Difference between revisions of "Linux System Logs"
Jump to navigation
Jump to search
(Created page with "= SystemV logging mechanics = These are systems that uses init. They log into flat files usually * /var/log/messages * /var/log/syslog The file size is managed by Logrotate....") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 16: | Line 16: | ||
<source lang="bash"> | <source lang="bash"> | ||
man systemd.journal-fields #fields information | man systemd.journal-fields #fields information | ||
# -x add explanatory text from a message catalogue | |||
# -e go to end of the logs/catalogue | |||
systemctl status systemd-journald | systemctl status systemd-journald | ||
journalctl #reads logs | journalctl #reads logs | ||
| Line 23: | Line 26: | ||
journalctl --verify #checks integrity | journalctl --verify #checks integrity | ||
PASS: /run/log/journal/0f141dd26a334ab6be80141b91356675/system.journal | PASS: /run/log/journal/0f141dd26a334ab6be80141b91356675/system.journal | ||
journalctl -p err #filter log levels, eg: crit | journalctl -p err #filter log levels, eg: crit; long --priority= | ||
journalctl -b #show logs since startup | journalctl -b #show logs since startup | ||
journalctl -b -1 #logs from a previous day | journalctl -b -1 #logs from a previous day | ||
| Line 31: | Line 34: | ||
journalctl -u apache2.service --since yesterday --until now #show logs related only to a specific service | journalctl -u apache2.service --since yesterday --until now #show logs related only to a specific service | ||
journalctl $(which cntlm) #show a application log | journalctl $(which cntlm) #show a application log | ||
journalctl -k #kernel log, use -b for previous sessions, -n kernel events only eg. modprob,dpms | journalctl -k (--dmesg)#kernel log, use -b for previous sessions, -n kernel events only eg. modprob,dpms | ||
journalctl -b -p err --no-pager > journal.txt #export logs to flat text file | journalctl -b -p err --no-pager > journal.txt #export logs to flat text file | ||
journalctl -f #continuous logs tailing | journalctl -f #continuous logs tailing | ||
</source> | </source> | ||
Latest revision as of 22:59, 20 November 2019
SystemV logging mechanics
These are systems that uses init. They log into flat files usually
- /var/log/messages
- /var/log/syslog
The file size is managed by Logrotate.
Systemd - logginng
Systemd systems have journald demon running that gather information from kernel and other sources into one binary file(s).
vi /etc/systemd/journald.conf SystemMaxUse #max journal file size, by default 10% of a file system but max 4Gb SystemKeepFree #how much space should be left free, default min free is 15% but min 4Gb Storage #persistent save to storage, volatile saves logs at /run/log/
man systemd.journal-fields #fields information # -x add explanatory text from a message catalogue # -e go to end of the logs/catalogue systemctl status systemd-journald journalctl #reads logs journalctl --vacuum-size=100M #shrink logs to 100M journalctl --vacuum-time=1month #keep last 1month worth logs journalctl --disk-usage journalctl --verify #checks integrity PASS: /run/log/journal/0f141dd26a334ab6be80141b91356675/system.journal journalctl -p err #filter log levels, eg: crit; long --priority= journalctl -b #show logs since startup journalctl -b -1 #logs from a previous day journalctl --list-boots #show boot up occurances journalctl --since "201705-10 12:00" journalctl --since yesterday --until now journalctl -u apache2.service --since yesterday --until now #show logs related only to a specific service journalctl $(which cntlm) #show a application log journalctl -k (--dmesg)#kernel log, use -b for previous sessions, -n kernel events only eg. modprob,dpms journalctl -b -p err --no-pager > journal.txt #export logs to flat text file journalctl -f #continuous logs tailing