redhat system log jurnal - ghdrako/doc_snipets GitHub Wiki

Redhat it introduced its own logging system called systemd-journald.Systemd-journald saves the events and messages in a binary format that cannot be read with a text editor.

• The systemd journal is configured by default to store logs only in a small ring-buffer in /run/log/journal, which is not persistent.
• Journal database logs do not survive a system reboot.

journalctl –help
journalctl
journalctl -n
journalctl -n {number}
journalctl -n 20          # view the last 20 entries
journalctl -f             # output new journal entries as they are written to the journal
journalctl -k             # display the kernel message log from the last boot
journalctl -p crit        # view journal entries based on their critical priority
journalctl -p err         # show message with priority error
journalctl --since today  # view journal entries for today
journalctl -u sshd        # view journal entries related to the sshd daemon
# The same applies to other services running under systemd that can be stopped and started with systemctl.
journalctl -u httpd –since "1 hour ago" #  check for messages related to the httpd service for the past hour
journalctl --since="2017-01-01 00:00:00" --until="2017-02-01 00:00:00"

Konfiguracja

/etc/systemd/journald.conf

Ustawienie zapisu na dysk

Storage=persistent

sudo systemctl restart systemd-journald

Polecenie zobaczy ze jest w konfiguracji persistent i utworzy katalog w /var/log/journal z wlasciwymi uprawnieniami. W tym katalogu beda zapisywane logi w postaci plikow binarnych.