linux_wiki:locate_and_interpret_system_log_files_and_journals

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:locate_and_interpret_system_log_files_and_journals [2018/03/17 15:45]
billdozor [Turn Journal Persistent] 		linux_wiki:locate_and_interpret_system_log_files_and_journals [2019/05/25 23:50]
Line 1: Line 1:
-====== Locate And Interpret System Log Files And Journals ====== 
- 
-**General Information** 
- 
-Systemd introduces the journalctl command which interacts with the journald service. It is a method of viewing all log files at once and is not persistent across reboots by default. (In order to preserve traditional logging) 
- 
----- 
- 
-===== Locate and interpret system log files and journals ===== 
- 
-==== Traditional Log Files ==== 
- 
-Log file directory: /var/log/ 
- 
-\\ 
-Common Log Files 
-^  Log File  ^ Description ^ 
-|  /var/log/audit/audit.log  | SELinux writes here; audit messages | 
-|  /var/log/boot.log  | System startup logs | 
-|  /var/log/cron  | Cron jobs log file | 
-|  /var/log/cups  | Print service CUPS | 
-|  /var/log/dmesg  | Kernel log messages | 
-|  /var/log/httpd/  | Apache web server | 
-|  /var/log/maillog  | Mail related messages | 
-|  /var/log/messages  | Most system messages written here. Generic log file. | 
-|  /var/log/secure  | Authentication related messages | 
-|  /var/log/sssd  | Authentication messages related to sssd service | 
- 
-\\ 
-Common tools often used to view log files: 
-  * less 
-  * tail 
-  * head 
-  * cat 
-  * zcat (for gzipped log files) 
-  * grep 
- 
----- 
- 
-==== Boot Process ==== 
- 
-Show bootup process summary 
-<code bash> 
-systemd-analyze 
-</code> 
- 
-\\ 
-Details of time each process took during boot 
-<code bash> 
-systemd-analyze blame 
-</code> 
- 
----- 
- 
-==== The Journal ==== 
- 
-New Systemd Logging 
-  * journald => systemd's service that collects and stores log data. 
-  * journalctl => query the systemd journal. This provides a single pane of glass to all logs that are typically spread out amongst several different files in /var/log/ 
- 
-\\ 
-Show last 10 lines of log files 
-<code bash> 
-journalctl -n 
-</code> 
-  * -n => shows the most recent events, limiting the number of lines to the argument to -n (argument is optional and defaults to 10) 
- 
-\\ 
-Show last 10 lines with further explanation 
-<code bash> 
-journalctl -xn 
-</code> 
-  * -x => augment log lines with additional explanation lines 
- 
-\\ 
-Show most recent messages and continue to follow log file 
-<code bash> 
-journalctl -f 
-</code> 
-  * equivalent to "tail -f <logfile>" 
- 
-\\ 
-Show all logs with a priority of "info" 
-<code bash> 
-journalctl -p info 
-</code> 
- 
-\\ 
-Show all logs since yesterday 
-<code bash> 
-journalctl --since=yesterday 
-</code> 
- 
----- 
- 
-==== Turn Journal Persistent ==== 
- 
-On CentOS 7, by default, journald writes to /run/log/journal. 
- 
-\\ 
-To make the journal persistent: 
- 
-  * Create a journal directory in /var/log<code bash>mkdir /var/log/journal</code> 
-  * Make systemd-journal the group owner and set GID permissions 
-    * Option 1:<code bash>systemd-tmpfiles --create --prefix /var/log/journal</code> 
-    * Option 2:<code bash>chown :systemd-journal /var/log/journal 
-chmod 2750 /var/log/journal</code> 
-    * **Hint**: Check the /run/log/journal ownership and permissions. Make /var/log/journal the same. 
-  * Restart the journal service<code bash>systemctl restart systemd-journald</code> 
- 
----- 
  
  • linux_wiki/locate_and_interpret_system_log_files_and_journals.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)