How to access apt-history logs on CN without the kata-collect-siem-logs tool [KATA/KEDRE]
Entry posted by svc_kms in How-to
10 views
Versions
Applicable to versions above 5: 5.0, 5.1, 6.0, 6.0.1, etc.
You can fancy access log-history logs (former apt-history) directly for convenience purposes or if the kata-collect-siem-logs tool is malfunctioning for some reason.
These logs are in gzip, sorted by dates, as files with names in format: /data/volumes/s3proxy/log-history/YYYY-MM-DD-HH-MM-SS, where YYYY-MM-DD-HH-MM-SS is the datetime.
basename -a /data/volumes/s3proxy/log-history/2024*
2024-01-01-13-55-03
2024-01-17-12-00-14
2024-01-17-12-05-14
|
To access these logs, use the respective zless; zgrep; zcat tools. For example:
zcat /data/volumes/s3proxy/log-history/2024-01-17-12-05-14
2024-01-17 12:00:59.924639 info apt-history: New IDS alert: {id: 63, importance: High, hidden: False, rule_id: 51310592, excluded rule: False, src: 18.156.136.240:80, dest: 10.63.100.252:2198, bases_version: 202401170033}
|
Bonus: you can also use these tools to read rotated logs of kataservices in /var/log/kaspersky/services/:
zgrep "FileNotFoundError" /var/log/kaspersky/services/web_backend/web_backend.log.1
|
0 Comments
Recommended Comments
There are no comments to display.
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now