All logs and events on a *nix host
The log files and events collected from a Linux host provide valuable information that can be used during an investigation to facilitate answering questions about the hosts behavior, state, health, or performance. You want to be able to see all logs and event on a particular host.
Data required
Procedure
Run the following search. You can optimize it by specifying an index and adjusting the time range.
host="<name of host to check>" source="<name of source to check>" <optional keywords>
Search explanation
The table provides an explanation of what each part of this search achieves. You can adjust this query based on the specifics of your environment.
Splunk Search | Explanation |
---|---|
host="<name of host to check>" source="<name of source to check>" |
Enter the name of the host and source you want to examine. You can also search source=* to search all logs on the host. |
<optional keywords> |
Use keywords to narrow the search results if you are searching for specific, known events or logs. For instance adding start* service to the search might help uncover instances where a service was started on the host. |
Next steps
Use the results to facilitate answering questions about the host's behavior, state, health, or performance.
Additionally, you might be interested in other processes associated with the Maintaining *nix systems use case.