Skip to content

Logging

Most logs for the solution are held in persistent/misp/data/tmp/logs, if using Shibboleth, the Service Provider logs are written to persistent/misp/shibb/logs. It is recommended these are ingested into a SIEM and monitored for errors (see the Splunk page for details on forwarding MISP's logs to Splunk).

The logs in persistent/misp/data/tmp/logs/ are:

  • apache_access.log - Apache's access combined log.
  • apache_error.log - Apache's error log.
  • debug.log - MISP's debug level logging - including duplicating content of error.log.
  • error.log - MISP's error log.
  • exec-errors.log - MISP's execution error log, different from the error log above.
  • misp_maintenance_runner.log - Automated Maintenance runner log.
  • misp_maintenance_supervisor-errors.log - stderr from supervisor - typically empty.
  • misp_maintenance_supervisor.log - stdout from supervisor - typically empty.
  • misp-workers-errors.log - MISP Worker's error log.
  • misp-workers.log - MISP Worker's activity log.
  • run_misp_sync_jobs.log - Sync Job logs from Automated Maintenance.
  • set_org_name.log - Logs from the script which sets the organisation's name and UUID, part of Automated Maintenance.