Redis activity log

Question

We have a redis database running on our server, but for some reason, I cannot see any keys in our database. I'm just wondering if redis stores an activity log, where I can trace if and when the keys were deleted?

I have the usual log file for redis, at /var/log/redis.log but that doesn't have the information I am looking for.

Answer 1

The INFO command can be used to glean some forensic info when used with the all or cmdstats switch - you'll be able to see counts of all commands including offensive ones.

Keep in mind that this could be the result of an unauthorized intrusion and that your server may have been compromised.

Answer 2

I think there is no straight forward way to log everything but here is a hack.

$ redis-cli monitor  >> ~/my_redis_commands.log 2>&1

Here >> tells OS that the output stream has been changed from monitor to a file and 2>&1 tells to redirect STDERR to STDOUT.

n>&m Merge output from stream n with stream m.

Note that file descriptor 0 is normally standard input (STDIN), 1 is standard output (STDOUT), and 2 is standard error output (STDERR).

---

Go and see the content of file in some SSH session for debugging.

$ tail -f ~/my_redis_commands.log

or you can use grep to find "DEL" instead. You can see the list of commands supported by Redis and try grep queries like SET, GET, etc.

$ grep '"DEL"' ~/my_redis_commands.log

---

Cons of this idea are:

• You need to run a separate process to do this
• It's memory and CPU consuming
  • single MONITOR client can reduce the throughput by more than 50%. Running more MONITOR clients will reduce throughput even more.
• For security concerns, certain special administration commands like CONFIG are not logged into the MONITOR output

See this for more info https://redis.io/commands/monitor