Introduction:
A standard logging system based on the Syslog protocol is built into Red Hat Enterprise Linux. Many programs use this system to record events and organize them into log files. In Red Hat Enterprise Linux 7, syslog messages are handled by two services, systemd-journald and rsyslog.
The systemd-journald daemon provides an improved log management service that collects messages from the kernel, the early stages of the boot process, standard output and error of daemons as they start up and run , and syslog. It writes these messages to a structured journal of events that, by default, does not persist between reboots. This allows syslog messages and events which are missed by syslog to be called in one central database. The syslog messages are also forwarded by system-journald to rsyslog for further processing.
| To search journald service [root@asim ~]# yum search journal |
| To check the status of system-journald [root@asim ~]# systemctl status systemd-journald |
| Show full details of system journal [root@asim ~]# journalctl |
| Show last 10 log entries [root@asim ~]# journalctl -n |
| Show last 5 log entries [root@asim ~]# journalctl –n 5 |
| To check the last 10 lines of journal and to check new entries as well [root@asim ~]# journalctl -f |
| To check the log entry of Priority error [root@asim ~]# journalctl –p err |
| Show full details [root@asim ~]# journalctl -b |
| To check the today’s recorded entries [root@asim ~]# journalctl –since today |
| To check previous days recorded entries [root@asim ~]# journalctl –since yesterday –until 9:30:00 |
| To check with PID [root@asim ~]# journalctl _PID=1 |
| To check with UID [root@asim ~]# journalctl _UID=0 |
| To check the SSH service [root@asim ~]# journalctl _SYSTEMD_UNIT=sshd |
| To check the Network Manager service [root@asim ~]# journalctl _SYSTEMD_UNIT=NetworkManager |
| To see the configuration file [root@asim ~]# cat /etc/systemd/journald.conf |
Store the system journal permanently:
By default, the systemd journal is kept in /run/log/journal, which means it is cleared when the system reboots.
If the directory /var/log/journal exists, the journal will log to that directory instead. The advantage of this is the historic data will be available immediately at boot.
However, even with a persistent journal, not all data will be kept forever. The journal has a built-in log rotation mechanism that will trigger monthly.
By default, the journal will not be allowed to get larger than 10% of the file system it is on, or leave less than 15% of the file system free. These values can be tuned in /etc/systemd/journald.conf
| [root@asim ~]#mkdir /var/log/journal [root@asim ~]#chown root:systemd-journal /var/log/journal [root@asim ~]#chmod 2755 /var/log/journal [root@asim ~]#killall -USR1 systemd-journald |
set local clocks and time zone:
The NTP (Network Time Protocol) is a standard way for machines to provide and obtain correct time information on the internet. A machine may get accurate time information from public NTP services on the internet such as the NTP pool Porject. A high-quality hardware clock to server accurate time to local clients is another option.
| To check time-related settings [root@asim ~]#timedatectl |
| To check all time zones [root@asim ~]#timedatectl list-timezones |
| To change the current time zone [root@asim ~]#timedatectl set-timezone Asia/Kolkata |
| To change the current date and time [root@asim ~]#timedatectl set-time 9:00:00 |
| Automatically enable or disable time zone [root@asim ~]#timedatectl set-ntp true |
