Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
linux_wiki:locate_and_interpret_system_log_files_and_journals [2016/03/01 22:32] billdozor [Locate And Interpret System Log Files And Journals] |
linux_wiki:locate_and_interpret_system_log_files_and_journals [2019/05/25 23:50] (current) |
||
---|---|---|---|
Line 8: | Line 8: | ||
===== Locate and interpret system log files and journals ===== | ===== Locate and interpret system log files and journals ===== | ||
+ | |||
+ | ==== Traditional Log Files ==== | ||
Log file directory: /var/log/ | Log file directory: /var/log/ | ||
+ | \\ | ||
Common Log Files | Common Log Files | ||
^ Log File ^ Description ^ | ^ Log File ^ Description ^ | ||
Line 24: | Line 27: | ||
| / | | / | ||
+ | \\ | ||
Common tools often used to view log files: | Common tools often used to view log files: | ||
* less | * less | ||
Line 31: | Line 35: | ||
* zcat (for gzipped log files) | * zcat (for gzipped log files) | ||
* grep | * grep | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== Boot Process ==== | ||
+ | |||
+ | Show bootup process summary | ||
+ | <code bash> | ||
+ | systemd-analyze | ||
+ | </ | ||
+ | |||
+ | \\ | ||
+ | Details of time each process took during boot | ||
+ | <code bash> | ||
+ | systemd-analyze blame | ||
+ | </ | ||
+ | |||
+ | ---- | ||
+ | |||
+ | ==== The Journal ==== | ||
New Systemd Logging | New Systemd Logging | ||
Line 36: | Line 59: | ||
* journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/ | * journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/ | ||
+ | \\ | ||
Show last 10 lines of log files | Show last 10 lines of log files | ||
<code bash> | <code bash> | ||
Line 42: | Line 66: | ||
* -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10) | * -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10) | ||
+ | \\ | ||
Show last 10 lines with further explanation | Show last 10 lines with further explanation | ||
<code bash> | <code bash> | ||
Line 48: | Line 73: | ||
* -x => augment log lines with additional explanation lines | * -x => augment log lines with additional explanation lines | ||
+ | \\ | ||
Show most recent messages and continue to follow log file | Show most recent messages and continue to follow log file | ||
<code bash> | <code bash> | ||
Line 54: | Line 80: | ||
* equivalent to "tail -f < | * equivalent to "tail -f < | ||
+ | \\ | ||
Show all logs with a priority of " | Show all logs with a priority of " | ||
<code bash> | <code bash> | ||
Line 59: | Line 86: | ||
</ | </ | ||
+ | \\ | ||
Show all logs since yesterday | Show all logs since yesterday | ||
<code bash> | <code bash> | ||
journalctl --since=yesterday | journalctl --since=yesterday | ||
- | </ | ||
- | |||
- | Show bootup process summary | ||
- | <code bash> | ||
- | systemd-analyze | ||
- | </ | ||
- | |||
- | Details of time each process took during boot | ||
- | <code bash> | ||
- | systemd-analyze blame | ||
</ | </ | ||
Line 80: | Line 98: | ||
On CentOS 7, by default, journald writes to / | On CentOS 7, by default, journald writes to / | ||
+ | \\ | ||
To make the journal persistent: | To make the journal persistent: | ||
- | * Create a journal directory in /var/log | + | * Create a journal directory in / |
- | * <code bash> | + | |
* Make systemd-journal the group owner and set GID permissions | * Make systemd-journal the group owner and set GID permissions | ||
* Option 1:<code bash> | * Option 1:<code bash> | ||
* Option 2:<code bash> | * Option 2:<code bash> | ||
chmod 2750 / | chmod 2750 / | ||
- | | + | |
- | * <code bash> | + | |
+ | | ||
---- | ---- | ||