Linux logs are essential for troubleshooting and monitoring system activity. There are various ways to collect logs, including:
System Log Files: Most Linux distributions store logs in the /var/log directory and its subdirectories.
Rsyslog: A popular syslog daemon that collects logs from various sources, including kernel messages, system services, and applications.
Systemd Journal: A modern logging system introduced by systemd, which collects logs from various sources, including kernel messages, system services, and applications.
NXLog: A log collection and processing agent that can collect logs from various sources, including system log files, Rsyslog, and systemd journal.
Access the log directory:
cd /var/log
List log files:
ls
View log files:
less /var/log/messages (or any other log file)
or use tail for continuous watching:
tail -f /var/log/messages
If you want to see last 100 lines and continuous watching:
tail -f -n 100 /var/log/messages
Tip: Rotate log files: Use logrotate to rotate and compress log files.
Configure Rsyslog: Edit /etc/rsyslog.conf to specify log sources and destinations.
Restart Rsyslog: systemctl restart rsyslog (on systemd-based systems) or service rsyslog restart (on older systems).
Forward logs: Rsyslog can forward logs to a remote server or a log collector agent like NXLog.
Configure systemd journal: Edit /etc/systemd/journald.conf to specify log output formats and destinations.
Restart systemd journal: systemctl restart systemd-journald (on systemd-based systems).
Access journal logs: Use journalctl command-line tool to view and filter journal logs.
Install NXLog: Install NXLog on your Linux system.
Configure NXLog: Edit /etc/nxlog.conf to specify log sources and destinations.
Restart NXLog: service nxlog restart (on systemd-based systems) or init 6 (on older systems).
Forward logs: NXLog can forward logs to a remote server, a log aggregator, or a SIEM system.
Centralize log collection: Use a log collector agent like NXLog or a SIEM system to centralize log collection and processing.
Configure log rotation: Use logrotate or a similar tool to rotate and compress log files regularly.
Monitor log files: Regularly review log files to detect and troubleshoot issues.
Secure log transmission: Use secure protocols (e.g., TLS) to transmit logs between systems.
Remember to consult your Linux distribution’s documentation and NXLog’s documentation for specific configuration and installation instructions.