journald
Newer Linux distributions that use the systemd daemon use the journald daemon for logging
instead of syslogd. The journald daemon maintains a system log called the journal
(located in /var/log/journal/). You view the journal using the
journalctl
command. If you enter this command at the shell prompt with no parameters, the entire journal is
displayed, as shown in Figure 17-19.
One of the neat features of the journald daemon is the fact that you can use it to also view your
system boot messages. To do this, you enter
journalctl –b
at the shell prompt. The messages from the most recent system boot are displayed. In addition,
you can use journalctl to view messages from previous system boots as well. This can be done in two different ways:
• Specifying –b with the command followed by a positive number will look up the messages from the specified system boot starting from the beginning of the journal.
For example, entering
journalctl –b 1
will display messages created during the first boot found at the beginning of the journal.
• Specifying –b with the command followed by a negative number will look up the messages
from the specified system boot starting from the end of the journal.
For example, entering
journalctl –b -2
will display system messages created two boots ago.
The journalctl command can also be used to display only log entries related to a specific
service running on the system. The syntax is
journalctl –u service_name
For example, to view all journal entries related to the SSH daemon running on the system, you would enter
journalctl –u sshd
at the shell prompt. An example is shown in Figure 17-20.
The behavior of the journal daemon is configured using the
/etc/systemd/journald.conf
file.
This file has many parameters you can configure. Some of the more useful ones are listed here:
• MaxFileSec
Specifies the maximum amount of time to store entries in the journal file
before starting a new file.
• MaxRetentionSec
Specifies the maximum amount of time to store journal entries. Any
entries older than the specified time are automatically deleted from the journal file.
• ForwardToSyslog
Configures journald to forward its log messages to the traditional
syslog daemon.
• MaxLevelStore
Controls the maximum log level of messages stored in the journal file. All
messages equal to or less than the log level specified are stored, whereas any messages above
the specified level are dropped. This parameter can be set to one of the following values:
• emerg (0)
• alert (1)
• crit (2)
• err (3)
• warning (4)
• notice (5)
• info (6)
• debug (7)
LX0-104 Exam Objectives (O)
No comments:
Post a Comment