Where is Container-Optimized OS’s syslog file located? I’m looking for something like /var/log/syslog. One reason I need this is to troubleshoot ssh login failures.
1
votes
2 Answers
6
votes
Where is Container-Optimized OS’s syslog file located?
Container-Optimized OS uses systemd-journald to manage system logs, instead of any other syslog daemon (such as rsyslog).
You can see the documentation for systemd-journald at here: https://wiki.archlinux.org/index.php/Systemd/Journal
And long story short, you can view the logs via running command such as:
sudo journalctl
sudo journalctl -u sshd
One reason I need this is to troubleshoot ssh login failures.
If you have trouble establishing any SSH connection at all, running commands won't be a feasible solution. In that case, GCE serial console logs would be the closest tool: https://cloud.google.com/compute/docs/instances/viewing-serial-port-output
Stackdriver is built into Container OS. cloud.google.com/container-optimized-os/docs/release-notes
Here is the source code for the Stackdriver Logging on COS. You can start it via:
sudo systemctl start stackdriver-logging
2
votes
Where is Container-Optimized OS’s syslog file located?
The logfiles for Container OS are not stored on the container. Instead, the logs are sent to Stackdriver. Containers are designed to be destroyed and recreated. Storing logfiles on the container would mean loosing them.
To view the logs that do exist temporarily, as in the latest logs, you can use the program journalctl to view them.
Here is a link to an article that introduces journalctl and how to use the basic features:
sudo journalctl -efshows logs from sshd, it's exactly what I needed. @JohnHanley, if you want to create an answer to this question, I'll mark it as correct. - Quinn Comendant