14 logging journalctl rsyslog logrotate /var/log/ | systemctl status
journald information is mainly accessed through systemctl status (journalctl)
everything else (rsyslog) is in /var/log/messages and other files in /var/log
[root@localhost linda]# lsof /var/log/messages
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
Output information may be incomplete.
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
abrt-watc 750 root 4r REG 253,0 156115 67567391 /var/log/messages
rsyslogd 1031 root 4w REG 253,0 156115 67567391 /var/log/messages
[root@localhost linda]#
logging information
- journalctl (systemd)
- rsyslog (old system to logging information)
[root@svn ~]# cat /etc/rsyslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
#everything logs to /var/log/messages except mail,authpriv,cron
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg :omusrmsg:*
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.*
[root@svn ~]# systemctl status rsyslog
[root@svn ~]# journalctl -b #shows boot information
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:42:02 EEST. --
Jul 04 21:45:31 localhost.localdomain systemd-journal[92]: Runtime journal is using 8.0
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuset
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpu
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuacct
Jul 04 21:45:31 localhost.localdomain kernel: Linux version 3.10.0-514.el7.x86_64 (buil
Jul 04 21:45:31 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-
Jul 04 21:45:31 localhost.localdomain kernel: Disabled fast string operations
Jul 04 21:45:31 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
Jul 04 21:45:31 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000000000x0000
[root@svn ~]# journalctl --since=yesterday
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:43:01 EEST. --
Jul 11 22:27:34 svn.localdomain systemd[1]: Time has been changed
Jul 11 22:27:34 svn.localdomain dbus[660]: [system] Successfully activated service 'org
Jul 11 22:27:34 svn.localdomain dbus-daemon[660]: dbus[660]: [system] Successfully acti
Jul 11 22:27:34 svn.localdomain systemd[1]: Started Network Manager Script Dispatcher S
journald and systemctl are integrated
rsyslog has got log-server, which holds logs for a long period.
journald could use rsyslog log-server for logging purpose
journald information is automatically logged to rsyslog
Jul 11 22:27:34 svn.localdomain NetworkManager[760]: <info> [1499801254.5861] device (
[root@svn ~]# systemctl status
● svn.localdomain
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Tue 2017-07-04 21:45:32 EEST; 1 weeks 0 days ago
CGroup: /
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─user.slice
│ ├─user-1000.slice
│ │ └─session-1.scope
│ │ ├─ 2824 gdm-session-worker [pam/gdm-password]
│ │ ├─ 2836 /usr/bin/gnome-keyring-daemon --daemonize --login
│ │ ├─ 2839 gnome-session --session gnome-classic
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:43:01 EEST. --
Jul 11 22:27:34 svn.localdomain systemd[1]: Time has been changed
Jul 11 22:27:34 svn.localdomain dbus[660]: [system] Successfully activated service 'org
Jul 11 22:27:34 svn.localdomain dbus-daemon[660]: dbus[660]: [system] Successfully acti
Jul 11 22:27:34 svn.localdomain systemd[1]: Started Network Manager Script Dispatcher S
journald and systemctl are integrated
rsyslog has got log-server, which holds logs for a long period.
journald could use rsyslog log-server for logging purpose
journald information is automatically logged to rsyslog
Jul 11 22:27:34 svn.localdomain NetworkManager[760]: <info> [1499801254.5861] device (
[root@svn ~]# systemctl status
● svn.localdomain
State: degraded
Jobs: 0 queued
Failed: 1 units
Since: Tue 2017-07-04 21:45:32 EEST; 1 weeks 0 days ago
CGroup: /
├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
├─user.slice
│ ├─user-1000.slice
│ │ └─session-1.scope
│ │ ├─ 2824 gdm-session-worker [pam/gdm-password]
│ │ ├─ 2836 /usr/bin/gnome-keyring-daemon --daemonize --login
│ │ ├─ 2839 gnome-session --session gnome-classic
[root@svn ~]# journalctl slapd
Failed to add match 'slapd': Invalid argument
Failed to add filters: Invalid argument
[root@svn ~]# journalctl -u slapd
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:47:01 EEST. --
Jul 04 21:45:49 svn.localdomain systemd[1]: Starting OpenLDAP Server Daemon...
Jul 04 21:45:49 svn.localdomain runuser[1131]: pam_unix(runuser:session): session opene
Jul 04 21:45:50 svn.localdomain runuser[1131]: pam_unix(runuser:session): session close
Jul 04 21:45:51 svn.localdomain slapcat[1206]: DIGEST-MD5 common mech free
Jul 04 21:45:51 svn.localdomain runuser[1243]: pam_unix(runuser:session): session opene
[root@svn ~]# journalctl -u slapd -o verbose
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:48:01 EEST. --
Tue 2017-07-04 21:45:49.580142 EEST [s=15cf7ac6bd7e4cf9b239a878584a8f43;i=8ba;b=53df0ce
PRIORITY=6
_UID=0
_GID=0
_BOOT_ID=53df0ce6b4c54e0bb62f180adeed377c
_MACHINE_ID=89eb0221097e4741bc835bff78792748
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd
_TRANSPORT=journal
_PID=1
_COMM=systemd
_EXE=/usr/lib/systemd/systemd
_CAP_EFFECTIVE=1fffffffff
_SYSTEMD_CGROUP=/
CODE_FILE=src/core/unit.c
CODE_LINE=1413
CODE_FUNCTION=unit_status_log_starting_stopping_reloading
MESSAGE_ID=7d4958e842da4a758f6c1cdc7b36dcc5
_HOSTNAME=svn.localdomain
_CMDLINE=/usr/lib/systemd/systemd --switched-root --system --deserialize 21
_SELINUX_CONTEXT=system_u:system_r:init_t:s0
UNIT=slapd.service
MESSAGE=Starting OpenLDAP Server Daemon...
============
logrotate
[root@svn ~]# cat /etc/logrotate.d/vsftpd
/var/log/vsftpd.log {
# ftpd doesn't handle SIGHUP properly
nocompress
missingok
}
/var/log/xferlog {
# ftpd doesn't handle SIGHUP properly
nocompress
missingok
}
[root@svn ~]#
[root@svn ~]# cat /etc/cron.daily/logrotate
#!/bin/sh
/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
/usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
[root@svn ~]#
show current folder size
[root@svn Downloads]# du -hs
1.9G .
How to add apache to logrotate
Add the following file to /etc/logrotate.d directory.
# vi /etc/logrotate.d/apache
/usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log {
size 100M
compress
dateext
maxage 30
postrotate
/usr/bin/killall -HUP httpd
ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated" ramesh@thegeekstuff.com
endscript
}
After adding the above /etc/logrotate.d/apache file, for testing purpose, you can manually call the logrotate script as shown below.
# /etc/cron.daily/logrotate
Once the log files are rotated, do a ls to verify them. As we explained above, the rotated log files will be kept for 30 days.
# ls /usr/local/apache2/logs
access_log
error_log
access_log-20110716.gz
error_log-20110716.gz
Comments
Post a Comment