Difference between revisions of "Logs (Linux)"

Linux logs are save usually in /var/log folder. Most linux distribution uses /syslog/, /syslog-ng/ or /rsyslog/ software for logging or sending them to remote servers. Analytics and visualisation software such a Elasticsearch and Kibana can be used for log inspection.

Usage by Distribution:

• Debian/Ubuntu: /rsyslog/
• RHEL/Fedora:

Standard logs:

• Debian/Ubuntu: /var/log/syslog
• RHEL/Fedora: /var/log/message

SSH sessions logging:

• Debian/Ubuntu: /var/log/auth.log
• RHEL/Fedora: /var/log/secure

Rsyslog

Rsyslogd supports queued operations to handle offline outputs. Official documentation: https://www.rsyslog.com/doc/v8-stable/configuration/index.html

Rsyslog Configuration

Default configuration files by Distribution:

• Debian: /etc/rsyslog.conf man rsyslog.conf: https://linux.die.net/man/5/rsyslog.conf
• Ubuntu: /etc/rsyslog.d/50-default.conf

Docker

docker logs command show docker logs. See also https://stackoverflow.com/questions/30969435/where-is-the-docker-daemon-log/30970134#30970134 for further information about docker logs.

See also

• tail, mtail
• journald, Journalctl
• logger and systemd-cat
• auditd: https://linux.die.net/man/8/auditd
• acct package
• AWS Cloudtrail
• Netflow for network logging
• Message Brokers for routing messages: NSQ, RabbitMQ, Apache Kafka, AWS Kinesis and NATS Messaging
• fluentd
• logstash and filebeat products from Elastic
• Logwatch

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: https://en.wikiversity.org/wiki/Linux/logging