Linux/logging
< Linux
Linux logs are save usually in /var/log
folder. Most linux distribution uses syslog, syslog-ng or rsyslog software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.
Usage by Distribution:
- Debian/Ubuntu: rsyslog
- RHEL/Fedora:
Standard logs:
- Debian/Ubuntu:
/var/log/syslog
- RHEL/Fedora:
/var/log/message
SSH sessions logging:
- Debian/Ubuntu:
/var/log/auth.log
- RHEL/Fedora:
/var/log/secure
Rsyslog
editRsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html
Rsyslog Configuration
editDefault configuration files by Distribution:
- Debian:
/etc/rsyslog.conf
man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf - Ubuntu:
/etc/rsyslog.d/50-default.conf
docker logs
command show docker logs.
See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.
See also
edit- tail, mtail
- journald, Journalctl
logger
andsystemd-cat
- auditd: https://linux.die.net/man/8/auditd
- acct package
- AWS Cloudtrail
- Netflow for network logging
- Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
- fluentd
- logstash and filebeat products from Elastic
- Logwatch