14 logging journalctl rsyslog logrotate /var/log/ | systemctl status


journald information is mainly accessed through systemctl status (journalctl)
everything else (rsyslog) is in /var/log/messages and other files  in /var/log


[root@localhost linda]# lsof /var/log/messages
lsof: WARNING: can't stat() fuse.gvfsd-fuse file system /run/user/1000/gvfs
      Output information may be incomplete.
COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF     NODE NAME
abrt-watc  750 root    4r   REG  253,0   156115 67567391 /var/log/messages
rsyslogd  1031 root    4w   REG  253,0   156115 67567391 /var/log/messages
[root@localhost linda]# 








logging information 

- journalctl (systemd)
- rsyslog (old system to logging information)


[root@svn ~]# cat /etc/rsyslog.conf 


#### RULES ####

# Log all kernel messages to the console.

# Logging much else clutters up the screen.
#kern.*                                                 /dev/console

# Log anything (except mail) of level info or higher.

# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
#everything logs to /var/log/messages except mail,authpriv,cron
# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.

mail.*                                                  -/var/log/maillog


# Log cron stuff

cron.*                                                  /var/log/cron

# Everybody gets emergency messages

*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.

uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log

local7.*  


[root@svn ~]# systemctl status rsyslog

[root@svn ~]# journalctl -b  #shows boot information

-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:42:02 EEST. --
Jul 04 21:45:31 localhost.localdomain systemd-journal[92]: Runtime journal is using 8.0
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuset
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpu
Jul 04 21:45:31 localhost.localdomain kernel: Initializing cgroup subsys cpuacct
Jul 04 21:45:31 localhost.localdomain kernel: Linux version 3.10.0-514.el7.x86_64 (buil
Jul 04 21:45:31 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-
Jul 04 21:45:31 localhost.localdomain kernel: Disabled fast string operations
Jul 04 21:45:31 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
Jul 04 21:45:31 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000000000x0000



[root@svn ~]# journalctl --since=yesterday
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:43:01 EEST. --
Jul 11 22:27:34 svn.localdomain systemd[1]: Time has been changed
Jul 11 22:27:34 svn.localdomain dbus[660]: [system] Successfully activated service 'org
Jul 11 22:27:34 svn.localdomain dbus-daemon[660]: dbus[660]: [system] Successfully acti
Jul 11 22:27:34 svn.localdomain systemd[1]: Started Network Manager Script Dispatcher S

journald and systemctl are integrated


rsyslog has got log-server, which holds logs for a long period.
journald could use rsyslog log-server for logging purpose

journald information is automatically logged to rsyslog

Jul 11 22:27:34 svn.localdomain NetworkManager[760]: <info>  [1499801254.5861] device (

[root@svn ~]# systemctl status
● svn.localdomain
    State: degraded
     Jobs: 0 queued
   Failed: 1 units
    Since: Tue 2017-07-04 21:45:32 EEST; 1 weeks 0 days ago
   CGroup: /
           ├─1 /usr/lib/systemd/systemd --switched-root --system --deserialize 21
           ├─user.slice
           │ ├─user-1000.slice
           │ │ └─session-1.scope
           │ │   ├─ 2824 gdm-session-worker [pam/gdm-password]
           │ │   ├─ 2836 /usr/bin/gnome-keyring-daemon --daemonize --login
           │ │   ├─ 2839 gnome-session --session gnome-classic

[root@svn ~]# journalctl slapd
Failed to add match 'slapd': Invalid argument
Failed to add filters: Invalid argument

[root@svn ~]# journalctl -u slapd
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:47:01 EEST. --
Jul 04 21:45:49 svn.localdomain systemd[1]: Starting OpenLDAP Server Daemon...
Jul 04 21:45:49 svn.localdomain runuser[1131]: pam_unix(runuser:session): session opene
Jul 04 21:45:50 svn.localdomain runuser[1131]: pam_unix(runuser:session): session close
Jul 04 21:45:51 svn.localdomain slapcat[1206]: DIGEST-MD5 common mech free
Jul 04 21:45:51 svn.localdomain runuser[1243]: pam_unix(runuser:session): session opene

[root@svn ~]# journalctl -u slapd -o verbose
-- Logs begin at Tue 2017-07-04 21:45:31 EEST, end at Tue 2017-07-11 23:48:01 EEST. --
Tue 2017-07-04 21:45:49.580142 EEST [s=15cf7ac6bd7e4cf9b239a878584a8f43;i=8ba;b=53df0ce
    PRIORITY=6
    _UID=0
    _GID=0
    _BOOT_ID=53df0ce6b4c54e0bb62f180adeed377c
    _MACHINE_ID=89eb0221097e4741bc835bff78792748
    SYSLOG_FACILITY=3
    SYSLOG_IDENTIFIER=systemd
    _TRANSPORT=journal
    _PID=1
    _COMM=systemd
    _EXE=/usr/lib/systemd/systemd
    _CAP_EFFECTIVE=1fffffffff
    _SYSTEMD_CGROUP=/
    CODE_FILE=src/core/unit.c
    CODE_LINE=1413
    CODE_FUNCTION=unit_status_log_starting_stopping_reloading
    MESSAGE_ID=7d4958e842da4a758f6c1cdc7b36dcc5
    _HOSTNAME=svn.localdomain
    _CMDLINE=/usr/lib/systemd/systemd --switched-root --system --deserialize 21
    _SELINUX_CONTEXT=system_u:system_r:init_t:s0
    UNIT=slapd.service
    MESSAGE=Starting OpenLDAP Server Daemon...
============
logrotate


[root@svn ~]# cat /etc/logrotate.d/vsftpd 
/var/log/vsftpd.log {
    # ftpd doesn't handle SIGHUP properly
    nocompress
    missingok
}

/var/log/xferlog {
    # ftpd doesn't handle SIGHUP properly
    nocompress
    missingok
}
[root@svn ~]# 


[root@svn ~]# cat /etc/cron.daily/logrotate 
#!/bin/sh

/usr/sbin/logrotate -s /var/lib/logrotate/logrotate.status /etc/logrotate.conf
EXITVALUE=$?
if [ $EXITVALUE != 0 ]; then
    /usr/bin/logger -t logrotate "ALERT exited abnormally with [$EXITVALUE]"
fi
exit 0
[root@svn ~]# 

show current folder size
[root@svn Downloads]# du -hs
1.9G .


How to add apache to logrotate

Add the following file to /etc/logrotate.d directory.
# vi /etc/logrotate.d/apache
/usr/local/apache2/logs/access_log /usr/local/apache2/logs/error_log {
    size 100M
    compress
    dateext
    maxage 30
    postrotate
      /usr/bin/killall -HUP httpd
      ls -ltr /usr/local/apache2/logs | mail -s "$HOSTNAME: Apache restarted and log files rotated" ramesh@thegeekstuff.com
    endscript
}


After adding the above /etc/logrotate.d/apache file, for testing purpose, you can manually call the logrotate script as shown below.
# /etc/cron.daily/logrotate
Once the log files are rotated, do a ls to verify them. As we explained above, the rotated log files will be kept for 30 days.
# ls /usr/local/apache2/logs
access_log
error_log
access_log-20110716.gz
error_log-20110716.gz

Comments

Popular posts from this blog

HAproxy logging

teamcity Automatic Agent Start under Linux

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all