In looking for an app to view logs that doesn’t require a lot of overhead, I stumbled upon Logwatch. After running it through it’s paces, it seems to be pretty capable from docker, fail2ban, to sys logs.
I got to wondering if there are other such log viewers I could try that are in the same genre. Logwatch doesn’t greate pretty graphics and dialed out dashboards, but it’s fairly quick, I can view from a range of dates and times, and a variety of logs.
I checked out GoAcces, but it seemed geared towards web related logs like webpage hits, etc. With other options requiring elastisearch, databases, etc, they just seemed heavy for my application.
Anyone have any suggestions. So far, Logwatch does what it says on the tin, but I’m curious what others have tried or still use.
ETA: Thanks all for the recommends. I’m still going over a couple of them, but lnav seems like what I’m looking for.
Here you go. I commented out what is not necessary. There are some passwords noted that you’ll want to set to your own values. Also, pay attention to the volume mappings… I left my values in there, but you’ll almost certainly need to change those to make sense for your host system. Hopefully this is helpful!
services: mongodb: image: "mongo:6.0" volumes: - "/mnt/user/appdata/mongo-graylog:/data/db" # - "/mnt/user/backup/mongodb:/backup" restart: "on-failure" # logging: # driver: "gelf" # options: # gelf-address: "udp://10.9.8.7:12201" # tag: "mongodb" opensearch: image: "opensearchproject/opensearch:2.13.0" environment: - "OPENSEARCH_JAVA_OPTS=-Xms1g -Xmx1g" - "bootstrap.memory_lock=true" - "discovery.type=single-node" - "action.auto_create_index=false" - "plugins.security.ssl.http.enabled=false" - "plugins.security.disabled=true" - "OPENSEARCH_INITIAL_ADMIN_PASSWORD=[yourpasswordhere]" ulimits: nofile: 64000 memlock: hard: -1 soft: -1 volumes: - "/mnt/user/appdata/opensearch-graylog:/usr/share/opensearch/data" restart: "on-failure" # logging: # driver: "gelf" # options: # gelf-address: "udp://10.9.8.7:12201" # tag: "opensearch" graylog: image: "graylog/graylog:6.2.0" depends_on: opensearch: condition: "service_started" mongodb: condition: "service_started" entrypoint: "/usr/bin/tini -- wait-for-it opensearch:9200 -- /docker-entrypoint.sh" environment: GRAYLOG_TIMEZONE: "America/Los_Angeles" TZ: "America/Los_Angeles" GRAYLOG_ROOT_TIMEZONE: "America/Los_Angeles" GRAYLOG_NODE_ID_FILE: "/usr/share/graylog/data/config/node-id" GRAYLOG_PASSWORD_SECRET: "[anotherpasswordhere]" GRAYLOG_ROOT_PASSWORD_SHA2: "[aSHA2passwordhash]" GRAYLOG_HTTP_BIND_ADDRESS: "0.0.0.0:9000" GRAYLOG_HTTP_EXTERNAL_URI: "http://localhost:9000/" GRAYLOG_ELASTICSEARCH_HOSTS: "http://opensearch:9200/" GRAYLOG_MONGODB_URI: "mongodb://mongodb:27017/graylog" ports: - "5044:5044/tcp" # Beats - "5140:5140/udp" # Syslog - "5140:5140/tcp" # Syslog - "5141:5141/udp" # Syslog - dd-wrt - "5555:5555/tcp" # RAW TCP - "5555:5555/udp" # RAW UDP - "9000:9000/tcp" # Server API - "12201:12201/tcp" # GELF TCP - "12201:12201/udp" # GELF UDP - "10000:10000/tcp" # Custom TCP port - "10000:10000/udp" # Custom UDP port - "13301:13301/tcp" # Forwarder data - "13302:13302/tcp" # Forwarder config volumes: - "/mnt/user/appdata/graylog/data:/usr/share/graylog/data/data" - "/mnt/user/appdata/graylog/journal:/usr/share/graylog/data/journal" - "/mnt/user/appdata/graylog/etc:/etc/graylog" restart: "on-failure" volumes: mongodb_data: os_data: graylog_data: graylog_journal:Dude! Thanks so much. You’re very generous with your time. I guess now I have no choice nor excuse. I’ll run it up the flag pole sometime this weekend,
My pleasure! Getting this stuff together can be a pain, so I’m always trying to pay it forward. Good luck and let me know if you have any questions!