tristan/bash-logsearch-tool
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added more to README

Browse Source
This commit is contained in:
Tristan Ancelet 2024-05-18 13:47:50 -05:00
parent 4e4e9b6e6b
commit 10f38a133c
1 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
README.md
View File

@ -11,9 +11,16 @@ On nodes themselves the utility allows you to grab logs from two different sourc
- Messages file - Messages file
### Journal ### Journal
On nodes themselves the utility can grab logs from both the journal & messages files. Using the journal source you have the ability to specify which units/services you want to look for an are able to specify time constraints "last X hours/minutes". Allows you to more accurately grab logs for a specific timeframe.
### Syslog Server ### Messages (not-implemented)
#### Syslog Node Logs Depending on your setup (if you're using syslog or not) you may have logs output to a messages file `/var/log/messages` alongside to the journal on your device. This will usually keep logs for much longer as these files are also usually rotated as well meaning that logs will persist for longer than in the journal.
If you use a syslog server you can also remotely query logs from the log directories.
This by default takes more manual work to filter by time, service name & etc, but allows for more logs to search through long-term.
### Syslog Queue (not-implemented)
If using rsyslog to forward logs to a logserver, the service will queue up logs in `/var/spool/rsyslog/` which can also be searched if present
## Syslog Server
Syslog servers aggregate logs from multiple clients in `/var/log/hosts/<hostname>/<year>/<month-num>/<day>/messages` which can be searched for older logs