Scribd
Upload
2 views5 pages

13.Logging

Uploaded by

Mahmoud M. Abdelraouf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
2 views5 pages

13.Logging

Uploaded by

Mahmoud M. Abdelraouf
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Red Hat Certified

System
Administrator

Logging
“Standard” Logs
Most logs are written to /var/log
in a normal text format. Some boot
information, normal messages, and
most services write their logs in that
directory. What services write where
is partially controlled by the
rsyslog service. Looking at
/etc/rsyslog.conf will show what
services log where, and at what log
priority.
Rotating Logs
The longer a log gets, the more
difficult it is to read or interpret
meaningful information from.
Fortunately there is a service that
will automatically rotate logs based
on configurable settings, so that you
can keep older logs for reference
and always have fresh information
available.
The logrotate service's
configuration file is at:
/etc/logrotate.conf.
systemd and journalctl
In addition to the text-based log files
in /var/log, systemd keeps logs
stored in a binary, searchable
format. By default it is not persistent
across reboots, but that can be
changed.

mkdir /var/log/journal
chgrp systemd-journal
/var/log/journal
chmod 2775 /var/log/journal
systemctl restart \
systemd-journal.service
Why Use the Journal?
Since the journal is binary, it’s
difficult to interact with. So why use
it?
Simply put, it’s powerful.
Rather than searching through every
log file for errors, run:
journalctl –p err

To find errors since yesterday:


journalctl –p err –since \
yesterday

To find all messages associated with


UID 1000:
journalctl _UID=1000

You might also like