Linux administrators should use syslog and systemd-journald together for smart log analysis. But there are also open source log management tools to consider.
Systemd-
journald
in
systemd
service manager has become a common approach to log management in Linux, as well. Because
systemd
-
journald
is a part of the system, it can capture log messages generated by anything
systemd
-related, such as remote servers. Systemd-
journald
doesn't have as many features as
rsyslog
, however.
For example,
systemd
-
journald
is not as flexible regarding log destinations: it can capture logs from remote servers, but it can't log to them. And admins can tell
rsyslog
to write log messages to a database, but
systemd
-
journald
messages are written to an in-memory log in the /run directory. Administrators can only configure persistent
systemd
-
journald
logging in the /var/log/journal directory.
How administrators gather information from log files depends on how the logs are configured. Under a standard configuration, every server logs to its own local /var/log directory, and the administrator will have a hard time figuring out what is happening where.
For smart log management in Linux, administrators should configure systemd-journald to forward messages to rsyslog.
For smart log management in Linux, administrators should configure
systemd
-
journald
to forward messages to
rsyslog
. Then, they can configure
rsyslog
to store messages on a central log server.
Logcheck scans system logs for specific information an administrator wants
filtered
out of the log. It was created to alert administrators in real time. Admins can configure
logcheck
to send reports to their emails.
Admins looking for a complete system with a web-based monitoring option should also consider Graylog2. It enables administrators to collect, index and analyze log data that comes from any source and presents the results in a dashboard where it's easy to see what is happening where.
Dig Deeper on Data center ops, monitoring and management
Containers in the data center can help maximize server capacity, but there are a few things to consider before a Docker or Kubernetes implementation.
Continue Reading
File management is an essential part of working within Linux. Knowing a few basic commands makes it easier to move content and avoid file ...
Continue Reading
Linux has a security framework with multiple layers, which makes it hard to maintain permissions and privileges. User-based profiles and whitelisting...
Continue Reading
