Splunk

We use splunk to manage all our logs. It runs on charon, and is fed logs from other machines via syslog-ng. Splunk can be access through a proxy on hermes (go to https://logs.ugcs.caltech.edu). Otherwise, we'd have no control over who had access to the logs since we don't have a version of splunk that does authorization.

Searching
You can search by entering a string to search for in the search bar. You can also set a time range- keep it conservative since searching more time takes longer. You can add the following fields to search for:


 * host=
 * sourcetype= (see below)

Source types
These source types have been defined for UGCS. You can search for a given source type by adding "sourcetype= " to your search query.


 * apache- an alias for apache_access and apache_error
 * apache_error: Apache error logs (.../local1.log)
 * apache_access: Apache access logs (.../local2.log)


 * auth- auth.log and authpriv.log


 * postfix_syslog: anything postfix (mail.log)