Logging
systemctl restart rsyslog && service auditd restart && logger "blaataap"
Perusing system logs
On Linux distros based on systemd, logs can be viewed using the journalctl command. This requires root privileges. However, users that are members of the adm group get access as well. So, add your user to the adm group to make viewing logs easier.
| Action | Command |
|---|---|
| Show log since last boot | journalctl -b |
Kernel messages (like dmesg) | journalctl -k |
| Show latest log and wait for changes | journalctl -f |
| Reverse output (newest first) | journalctl -r |
| Show only errors and worse | journalctl -b -p err |
| Filter on time (example) | journalctl --since=2014-06-00 --until="2014-06-07 12:00:00" |
| Since yesterday | journalctl --since=yesterday |
| Show only log of SERVICE | journalctl -u SERVICE |
Match executable, e.g. dhclient | journalctl /usr/sbin/dhclient |
Match device node, e.g. /dev/sda | journalctl /dev/sda |
| Disable truncating/paging | journalctl --no-pager |
“Traditional” logs
Traditionally, logs are text files in /var/log. Some services still write their logs to these text files and not to journald.
| Action | Command |
|---|---|
| Live view of log FILE | tail -f /var/log/FILE |
| Colorized live view of boot/kernel messages | dmesg -wH |