If you have on-prem sensors you may want to view different log files for different types of actions. A few common log file locations and their events are listed below.
You will need to first sudo into root by running the command sudo su
/var/log/agari/container.log /var/log/agari/enforcer.log /var/log/agari/collectord.log
To view files you can use a variety of commands. The most common and their use is below. The Tiny Linux OS is somewhat limited in the commands it can run.
- zcat - to view any .gz files without unzipping
- less - to view .log file with powerful shortcuts
- grep - to search for words in a file with powerful options
You can also string some commands together using the "|" pipe. The below is looking for any message inside all container log files with lines +/- 5 around the message-id. You can edit this for each log file, and for any message ID.
zcat -f /var/log/agari/container.log.* container.log | grep -A 5 -B 5 159128368898.6.4546908038659143240