Difference between revisions of "Logs (Linux)"
(Created page with "Linux logs are save usually in <code>/var/log</code> folder. Most linux distribution uses /syslog/, /syslog-ng/ or /rsyslog/ software for logging or sending them t...") |
|||
Line 19: | Line 19: | ||
=== Rsyslog Configuration === | === Rsyslog Configuration === | ||
Default configuration files by Distribution: | Default configuration files by Distribution: | ||
− | * Debian: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf | + | * [[Debian]]: <code>/etc/rsyslog.conf</code> man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf |
− | * Ubuntu: <code>/etc/rsyslog.d/50-default.conf</code> | + | * [[Ubuntu]]: <code>/etc/rsyslog.d/50-default.conf</code> |
== [[Docker]] == | == [[Docker]] == |
Revision as of 06:28, 19 December 2019
Linux logs are save usually in /var/log
folder. Most linux distribution uses /syslog/, /syslog-ng/ or /rsyslog/ software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: /rsyslog/
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Rsyslog
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Rsyslog Configuration
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Docker
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
See also
- tail, mtail
- journald, Journalctl
logger
andsystemd-cat
- auditd: https://linux.die.net/man/8/auditd
- acct package
- AWS Cloudtrail
- Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- logstash and filebeat products from Elastic
- Logwatch
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Linux/logging
Advertising: