Added more to README
This commit is contained in:
parent
4e4e9b6e6b
commit
10f38a133c
15
README.md
15
README.md
@ -11,9 +11,16 @@ On nodes themselves the utility allows you to grab logs from two different sourc
|
|||||||
- Messages file
|
- Messages file
|
||||||
|
|
||||||
### Journal
|
### Journal
|
||||||
On nodes themselves the utility can grab logs from both the journal & messages files.
|
Using the journal source you have the ability to specify which units/services you want to look for an are able to specify time constraints "last X hours/minutes". Allows you to more accurately grab logs for a specific timeframe.
|
||||||
|
|
||||||
### Syslog Server
|
### Messages (not-implemented)
|
||||||
#### Syslog Node Logs
|
Depending on your setup (if you're using syslog or not) you may have logs output to a messages file `/var/log/messages` alongside to the journal on your device. This will usually keep logs for much longer as these files are also usually rotated as well meaning that logs will persist for longer than in the journal.
|
||||||
If you use a syslog server you can also remotely query logs from the log directories.
|
|
||||||
|
This by default takes more manual work to filter by time, service name & etc, but allows for more logs to search through long-term.
|
||||||
|
|
||||||
|
### Syslog Queue (not-implemented)
|
||||||
|
If using rsyslog to forward logs to a logserver, the service will queue up logs in `/var/spool/rsyslog/` which can also be searched if present
|
||||||
|
|
||||||
|
## Syslog Server
|
||||||
|
Syslog servers aggregate logs from multiple clients in `/var/log/hosts/<hostname>/<year>/<month-num>/<day>/messages` which can be searched for older logs
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user