Difference between revisions of "Linux Logging"
Tags: Mobile web edit, Mobile edit |
Tags: Mobile web edit, Mobile edit |
||
Line 47: | Line 47: | ||
* {{audit}} | * {{audit}} | ||
* [[Netflow]] for network logging | * [[Netflow]] for network logging | ||
− | * | + | * {{MQ}} |
* [[fluentd]] | * [[fluentd]] | ||
* {{ELK}} | * {{ELK}} |
Revision as of 13:15, 12 April 2020
Linux logs are save usually in /var/log
folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Ubuntu:
/var/log/kern.log
Contents
Rsyslog
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Log checkers
Rsyslog Configuration
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Container logging: Docker
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
Activities
- Understand container logging (part of CKAD certification)
- Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
- Review linux Journalctl logs messages
See also
ack, ag, grep
,egrep, fgrep
,agrep
,ngrep
,pgrep
,awk
,sed
,strings
,tr
,tail
,mtail
,git grep
,wc
,uniq
,LogQL
,findstr (Windows)
,rg, git-grep, cut
- journald:
journalctl
journald.conf
,journalctl --help
,/dev/console
- Linux logging, Cisco IOS logging
- Audit:
acct
,atop
,tripwire
,AIDE
,auditd
,debsums
, AWS Cloudtrail,logwatch
,logcheck
, Google Santa, Coguard - Netflow for network logging
- MQ, PubSub, AMQP, NATS, Apache Kafka, IBM MQ, ActiveMQ, Fuse Message Broker, MQTT, NSQ, RabbitMQ, AWS Kinesis and NATS Messaging, ZeroMQ, Message-oriented middleware (MOM), Apache Pulsar, HiveMQ
- fluentd
- Elastic: ELK,
Elasticsearch
,Logstash
,Kibana
, Installation, AWS Elasticsearch, Elastic SIEM, Elastic Beats,metricbeat
,filebeat
,journalbeat
, Elastisearch Service , Search guard, Elasticsearch logs, curator, ILM, Lumberjack protocol,aws_elasticsearch_domain
, KQL,elasticsearch.yml, elasticsearch-plugin, elasticsearch-certutil
, Elasticsearch release notes/changelog - Standard streams:
/dev/stdin
,/dev/stdout
,/dev/stderr
,/dev/null
, File descriptor,set -x, 2>&1, stdbuf
- Cisco IOS:
show logging
,show archive
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging
Advertising: