27 lines
1.7 KiB
Markdown
27 lines
1.7 KiB
Markdown
# log-search
|
|
This is a bash utility for getting & parsing logs from both local & remote sources.
|
|
|
|
## What makes this utility useful?
|
|
### Filters
|
|
This utility comes with a few log filters baked in, allowing for specific types of logs to be returned (aka logs from specific messages & services). Making for log gathering for troubleshooting to be much easier for support personel in large organizations and allow for ample information to be gathered before escalating to T2 or T3.
|
|
|
|
## Nodes (Local & Remote)
|
|
On nodes themselves the utility allows you to grab logs from two different sources:
|
|
- Journal
|
|
- Messages file
|
|
|
|
### Journal
|
|
Using the journal source you have the ability to specify which units/services you want to look for an are able to specify time constraints "last X hours/minutes". Allows you to more accurately grab logs for a specific timeframe.
|
|
|
|
### Messages (not-implemented)
|
|
Depending on your setup (if you're using syslog or not) you may have logs output to a messages file `/var/log/messages` alongside to the journal on your device. This will usually keep logs for much longer as these files are also usually rotated as well meaning that logs will persist for longer than in the journal.
|
|
|
|
This by default takes more manual work to filter by time, service name & etc, but allows for more logs to search through long-term.
|
|
|
|
### Syslog Queue (not-implemented)
|
|
If using rsyslog to forward logs to a logserver, the service will queue up logs in `/var/spool/rsyslog/` which can also be searched if present
|
|
|
|
## Syslog Server
|
|
Syslog servers aggregate logs from multiple clients in `/var/log/hosts/<hostname>/<year>/<month-num>/<day>/messages` which can be searched for older logs
|
|
|