All the steps to know how to manage Logs Systemd events with Journalctl Linux
Systemd is present in most Linux distros such as Fedora, Debian, Ubuntu, OpenSuSE, Arch, RHEL, CentOS a, d others.
With Systemd we have the option of centrally managing all the services and processes of the system. For this tutorial, we will use CentOS 7.
Configure Journald to collect Systemd Logs
Basically journald is responsible for collecting and writing daily operating system entries such as startup messages, kernel messages, syslog messages, application records, among others.
All Journald information is hosted on the path /etc/systemd/journald.conf and the values recorded there meet local system requirements.
A simple way to visualize the content of this route is to execute the following line with the cat parameter:
Enable Journal of Disk Storage
Most Linux distributions do not allow persistent messages to be stored in your boot system to collect the boot information.
To enable this, it will be necessary to access the path /var/log/journal and there to edit the Storage line. To access there we will use editors such as nano or vi as follows:
sudo vi /etc/systemd/journald.conf sudo nano /etc/systemd/journald.conf
There we will modify the Storage line from the auto value to the persistent value:
Save ChangesSave the changes using the Ctrl + O keys and exit the editor using Ctrl + X.
To get detailed information on each of the elements of Journal, we can execute the following line:
Setting Date & Time using Timedatectl
This aspect is important since having a correct configuration of the date and time the records will be much more reliable and accurate.
To visualize the current date and time, we will execute one of the following lines:
timedatectl timedatectl status
The result will be the following:
In case of configuring a different time zone we will execute the following syntax:
sudo timedatectl set-timezone (City/Country) sudo timedatectl set-time “HH:MM:SS”
View Messages From the Logs using Journalctl
The journalctl command is a utility included in Linux that allows us to see the content of systemd. To display all the records without filtering, we will execute the following line:
Now the following are the filters that we can use with Journalctl:
Filters based on boot
This filter allows us to display the start numbers, their ID, their time stamps, among other values.
For this we will use the –list-boots parameter:
If we want to see the records from the current boot, we will use the following line:
To see previous records we will use the following line:
journalctl -b -1
Filters based on time
With this filter we can use the UTC (Coordinated Universal Time) format using the -utc parameter:
See the most recent events
The default value to use Journalctl is 10 records, but if we use the -n parameter, we can indicate a smaller or larger quantity.
journalctl -n 5
See events generated by the kernel
To visualize the messages generated by the kernel we will use the -k parameter as follows:
In this way, Journalctl offers multiple practical solutions to carry out this task.