Cheatography
https://cheatography.com
Syslogd & Journal for RHCSA EX200
This is a draft cheat sheet. It is a work in progress and is not finished yet.
Commands
journalctl |
Shows more detailed information from the journal. |
tail -f <logfile> |
Shows in real time which lines are added to the log file. |
systemctl status <unit> |
Show a short overview of the last significant events that have been logged by Systemd units through journald. |
logger |
Enables users to write messages to rsyslog from the command line or a script |
journalctl --since [--until] |
to show all messages that have been written since given date (and up to, if provided) |
Definitions
Facility |
Specifies a category of information that is logged. rsyslogd uses a fixed list of facilities, which cannot be extended. This is because of backward compatibility with the legacy syslog service. |
Priority |
Used to define the severity of the message that needs to be logged. When you specify a priority, by default all messages with that priority and all higher priorities are logged. This is a fixed list. |
Destination |
Defines where the message should be written. Typical destinations are files, but rsyslog modules can be used as a destination as well, to allow further processing through a rsyslogd module. |
local0 through local7 |
If services that do not have their own rsyslogd facility need to write log messages to a specific log file anyway, these services can be configured. |
/run |
This directory is used for current process status information only, which means that the journal is cleared when the system reboots. |
|
|
journald
journald |
provides an advanced log management system. journald collects messages from the kernel, the entire boot procedure, and services and writes these messages to an event journal. |
Implemented: |
which is implemented by the systemd-journald daemon |
Format: |
Binary |
Retention: |
Non-persistent; however, forwarded to rsyslogd |
Tips & Configuration
Logger |
Services and users can write directly to log files themselves or through rsyslogd. |
/etc/rsyslog.conf |
You can configure the rsyslogd service through here. |
/etc/sysconfig/rsyslog |
If specific options need to be passed to the rsyslogd service on startup, you can do this by using this file. |
(-) Buffered logging |
Begin destinations with hyphens caused to have the log messages will not be immediately committed to the file but instead will be buffered to make writes more efficient. |
/etc/logrotate.conf |
The default settings for log rotation are kept in here. |
/etc/logrotate.d |
Specific logging configurations are placed here and override default configurations. |
/var/log/journal |
Create to make the journal persistent between system restarts. |
/etc/systemd/journal.conf |
Storing the journal permanently requires setting the Storage=auto parameter. |
|