Q
Manage Learn to apply best practices and optimize your operations.

What are the options for log management in Linux?

Linux administrators should use syslog and systemd-journald together for smart log analysis. But there are also open source log management tools to consider.

Systemd-journald in systemd service manager has become a common approach to log management in Linux, as well. Because...

systemd-journald is a part of the system, it can capture log messages generated by anything systemd-related, such as remote servers. Systemd-journald doesn't have as many features as rsyslog, however.

For example, systemd - journald is not as flexible regarding log destinations: it can capture logs from remote servers, but it can't log to them. And admins can tell rsyslog to write log messages to a database, but systemd - journald messages are written to an in-memory log in the /run directory. Administrators can only configure persistent systemd - journald logging in the /var/log/journal directory.

How administrators gather information from log files depends on how the logs are configured. Under a standard configuration, every server logs to its own local /var/log directory, and the administrator will have a hard time figuring out what is happening where.

For smart log management in Linux, administrators should configure systemd-journald to forward messages to rsyslog.

For smart log management in Linux, administrators should configure systemd - journald to forward messages to rsyslog . Then, they can configure rsyslog to store messages on a central log server.

Open source alternatives

There are also open source log monitoring systems. Logwatch analyzes log files for a specified time period and works within different parameters to generate a report.

Logcheck scans system logs for specific information an administrator wants filtered out of the log. It was created to alert administrators in real time. Admins can configure logcheck to send reports to their emails.

Admins looking for a complete system with a web-based monitoring option should also consider Graylog2. It enables administrators to collect, index and analyze log data that comes from any source and presents the results in a dashboard where it's easy to see what is happening where.

This was last published in April 2018

Dig Deeper on Linux servers

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Which tools do you use to manage logs in Linux?
Cancel
Consider the Elastic Stack (Elasticsearch, Logstash, Kibana).  Very powerful and well-featured.
Cancel

-ADS BY GOOGLE

SearchWindowsServer

SearchServerVirtualization

SearchCloudComputing

Close