Supported Logs

The Frabs agent automatically detects which log sources exist on your server and collects from them. If a source doesn't exist (e.g. Docker is not installed), it is skipped silently.

Source	Paths / Commands	Notes
systemd journal	journalctl	All systemd unit logs
SSH / Auth	/var/log/auth.log	Logins, sudo, failures
Syslog	/var/log/syslog	General system messages
Kernel	/var/log/kern.log	Kernel messages
Nginx	/var/log/nginx/access.log /var/log/nginx/error.log	Access and error logs
Apache	/var/log/apache2/access.log /var/log/apache2/error.log	Access and error logs
PHP-FPM	/var/log/php*-fpm.log	FPM error logs
MySQL	/var/log/mysql/error.log /var/log/mysql/mysql.log	Errors and general log
MariaDB	/var/log/mysql/mariadb.log	MariaDB logs
Docker	docker logs (all containers)	Container stdout/stderr
UFW / Firewall	/var/log/ufw.log	Firewall events
apt	/var/log/apt/history.log	Package install history
dpkg	/var/log/dpkg.log	Package management log
Cron	/var/log/syslog (cron entries)	Cron job execution
Frabs Agent	/var/log/frabs-agent/agent.log	Agent self-log

Secret Redaction

The agent scans log lines for common secret patterns before uploading. Detected secrets are replaced with [REDACTED].

password=passwd=secret=token=api_key=apikey=authorization:bearerprivate keyAWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYSTRIPE_SECRET_KEYDATABASE_URL