
+
* {{ELK}}
* <code>[[Logwatch]]</code> perl program
+
* {{stdin}}
 +
* {{show logging}}
  
 
[[Category:Linux]]
 
[[Category:Linux]]
 
[[Category:Computing]]
 
[[Category:Computing]]
 
[[Category:Operating systems]]
 
[[Category:Operating systems]]
 +
[[Category:Logging]]
  
 
{{CC license}}
 
{{CC license}}
 
Original source: https://en.wikiversity.org/wiki/Linux/logging
 
Original source: https://en.wikiversity.org/wiki/Linux/logging

Latest revision as of 06:34, 14 April 2021

Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.

Usage by Distribution:

  • Debian/Ubuntu: rsyslog
  • RHEL/Fedora:

Standard logs:

  • Debian/Ubuntu: /var/log/syslog
  • RHEL/Fedora: /var/log/message

SSH sessions logging:

  • Debian/Ubuntu: /var/log/auth.log
  • RHEL/Fedora: /var/log/secure

Ubuntu:

Rsyslog[edit]

Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html

Log checkers[edit]


Rsyslog Configuration[edit]

Default configuration files by Distribution:

Container logging: Docker[edit]

See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.


Related terms[edit]

Activities[edit]

See also[edit]

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging

Advertising: