systemd log for log management, persistence settings, journal, systemd journal, view log (journalctl)

Posted by AXiSS on Fri, 07 Jan 2022 02:52:04 +0100

System D uniformly manages the startup logs of all units. You can view all relevant logs (kernel log and application log) with only one command of journalctl. The configuration file for logs is / etc / Systemd / journald conf.

Persistent systemd log

CentOS 7 can use SYSTEMd journal as the log Center Library (generating log folders). The SYSTEMd journal daemon provides an improved log management service, which can collect error messages from the kernel, the early stages of the startup process, standard output, system logs, and during the startup and operation of services and daemons.

By default, the logs of systemd are saved in / run/log/journal, and will be cleared after system restart.
By creating a new directory, the log can be automatically recorded in the new directory and stored permanently.
These messages are written to a structured event log and are not retained between restarts by default.

  1. Modify the journal storage mode and configure it as persistent
[root@shuge ~]# sed -i "/^#Storage/cStorage=persistent" /etc/systemd/journald.conf
[root@shuge ~]# cat /etc/systemd/journald.conf 
....
[Journal]
Storage=persistent
....
  1. First process the required directory and related permission settings (optional, the directory will be created automatically after service restart)
[root@shuge ~]# mkdir /var/log/journal
[root@shuge ~]# chown root:systemd-journal /var/log/journal
[root@shuge ~]# chmod 2775 /var/log/journal/
  1. Restart SYSTEMd journal and observe the backup log data!
[root@shuge ~]#  systemctl restart systemd-journald.service
[root@shuge ~]# ll /var/log/journal/
total 0
drwxr-sr-x 2 root systemd-journal 117 Jan  5 16:06 2b17394d61974d95b2f8810a81a2dfcb

View log (journalctl)

System D uniformly manages the startup logs of all units. You can view all relevant logs (kernel log and application log) with only one command of journalctl.

  • View the log in the form of flow, similar to the effect of tail -f
$ journalctl -f
[root@shuge local]#  journalctl -f
-- Logs begin at Mon 2021-01-04 19:16:30 CST. --
...
Jan 07 09:05:16 shuge.cn systemd[1]: Started Network Manager Script Dispatcher Service.
Jan 07 09:05:16 shuge.cn nm-dispatcher[1981]: req:1 'dhcp4-change' [ens32]: new request (2 scripts)
Jan 07 09:05:16 shuge.cn nm-dispatcher[1981]: req:1 'dhcp4-change' [ens32]: start running ordered scripts...

Jan 07 09:07:12 shuge.cn systemd[1]: Starting Cleanup of Temporary Directories...
Jan 07 09:07:13 shuge.cn systemd[1]: Started Cleanup of Temporary Directories.

View kernel log

$ journalctl -k

[root@shuge local]#  journalctl -k
-- Logs begin at Mon 2021-01-04 19:16:30 CST, end at Fri 2022-01-07 09:07:13 CST. --
....
Jan 07 16:51:31 zaishu.cn kernel: BIOS-e820: [mem 0x000000003ff00000-0x000000003fffffff] usable
Jan 07 16:51:31 zaishu.cn kernel: BIOS-e820: [mem 0x00000000f0000000-0x00000000f7ffffff] reserved
Jan 07 16:51:31 zaishu.cn kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec0ffff] reserved
Jan 07 16:51:31 zaishu.cn kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
Jan 07 16:51:31 zaishu.cn kernel: BIOS-e820: [mem 0x00000000fffe0000-0x00000000ffffffff] reserved
Jan 07 16:51:31 zaishu.cn kernel: NX (Execute Disable) protection: active
......

View the specified service log

$ journalctl -u mysql.serivce

[root@shuge local]# journalctl -u mysql.service
-- Logs begin at Mon 2021-01-04 19:16:30 CST, end at Fri 2022-01-07 09:07:13 CST. --
Jan 07 09:03:30 shuge.cn systemd[1]: Starting MySQL Server...
Jan 07 09:03:31 shuge.cn mysqld[1771]: Starting MySQL.[  OK  ]
Jan 07 09:03:31 shuge.cn systemd[1]: Started MySQL Server.

View the specified date log

$ journalctl --since="2021-11-21 12:14:00" -u mysql
$ journalctl --since="2021-11-21 12:14:00" --until="2021-11-21 23:14:00" -u mysql

[root@shuge local]#  journalctl --since="2021-11-21 12:14:00" -u mysql
-- Logs begin at Mon 2021-01-04 19:16:30 CST, end at Fri 2022-01-07 09:07:13 CST. --
Jan 07 09:03:30 shuge.cn systemd[1]: Starting MySQL Server...
Jan 07 09:03:31 shuge.cn mysqld[1771]: Starting MySQL.[  OK  ]
Jan 07 09:03:31 shuge.cn systemd[1]: Started MySQL Server.
[root@shuge local]# journalctl --since="2021-11-21 12:14:00" --until="2021-11-21 23:14:00" -u mysql
-- Logs begin at Mon 2021-01-04 19:16:30 CST, end at Fri 2022-01-07 09:07:13 CST. --

View log at specified level

$ journalctl -p 3 -u mysql.service

  • log level
    The operating system provides 7 levels of logs from 0 (emerg) to 7 (debug). The meaning of 7 levels is:
    0: emerg
    1: alert
    2: crit
    3: err
    4: warning
    5: notice
    6: info
    7: debug
[root@shuge local]# journalctl -p 3 -u mysql.service
-- No entries --

Disk space occupied by viewing logs

$ journalctl --disk-usage

[root@shuge local]#  journalctl --disk-usage
Archived and active journals take up 16.0M on disk.

Set the space occupied by the log

$ journalctl --vacuum-size=500M

[root@shuge local]# journalctl --vacuum-size=500M
Vacuuming done, freed 0B of archived journals on disk.

Set the time to save the log

$ journalctl --vacuum-time=1month

[root@shuge local]#  journalctl --vacuum-time=1month
Deleted archived journal /var/log/journal/2b17394d61974d95b2f8810a81a2dfcb/system@03f61e2080f54516b6dc72d59c364ebd-0000000000000001-0005b81138ce4b57.journal (8.0M).
Vacuuming done, freed 8.0M of archived journals on disk.

Check log file consistency

$ journalctl --verify

[root@shuge local]# journalctl --verify
PASS: /var/log/journal/2b17394d61974d95b2f8810a81a2dfcb/system.journal    

summary

System D uniformly manages the startup logs of all units. You can view all relevant logs (kernel log and application log) with only one command of journalctl. The configuration file for logs is / etc / Systemd / journald conf.

Topics: Linux bash systemd