System Logs Management

Vapor provides comprehensive log management capabilities for viewing, searching, and analyzing system logs through systemd journal integration.

Prerequisites

• Systemd-based Linux distribution
• Journal service running
• Appropriate permissions to read system logs

Navigating to Logs

1. From the main menu, click on Logs
2. The logs viewer opens with real-time log streaming

Log Viewer Interface

Main Components

The log viewer consists of:

• Filter Bar: Search and filter options
• Log Stream: Real-time or historical logs
• Details Panel: Expanded log entry information
• Timeline: Visual log density over time

Log Entry Display

Each log entry shows:

• Timestamp: When the event occurred
• Priority: Log level (Emergency to Debug)
• Unit/Service: Source of the log
• Message: The actual log content
• Host: System that generated the log

Priority Levels

Logs are color-coded by priority:

• 🔴 Emergency (0): System is unusable
• 🔴 Alert (1): Action must be taken immediately
• 🔴 Critical (2): Critical conditions
• 🟠 Error (3): Error conditions
• 🟡 Warning (4): Warning conditions
• 🔵 Notice (5): Normal but significant
• ⚪ Info (6): Informational messages
• ⚫ Debug (7): Debug-level messages

Searching and Filtering

Quick Search

Use the search bar for text-based searching:

• Searches across all log fields
• Case-insensitive by default
• Supports regex patterns with /pattern/

Advanced Filters

Click Filters to access advanced options:

Time Range

• Live: Real-time streaming
• Last Hour: Past 60 minutes
• Today: Since midnight
• Yesterday: Previous day
• Last Week: Past 7 days
• Custom Range: Specific date/time range

Priority Filter

• Select minimum priority level
• Show only specific priorities
• Exclude debug/info messages

Unit/Service Filter

• Filter by systemd unit
• Select multiple services
• Include/exclude kernel messages
• Filter by specific processes

Field Filters

• SYSLOG_IDENTIFIER: Program name
• _PID: Process ID
• _UID: User ID
• _GID: Group ID
• _HOSTNAME: Source hostname
• _TRANSPORT: Log transport method

Filter Syntax

Use field-specific filters:

_SYSTEMD_UNIT=nginx.service
PRIORITY=3
_PID=1234
MESSAGE~"error.*timeout"

Saved Filters

Save commonly used filter combinations:

1. Configure desired filters
2. Click Save Filter
3. Name the filter set
4. Access from Saved Filters dropdown

Real-time Monitoring

Live Streaming

Enable real-time log streaming:

1. Click Live toggle
2. Logs update automatically
3. New entries highlighted
4. Auto-scroll to latest

Follow Mode

Follow specific services:

1. Select service in filter
2. Enable Follow mode
3. Only new entries from that service shown

Pause and Resume

• Click Pause to stop streaming
• Review logs without new entries
• Click Resume to continue

Log Analysis

Log Statistics

View log statistics:

• Total Entries: Count in time range
• Error Rate: Errors per minute
• Top Services: Most active units
• Priority Distribution: Log level breakdown

Timeline View

Visual representation of log activity:

• Density graph over time
• Click to jump to time period
• Zoom in/out for detail
• Highlight error spikes

Pattern Detection

Automatic pattern recognition:

• Repeated error messages
• Unusual activity spikes
• Service restart patterns
• Performance anomalies

Exporting Logs

Export Formats

Export filtered logs in various formats:

• JSON: Structured data
• CSV: Spreadsheet compatible
• Plain Text: Simple text format
• Syslog Format: Traditional format

Export Options

1. Apply desired filters
2. Click Export
3. Choose format
4. Select fields to include
5. Download file

Scheduled Exports

Configure automatic log exports:

1. Click Schedule Export
2. Set frequency (daily, weekly)
3. Configure filters
4. Set destination (email, storage)

Service-Specific Logs

Quick Access

Common service log shortcuts:

• System: Kernel and system messages
• Auth: Authentication and authorization
• Network: Network-related services
• Storage: Disk and filesystem
• Containers: Docker/containerd logs
• Applications: User applications

Service Deep Dive

For detailed service analysis:

1. Click service name
2. Opens dedicated view:
   • Service status
   • Recent logs
   • Error summary
   • Performance metrics

Integration Features

Container Logs

View container logs alongside system logs:

• Docker container output
• Kubernetes pod logs
• Container runtime messages

Application Logs

Include application-specific logs:

• Web server logs
• Database logs
• Custom application output

Remote Logs

Aggregate logs from multiple systems:

• Configure remote syslog
• Central log collection
• Multi-host searching

Alerts and Notifications

Log Alerts

Configure alerts for specific patterns:

1. Click Create Alert
2. Define conditions:
   • Log pattern match
   • Error threshold
   • Service failure
3. Set notification method:
   • Email
   • Webhook
   • Dashboard notification

Alert Examples

Common alert configurations:

• More than 10 errors per minute
• Service restart detected
• Disk space warnings
• Authentication failures
• Critical system errors

Performance Considerations

Large Log Volumes

For systems with high log volume:

• Use specific filters to reduce data
• Limit time ranges
• Disable live streaming when not needed
• Use index for faster searches

Search Optimization

Improve search performance:

• Use specific field filters
• Avoid broad regex patterns
• Leverage time constraints
• Create indexed fields

Troubleshooting Guide

Common Issues

No Logs Displayed

• Check journal service: systemctl status systemd-journald
• Verify permissions: User needs journal group membership
• Check disk space for journal storage
• Ensure time sync is correct

Incomplete Logs

• Journal rotation may have removed old logs
• Check journal size limits
• Verify persistent logging enabled
• Review rate limiting settings

Search Not Working

• Check search syntax
• Verify field names are correct
• Escape special characters
• Try simpler search terms

Performance Issues

• Reduce time range
• Add more specific filters
• Disable live streaming
• Check system resources

Best Practices

Log Management

1. Regular Review: Check logs daily for issues
2. Set Up Alerts: Proactive monitoring
3. Archive Important Logs: Export and store
4. Clean Up: Rotate logs appropriately
5. Document Patterns: Keep notes on common issues

Security Monitoring

1. Auth Logs: Monitor authentication attempts
2. Sudo Usage: Track privilege escalation
3. Network Connections: Watch for unusual activity
4. File Access: Monitor sensitive files
5. Service Changes: Track service starts/stops

Performance Monitoring

1. Error Rates: Track error frequency
2. Response Times: Monitor service latency
3. Resource Usage: Watch for exhaustion
4. Bottlenecks: Identify performance issues
5. Trends: Analyze long-term patterns

Journal Configuration

Storage Settings

Configure journal storage:

# /etc/systemd/journald.conf
[Journal]
Storage=persistent
SystemMaxUse=1G
SystemKeepFree=100M
MaxRetentionSec=1month

Forward to Syslog

Enable syslog forwarding:

ForwardToSyslog=yes
MaxLevelSyslog=debug

Rate Limiting

Control log rate limits:

RateLimitIntervalSec=30s
RateLimitBurst=10000

CLI Integration

Access logs via command line:

# View all logs
journalctl

# Follow specific service
journalctl -u nginx.service -f

# Show errors only
journalctl -p err

# Time range
journalctl --since "2024-01-01" --until "2024-01-02"

# Export as JSON
journalctl -o json > logs.json