Linux Log Management Guide

Complete beginner-friendly guide to log management on Linux, covering Arch Linux, CachyOS, and other distributions including systemd journal, journalctl usage, log rotation, log analysis, and log maintenance.

---

Table of Contents

1. systemd Journal
2. journalctl Usage
3. Log Rotation
4. Log Analysis
5. Log Maintenance
6. Troubleshooting

---

systemd Journal

Journal Location

Journal files:

# Journal location
/var/log/journal/

# User journal
~/.local/share/journal/

Journal Configuration

Configure journal:

# Edit config
sudo vim /etc/systemd/journald.conf

Settings:

[Journal]
Storage=persistent
SystemMaxUse=1G
SystemKeepFree=2G

---

journalctl Usage

View Logs

Basic commands:

# All logs
journalctl

# Recent logs
journalctl -n 50

# Follow logs
journalctl -f

# Boot logs
journalctl -b

Filter Logs

Filter by:

# By service
journalctl -u service-name

# By priority
journalctl -p err

# By time
journalctl --since today
journalctl --since "2024-01-15 10:00" --until "2024-01-15 12:00"

See Journalctl Troubleshooting for detailed guide.

---

Log Rotation

Journal Rotation

Configure rotation:

# Edit journal config
sudo vim /etc/systemd/journald.conf

Settings:

[Journal]
SystemMaxUse=1G
SystemKeepFree=2G
MaxRetentionSec=2weeks

Manual Rotation

Rotate logs:

# Vacuum by time
sudo journalctl --vacuum-time=2weeks

# Vacuum by size
sudo journalctl --vacuum-size=1G

---

Log Analysis

Search Logs

Search in logs:

# Search for text
journalctl | grep "error"

# Case insensitive
journalctl | grep -i "error"

Export Logs

Export logs:

# Export to file
journalctl > logs.txt

# Export specific service
journalctl -u service-name > service-logs.txt

---

Log Maintenance

Check Disk Usage

Check usage:

# Check journal size
journalctl --disk-usage

# List boots
journalctl --list-boots

Clean Logs

Clean old logs:

# Vacuum by time
sudo journalctl --vacuum-time=2weeks

# Vacuum by size
sudo journalctl --vacuum-size=1G

---

Troubleshooting

Logs Too Large

Clean logs:

# Check size
journalctl --disk-usage

# Clean
sudo journalctl --vacuum-time=1week

Logs Not Showing

Check journal:

# Check journal status
systemctl status systemd-journald

# Restart journal
sudo systemctl restart systemd-journald

---

Summary

This guide covered log management for Arch Linux, CachyOS, and other distributions, including journalctl, log rotation, and maintenance.

---

Next Steps

• Journalctl Troubleshooting - journalctl guide
• System Monitoring - System monitoring
• ArchWiki Log Management: https://wiki.archlinux.org/title/Systemd/Journal

---

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.