LinuxQuestions.org - Is there a way to get all of your log files in one report

- Debian (https://www.linuxquestions.org/questions/debian-26/)

- - Is there a way to get all of your log files in one report (https://www.linuxquestions.org/questions/debian-26/is-there-a-way-to-get-all-of-your-log-files-in-one-report-4175721251/)

tmick

01-23-2023 09:09 PM

Is there a way to get all of your log files in one report

Hi All,
I currently use Logwatch but I can't seem to get it to send me errors from Journald or dmesg.
I've tried installing SIEMs but they need to be a dedicated server and since this is just for my one machine; it's not feasible to do that.

What I'm trying to get is any errors, segfaults, failures from everything in /var/log,journalctl, core dumps and Suricata in one place.
Does anyone know of such a program?
This is for a single home user machine. Nothing fancy just my daily driver.
I've tried to install Prometheus and Prelude and both require a dedicated server.
Thanks for any suggestions or tips in advance.

mrmazda

01-24-2023 12:40 AM

What logging are you looking for that the systemd journal doesn't provide?

Quote:

systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sources:

Kernel log messages, via kmsg
Simple system log messages, via the libc syslog(3) call
Structured system log messages via the native Journal API, see sd_journal_print(3) and Native Journal Protocol
Standard output and standard error of service units....
Audit records, originating from the kernel audit subsystem

The daemon will implicitly collect numerous metadata fields for each log messages in a secure and unfakeable way. See systemd.journal-fields(7) for more information about the collected metadata....

https://www.freedesktop.org/software...d.service.html

tmick

01-24-2023 12:28 PM

What journal doesn't provide is an interface to Logwatch. (Maybe I'm missing something or not understanding how to get it to send correctly)
I want to get some type of report that will "auto-magically" list errors/alerts in the system.
So if a program starts to segfault or goes to a zombie process etc. I get an email.
I'm kind of surprised nobody has created something like this already. If I didn't suck at programming I'd create my own.
It would be a "log file aggregator" that alerts if certain "keywords" are found. For example Segfault, fail, failure, error etc.
It would contain the Program, number of times the problem occurs, and the messages thrown.
Example"
Program FOO_BAR segfaulted 3 times
Segfault report follows the above line.

Program Suricata found suspicious activity on interface WiFi1
Martian logged from 10.2.0.5 on WiFi1 192.18.1.126
That sort of thing, make sense??

syg00

01-24-2023 08:20 PM

Quote:

Originally Posted by tmick (Post 6406697)

What journal doesn't provide is an interface to Logwatch. (Maybe I'm missing something or not understanding how to get it to send correctly)

Quite possibly - I see a few references to a *journalctl keyword, but no obvious doco online. Maybe in the files shipped with the product.

Not a user of logwatch.

Jan K.

01-26-2023 06:43 AM

Searched for a logfile handler long time ago, lost interest in logs :D but just had a search...

Nice collection here https://www.ubuntupit.com/best-linux...agement-tools/

I like the look of Graylog. And LogWatch! Nagios?

They should all have what you requested.

tmick

01-27-2023 03:11 PM

Sad thing is I'm currently using Logwatch. Maybe I need to reread the documentation, but I can't figure out how to pull in things like systemd-coredump and Suricata.
I just want to be alerted if something starts to break.
PS Gray log or Nagios looks like options as well.

All times are GMT -5. The time now is 07:35 AM.