Go to file
2024-05-18 13:49:12 -05:00
.gitignore Added gitignore & readme 2024-05-18 13:28:12 -05:00
log-search Fixed some usage output to group sources to logserver or node 2024-05-18 13:34:18 -05:00
README.md Added more to README 2024-05-18 13:49:12 -05:00

log-search

This is a bash utility for getting & parsing logs from both local & remote sources.

What makes this utility useful?

Filters

This utility comes with a few log filters baked in, allowing for specific types of logs to be returned (aka logs from specific messages & services). Making for log gathering for troubleshooting to be much easier for support personel in large organizations and allow for ample information to be gathered before escalating to T2 or T3.

Nodes (Local & Remote)

On nodes themselves the utility allows you to grab logs from two different sources:

  • Journal
  • Messages file

Journal

Using the journal source you have the ability to specify which units/services you want to look for an are able to specify time constraints "last X hours/minutes". Allows you to more accurately grab logs for a specific timeframe.

Messages (not-implemented)

Depending on your setup (if you're using syslog or not) you may have logs output to a messages file /var/log/messages alongside to the journal on your device. This will usually keep logs for much longer as these files are also usually rotated as well meaning that logs will persist for longer than in the journal.

This by default takes more manual work to filter by time, service name & etc, but allows for more logs to search through long-term.

Syslog Queue (not-implemented)

If using rsyslog to forward logs to a logserver, the service will queue up logs in /var/spool/rsyslog/ which can also be searched if present

Syslog Server

Syslog servers aggregate logs from multiple clients in /var/log/hosts/<hostname>/<year>/<month-num>/<day>/messages which can be searched for older logs