Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

File

Type

Notes

aide/

Intrusion detection (file integrity)

By default aide is not run and the file in this directory is empty

anaconda.*

System install logs

 

audit/

Linux auditing system

/etc/audit/audit.rules Use auditctl, ausearch, aureport

boot.log

On each reboot

 

btmp

Failed login attempts

Read with utmpdump.

cef.log

Lumeta CEF logging

 

cron

Cron jobs

Records every time a cron job is run

diagnostics/

Diagnostic files

This directory is created when “gather_diagnostics” is run.  These are not normal log files but rather a snapshot of the system state when it was run.


File

Type

Notes

discovery-agent.out

Lumeta discovery agent debug log

 

discovery-filemonitorlog

Lumeta trace ingestion log

 

dmesg

System kernel buffer ring

 

dracut.log

Ramdisk created during system install

 

lumeta_upgrade.log

Lumeta upgrade

Exists only after an upgrade attempt

httpd24/

Apache and mod_sec logs

 

java_install.log

Java installation

Empty

lastlog

Logins

Read with last command

lumeta-queries.log

Lumeta query timing log

 

lumeta-warehouse-queries.log

Lumeta warehouse query timing log

lumeta-webapp.out

Lumeta API log

 

lumeta-warehouse.out

Lumeta Warehouse log

lumeta-webapp-console.log

Lumeta API stdout and stderr logThread dump from running gather diagnostics will go to this file

lumeta-warehouse-console.log

Lumeta warehouse stdout and stderr log

maillog

Email

Only populated if you read the mail cron sends to root

messages

Main Linux log file

Now includes all CLI commands

netboot.log

System install log

 

ntpstats/

NTP logging

Empty

performance-data/

Lumeta performance logging

 

pg_log/

Postgres logs

 

sa/

System activity info

Read with sar command

secure

Security-related logging

Logs runuser, sudo, sshd and pam usage; maybe others


File

Type

Notes

spooler

System spooler

Empty

tallylog

PAM module pam_tally2

For denying access after failed attempts to login. Not used by default.

wtmp

Login info

Read with utmpdump

yum.log

System install

 

...