Is there a way to get all of your log files in one report
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Is there a way to get all of your log files in one report
Hi All,
I currently use Logwatch but I can't seem to get it to send me errors from Journald or dmesg.
I've tried installing SIEMs but they need to be a dedicated server and since this is just for my one machine; it's not feasible to do that.
What I'm trying to get is any errors, segfaults, failures from everything in /var/log,journalctl, core dumps and Suricata in one place.
Does anyone know of such a program?
This is for a single home user machine. Nothing fancy just my daily driver.
I've tried to install Prometheus and Prelude and both require a dedicated server.
Thanks for any suggestions or tips in advance.
What logging are you looking for that the systemd journal doesn't provide?
Quote:
systemd-journald is a system service that collects and stores logging data. It creates and maintains structured, indexed journals based on logging information that is received from a variety of sources:
Kernel log messages, via kmsg
Simple system log messages, via the libc syslog(3) call
Structured system log messages via the native Journal API, see sd_journal_print(3) and Native Journal Protocol
Standard output and standard error of service units....
Audit records, originating from the kernel audit subsystem
The daemon will implicitly collect numerous metadata fields for each log messages in a secure and unfakeable way. See systemd.journal-fields(7) for more information about the collected metadata....
What journal doesn't provide is an interface to Logwatch. (Maybe I'm missing something or not understanding how to get it to send correctly)
I want to get some type of report that will "auto-magically" list errors/alerts in the system.
So if a program starts to segfault or goes to a zombie process etc. I get an email.
I'm kind of surprised nobody has created something like this already. If I didn't suck at programming I'd create my own.
It would be a "log file aggregator" that alerts if certain "keywords" are found. For example Segfault, fail, failure, error etc.
It would contain the Program, number of times the problem occurs, and the messages thrown.
Example"
Program FOO_BAR segfaulted 3 times
Segfault report follows the above line.
Program Suricata found suspicious activity on interface WiFi1
Martian logged from 10.2.0.5 on WiFi1 192.18.1.126
That sort of thing, make sense??
Sad thing is I'm currently using Logwatch. Maybe I need to reread the documentation, but I can't figure out how to pull in things like systemd-coredump and Suricata.
I just want to be alerted if something starts to break.
PS Gray log or Nagios looks like options as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.