Differences
This shows you the differences between two versions of the page.
linux_wiki:locate_and_interpret_system_log_files_and_journals [2016/03/01 22:36] billdozor [Turn Journal Persistent] |
linux_wiki:locate_and_interpret_system_log_files_and_journals [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Locate And Interpret System Log Files And Journals ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Systemd introduces the journalctl command which interacts with the journald service. It is a method of viewing all log files at once and is not persistent across reboots by default. (In order to preserve traditional logging) | ||
- | |||
- | ---- | ||
- | |||
- | ===== Locate and interpret system log files and journals ===== | ||
- | |||
- | ==== Traditional Log Files ==== | ||
- | |||
- | Log file directory: /var/log/ | ||
- | |||
- | \\ | ||
- | Common Log Files | ||
- | ^ Log File ^ Description ^ | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | | / | ||
- | |||
- | \\ | ||
- | Common tools often used to view log files: | ||
- | * less | ||
- | * tail | ||
- | * head | ||
- | * cat | ||
- | * zcat (for gzipped log files) | ||
- | * grep | ||
- | |||
- | ---- | ||
- | |||
- | ==== Boot Process ==== | ||
- | |||
- | Show bootup process summary | ||
- | <code bash> | ||
- | systemd-analyze | ||
- | </ | ||
- | |||
- | \\ | ||
- | Details of time each process took during boot | ||
- | <code bash> | ||
- | systemd-analyze blame | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ==== The Journal ==== | ||
- | |||
- | New Systemd Logging | ||
- | * journald => systemd' | ||
- | * journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/ | ||
- | |||
- | \\ | ||
- | Show last 10 lines of log files | ||
- | <code bash> | ||
- | journalctl -n | ||
- | </ | ||
- | * -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10) | ||
- | |||
- | \\ | ||
- | Show last 10 lines with further explanation | ||
- | <code bash> | ||
- | journalctl -xn | ||
- | </ | ||
- | * -x => augment log lines with additional explanation lines | ||
- | |||
- | \\ | ||
- | Show most recent messages and continue to follow log file | ||
- | <code bash> | ||
- | journalctl -f | ||
- | </ | ||
- | * equivalent to "tail -f < | ||
- | |||
- | \\ | ||
- | Show all logs with a priority of " | ||
- | <code bash> | ||
- | journalctl -p info | ||
- | </ | ||
- | |||
- | \\ | ||
- | Show all logs since yesterday | ||
- | <code bash> | ||
- | journalctl --since=yesterday | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ==== Turn Journal Persistent ==== | ||
- | |||
- | On CentOS 7, by default, journald writes to / | ||
- | |||
- | \\ | ||
- | To make the journal persistent: | ||
- | |||
- | * Create a journal directory in / | ||
- | * Make systemd-journal the group owner and set GID permissions | ||
- | * Option 1:<code bash> | ||
- | * Option 2:<code bash> | ||
- | chmod 2750 / | ||
- | * Restart the journal service< | ||
- | |||
- | ---- | ||