Log messages and journal logs

Question 1

Traditional logs location, for example rsyslog etc

Answer 1

/var/log

Question 2

Man for systemd logs

Answer 2

man systemd-journald

Question 3

Location of journalctl logs

Make journalctl logs written permanently

Answer 3

/run/log/journal

/var/log/journal

Question 4

Config location of systemd-journald

Answer 4

/etc/systemd/journald.conf

Question 5

Show last 10 lines of jounalctl

Answer 5

journalctl -n

Question 6

Show last extended logs of jounalctl

Answer 6

journalctl -xe

• e- go to the end
• x- explanation

Question 7

Show last 10 line with jouranlctl and continue listening

Answer 7

journalctl -f

-f -follow

Question 8

Show logs for specific unit

Answer 8

journalctl -u httpd.service

Question 9

Show logs of ring buffer

Answer 9

journalctl -k

dmesg

Question 10

Location of configs related to log rotation

Answer 10

/etc/logrotate.d/file_name

Question 11

Remote logging

Answer 11

Rsyslog is used for forwarding log messages in an IP network.
The main configuration file for rsyslog is /etc/rsyslog.conf. Here, you can specify global directives, modules, and rules that consist of filter and action parts.
__
vim /etc/rsyslog.d/my_file.conf
. @1.2.3.4:514 (send all logs from this pc to 1.2.3.4)
1.2.3.4 should be configured to accept requests on 514
@-udp
@@-tcp

Question 12

Query to systemd journal

Answer 12

journalctl [opt] [match]
journalctl -f -o verbose (o=output: short, verbose,json etc)
journalctl -p err (p=priority: err, crit,alert,emerg, notice,warning)
journalct -u ssh (u=unit)

Question 13

Query to systemd journal since/until

Answer 13

journalctl –since=yesterday –until=now

Question 14

Info about how much time boot process took

Answer 14

systemd-analyze : shot info

systemd-analyze blame : long info