Difference between revisions of "Logs (Linux)"
Jump to navigation
Jump to search
(→Docker) |
|||
| (13 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
Usage by Distribution: | Usage by Distribution: | ||
| − | * Debian/Ubuntu: [[rsyslog]] | + | * [[Debian]]/Ubuntu: [[rsyslog]] |
* RHEL/Fedora: | * RHEL/Fedora: | ||
Standard logs: | Standard logs: | ||
| − | * Debian/Ubuntu: <code>/var/log/syslog</code> | + | * Debian/Ubuntu: <code>/var/log/[[syslog]]</code> |
* RHEL/Fedora: <code>/var/log/message</code> | * RHEL/Fedora: <code>/var/log/message</code> | ||
| Line 12: | Line 12: | ||
* Debian/Ubuntu: <code>/var/log/auth.log</code> | * Debian/Ubuntu: <code>/var/log/auth.log</code> | ||
* RHEL/Fedora: <code>/var/log/secure</code> | * RHEL/Fedora: <code>/var/log/secure</code> | ||
| + | |||
| + | Misc: | ||
| + | * [[SUSE]]: <code>/var/log/warn.log</code> | ||
| + | |||
| + | /var/log/message – Where whole system logs or current activity logs are available. | ||
| + | /var/log/[[auth.log]] – Authentication logs. | ||
| + | /var/log/[[kern.log]] – Kernel logs. | ||
| + | /var/log/cron.log – Crond logs (cron job). | ||
| + | /var/log/maillog – Mail server logs. | ||
| + | /var/log/boot.log – System boot log. | ||
| + | /var/log/mysqld.log – MySQL database server log file. | ||
| + | /var/log/[[secure]] – Authentication log. | ||
| + | /var/log/utmp or /var/log/wtmp : Login records file. | ||
| + | /var/log/yum.log: Yum log files. | ||
| + | |||
== Rsyslog == | == Rsyslog == | ||
| Line 23: | Line 38: | ||
== [[Docker]] == | == [[Docker]] == | ||
| − | <code>docker logs</code> command show docker logs. | + | * <code>[[docker logs]]</code> command show docker logs. |
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs. | ||
| + | * <code>[[docker container logs]]</code> | ||
| + | * <code>[[docker run]] -d --[[log-driver]]=[[journald]] YOUR_CONTAINER</code> | ||
| + | |||
| + | == Related == | ||
| + | * <code>[[journalctl -r]]</code> | ||
== See also == | == See also == | ||
| − | * | + | * {{tail}} |
| − | * | + | * {{journalctl}} |
* <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code> | * <code>[[Linux Administration/System Services/System Logging/logger|logger]]</code> and <code>[[systemd-cat]]</code> | ||
* [[auditd]]: https://linux.die.net/man/8/auditd | * [[auditd]]: https://linux.die.net/man/8/auditd | ||
* [[acct]] package | * [[acct]] package | ||
| − | * | + | * {{monitoring}} |
* [[Netflow]] for network logging | * [[Netflow]] for network logging | ||
* Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]] | * Message Brokers for routing messages: [[NSQ]], [[RabbitMQ]], [[Apache Kafka]], [[AWS Kinesis]] and [[NATS Messaging]] | ||
* [[fluentd]] | * [[fluentd]] | ||
* [[logstash]] and [[filebeat]] products from Elastic | * [[logstash]] and [[filebeat]] products from Elastic | ||
| − | * | + | * {{logging}} |
| + | * {{logs}} | ||
[[Category:Linux]] | [[Category:Linux]] | ||
Latest revision as of 10:33, 21 June 2022
Linux logs are save usually in /var/log folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog - RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log - RHEL/Fedora:
/var/log/secure
Misc:
- SUSE:
/var/log/warn.log
/var/log/message – Where whole system logs or current activity logs are available. /var/log/auth.log – Authentication logs. /var/log/kern.log – Kernel logs. /var/log/cron.log – Crond logs (cron job). /var/log/maillog – Mail server logs. /var/log/boot.log – System boot log. /var/log/mysqld.log – MySQL database server log file. /var/log/secure – Authentication log. /var/log/utmp or /var/log/wtmp : Login records file. /var/log/yum.log: Yum log files.
Rsyslog[edit]
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Rsyslog Configuration[edit]
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.confman rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Docker[edit]
docker logscommand show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
docker container logsdocker run -d --log-driver=journald YOUR_CONTAINER
Related[edit]
See also[edit]
- Files:
tail,mtail,promtail,aws logs tail,ktail, stern, kubectl logs - systemd-journald:
journalctl,/etc/systemd/journald.conf,journalctl logs,journalctl --list-boots,journalctl --disk-usage,journalctl -u kubelet,journalctl -u prometheus,journalctl --help loggerandsystemd-cat- auditd: https://linux.die.net/man/8/auditd
- acct package
- Monitoring: On call, Monitoring software, Monitoring services, Resource monitoring, Metric colletion tools, network monitoring, SLA Management Monitoring Tools, Alarm/Alert, Resource starvation, Alerts and notifications, Monitoring Kubernetes, VictoriaMetrics, Sensu, LogicMonitor, Distributed tracing, Datadog Monitors
- Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- logstash and filebeat products from Elastic
- Linux logging, Cisco IOS logging
- Logs, Log collector, log management, log explorer, Linux logging,
docker logs,minikube logs, Vector, Logstash, Filebeat, promtail, logfmt, Elasticsearch, fluentd, Mezmo (LogDNA), Scalyr, Loggly, Loki,tlog, cockpit, NXLog, Winston, Amazon CloudWatch Logs Insights, Logz.io, Logflare, Coralogix
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Linux/logging
Advertising:
