linux_wiki:locate_and_interpret_system_log_files_and_journals

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
linux_wiki:locate_and_interpret_system_log_files_and_journals [2016/02/29 21:25]
billdozor created 		linux_wiki:locate_and_interpret_system_log_files_and_journals [2019/05/25 23:50] (current)
Line 3: Line 3:
 **General Information** **General Information**
  
-About this page/how-to/script+Systemd introduces the journalctl command which interacts with the journald serviceIt is a method of viewing all log files at once and is not persistent across reboots by default. (In order to preserve traditional logging)
  
 ---- ----
  
 ===== Locate and interpret system log files and journals ===== ===== Locate and interpret system log files and journals =====
 +
 +==== Traditional Log Files ====
  
 Log file directory: /var/log/ Log file directory: /var/log/
  
 +\\
 Common Log Files Common Log Files
 ^  Log File  ^ Description ^ ^  Log File  ^ Description ^
Line 24: Line 27:
 |  /var/log/sssd  | Authentication messages related to sssd service | |  /var/log/sssd  | Authentication messages related to sssd service |
  
 +\\
 Common tools often used to view log files: Common tools often used to view log files:
   * less   * less
Line 31: Line 35:
   * zcat (for gzipped log files)   * zcat (for gzipped log files)
   * grep   * grep
 +
 +----
 +
 +==== Boot Process ====
 +
 +Show bootup process summary
 +<code bash>
 +systemd-analyze
 +</code>
 +
 +\\
 +Details of time each process took during boot
 +<code bash>
 +systemd-analyze blame
 +</code>
 +
 +----
 +
 +==== The Journal ====
  
 New Systemd Logging New Systemd Logging
Line 36: Line 59:
   * journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/   * journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/
  
 +\\
 Show last 10 lines of log files Show last 10 lines of log files
 <code bash> <code bash>
Line 42: Line 66:
   * -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10)   * -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10)
  
 +\\
 Show last 10 lines with further explanation Show last 10 lines with further explanation
 <code bash> <code bash>
Line 48: Line 73:
   * -x => augment log lines with additional explanation lines   * -x => augment log lines with additional explanation lines
  
 +\\
 Show most recent messages and continue to follow log file Show most recent messages and continue to follow log file
 <code bash> <code bash>
Line 54: Line 80:
   * equivalent to "tail -f <logfile>"   * equivalent to "tail -f <logfile>"
  
 +\\
 Show all logs with a priority of "info" Show all logs with a priority of "info"
 <code bash> <code bash>
Line 59: Line 86:
 </code> </code>
  
 +\\
 Show all logs since yesterday Show all logs since yesterday
 <code bash> <code bash>
 journalctl --since=yesterday journalctl --since=yesterday
-</code> 
- 
-Show bootup process summary 
-<code bash> 
-systemd-analyze 
-</code> 
- 
-Details of time each process took during boot 
-<code bash> 
-systemd-analyze blame 
 </code> </code>
  
Line 80: Line 98:
 On CentOS 7, by default, journald writes to /run/log/journal. On CentOS 7, by default, journald writes to /run/log/journal.
  
 +\\
 To make the journal persistent: To make the journal persistent:
  
-  * Create a journal directory in /var/log +  * Create a journal directory in /var/log<code bash>mkdir /var/log/journal</code>
-    * <code bash>mkdir /var/log/journal</code>+
   * Make systemd-journal the group owner and set GID permissions   * Make systemd-journal the group owner and set GID permissions
     * Option 1:<code bash>systemd-tmpfiles --create --prefix /var/log/journal</code>     * Option 1:<code bash>systemd-tmpfiles --create --prefix /var/log/journal</code>
     * Option 2:<code bash>chown :systemd-journal /var/log/journal     * Option 2:<code bash>chown :systemd-journal /var/log/journal
 chmod 2750 /var/log/journal</code> chmod 2750 /var/log/journal</code>
-  Restart the journal service +    **Hint**: Check the /run/log/journal directory ownership and permissions. Make /var/log/journal the same. 
-    * <code bash>systemctl restart systemd-journald</code>+ 
 +  Restart the journal service<code bash>systemctl restart systemd-journald</code>
  
 ---- ----
  
  • linux_wiki/locate_and_interpret_system_log_files_and_journals.1456799158.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)