General Information
Systemd introduces the journalctl command which interacts with the journald service. It is a method of viewing all log files at once and is not persistent across reboots by default. (In order to preserve traditional logging)
Log file directory: /var/log/
Common Log Files
Log File | Description |
---|---|
/var/log/audit/audit.log | SELinux writes here; audit messages |
/var/log/boot.log | System startup logs |
/var/log/cron | Cron jobs log file |
/var/log/cups | Print service CUPS |
/var/log/dmesg | Kernel log messages |
/var/log/httpd/ | Apache web server |
/var/log/maillog | Mail related messages |
/var/log/messages | Most system messages written here. Generic log file. |
/var/log/secure | Authentication related messages |
/var/log/sssd | Authentication messages related to sssd service |
Common tools often used to view log files:
Show bootup process summary
systemd-analyze
Details of time each process took during boot
systemd-analyze blame
New Systemd Logging
Show last 10 lines of log files
journalctl -n
Show last 10 lines with further explanation
journalctl -xn
Show most recent messages and continue to follow log file
journalctl -f
Show all logs with a priority of “info”
journalctl -p info
Show all logs since yesterday
journalctl --since=yesterday
On CentOS 7, by default, journald writes to /run/log/journal.
To make the journal persistent:
mkdir /var/log/journal
systemd-tmpfiles --create --prefix /var/log/journal
chown :systemd-journal /var/log/journal chmod 2750 /var/log/journal
systemctl restart systemd-journald