44 lines
2.0 KiB
XML
44 lines
2.0 KiB
XML
<chapter xmlns="http://docbook.org/ns/docbook"
|
||
xmlns:xlink="http://www.w3.org/1999/xlink"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude"
|
||
version="5.0"
|
||
xml:id="sec-logging">
|
||
<title>Logging</title>
|
||
<para>
|
||
System-wide logging is provided by systemd’s <emphasis>journal</emphasis>,
|
||
which subsumes traditional logging daemons such as syslogd and klogd. Log
|
||
entries are kept in binary files in <filename>/var/log/journal/</filename>.
|
||
The command <literal>journalctl</literal> allows you to see the contents of
|
||
the journal. For example,
|
||
<screen>
|
||
<prompt>$ </prompt>journalctl -b
|
||
</screen>
|
||
shows all journal entries since the last reboot. (The output of
|
||
<command>journalctl</command> is piped into <command>less</command> by
|
||
default.) You can use various options and match operators to restrict output
|
||
to messages of interest. For instance, to get all messages from PostgreSQL:
|
||
<screen>
|
||
<prompt>$ </prompt>journalctl -u postgresql.service
|
||
-- Logs begin at Mon, 2013-01-07 13:28:01 CET, end at Tue, 2013-01-08 01:09:57 CET. --
|
||
...
|
||
Jan 07 15:44:14 hagbard postgres[2681]: [2-1] LOG: database system is shut down
|
||
-- Reboot --
|
||
Jan 07 15:45:10 hagbard postgres[2532]: [1-1] LOG: database system was shut down at 2013-01-07 15:44:14 CET
|
||
Jan 07 15:45:13 hagbard postgres[2500]: [1-1] LOG: database system is ready to accept connections
|
||
</screen>
|
||
Or to get all messages since the last reboot that have at least a
|
||
“critical” severity level:
|
||
<screen>
|
||
<prompt>$ </prompt>journalctl -b -p crit
|
||
Dec 17 21:08:06 mandark sudo[3673]: pam_unix(sudo:auth): auth could not identify password for [alice]
|
||
Dec 29 01:30:22 mandark kernel[6131]: [1053513.909444] CPU6: Core temperature above threshold, cpu clock throttled (total events = 1)
|
||
</screen>
|
||
</para>
|
||
<para>
|
||
The system journal is readable by root and by users in the
|
||
<literal>wheel</literal> and <literal>systemd-journal</literal> groups. All
|
||
users have a private journal that can be read using
|
||
<command>journalctl</command>.
|
||
</para>
|
||
</chapter>
|