Infrastructure logs information

= Infrastructure logs information =

This contains an overview of what logs are collected from various processes.

This will be used to determine adjustments to what is logged.

Logs are aggregated and stored at log01 and log02 machines. Current retention has logs kept forever. (Central logging was setup in June of 2008)

system logs
Many machines log standard unix logs to a central host, including:

System logs/unlikely to have end user data:

/var/log/messages

/var/log/cron

/var/log/kernel.log

Ssh login information time/date for sysadmins:

/var/log/secure

Mail to/from logs. Will in some cases contain end user addresses. Does not contain contents of emails, only to/from/msgid:

/var/log/maillog

Databases
mysql transaction logs. Which would include the raw query's and inserts for applications.

postgresql transaction logs. Raw query and inserts for applications.

These may contain usernames and content as well as timestamps.

TODO: more accurately describe this.

Web server logs
Web server logs are also aggregated in the central logging server. They are stored in the default apache access log format and used for awstats and other stat processing.

TODO: note which applications log to httpd logs.

Consumers of Logs
The Statistics Page uses a number of logs for it's information.

Awstats operates on (some) of the webserver logs.