Linux Logging
Linux logs are save usually in /var/log
folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Ubuntu:
/var/log/kern.log
Rsyslog
Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Log checkers
Rsyslog Configuration
Default configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
Container logging: Docker
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
Activities
- Understand container logging (part of CKAD certification)
- Read "The Twelve-Factor App": XI.: Logs https://12factor.net/logs
- Review linux Journalctl logs messages
See also
ack, ag, grep
,egrep, fgrep
,agrep
,ngrep
,pgrep
,awk
,sed
,strings
,tr
,tail
,mtail
,git grep
,wc
,uniq
,LogQL
,findstr (Windows)
,rg, git-grep, cut
- journald:
journalctl
journald.conf
,journalctl --help
,/dev/console
- Linux logging, Cisco IOS logging
- Audit:
acct
,atop
,tripwire
,AIDE
,auditd
,debsums
, AWS Cloudtrail,logwatch
,logcheck
, Google Santa, Coguard - Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- Elastic: ELK,
Elasticsearch
,Logstash
,Kibana
, Installation, AWS Elasticsearch, Elastic SIEM, Elastic Beats,metricbeat
,filebeat
,journalbeat
, Elastisearch Service , Search guard, Elasticsearch logs, curator, ILM, Lumberjack protocol,aws_elasticsearch_domain
, KQL,elasticsearch.yml, elasticsearch-plugin, elasticsearch-certutil
, Elasticsearch release notes/changelog - Standard streams:
/dev/stdin
,/dev/stdout
,/dev/stderr
,/dev/null
, File descriptor,set -x, 2>&1, stdbuf
- Cisco IOS:
show logging
,show archive
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Original source: https://en.wikiversity.org/wiki/Linux/logging
Advertising: