Manage Journald

TIPS & TRICKS

To search the contents of the man pages

# man -k searchterm 
# man -K searchterm 

Manage Journald

Configure Journald 1

| Configure journald to persist between reboots

# vim /etc/systemd/journald.conf
#Storage=auto
Storage=persistent

Apply (Seems you need to reboot to seen logs in /var/log/journal):

# systemctl restart systemd-journald.service

Then verify with journalctl after reboot (1 for 1rst reboot, 2 for second, etc.q):

# journalctl -b 1  

From man journald.conf:

Storage=
Controls where to store journal data. […] If “persistent“, data will be stored preferably on disk, i.e. below the /var/log/journal hierarchy (which is created if needed), with a fallback to /run/log/journal (which is created if needed), during early boot and if the disk is not writable. “auto” behaves like “persistent” if the /var/log/journal directory exists, and “volatile” otherwise (the existence of the directory controls the storage mode).”

Configure Journald 2

| Configure the journal to be persistent across system reboots.
| Make a configuration file that writes all messages with an info priority to the file /var/log/messages.info.
| Configure logrotate to keep ten old versions of log files

Uncomment storage line to persistent, a dir in /var/log/journal/ will be created

# vim /etc/systemd/journald.conf
Storage=persistent

Apply (Seems you need to reboot to seen logs in /var/log/journal):

# systemctl restart systemd-journald.service

Then verify with journalctl after reboot (1 for 1rst reboot, 2 for second, etc.q):

# journalctl -b 1  

Make a configuration file that writes all messages with an info priority to the file /var/log/messages.info. you need to configure /etc/rsyslog.d/<YouFile>.conf

# vim /etc/rsyslog.d/info.conf
*.info			/var/log/messages.info

# systemctl restart rsyslogd

Lauch somme alerts:

# logger -p daemon.alert "hello $(date)"
# logger -p user.alert "$USER hello $(date)"

You can see logs in the new file /var/log/messages.info:

# tail /var/log/messages.info

Configure logrotate in /etc/logrotate.conf to keep ten old versions of log files::wq:q

# vim /etc/logrotate.conf
rotate 10 

Configure Journald 3

| Configurez rsyslog pour enregistrer tous les messages système de niveau warning ou supérieur dans un fichier /var/log/warnings.log.

Ajouter la règle dans /etc/rsyslog.d/warnings.conf :

# vim /etc/rsyslog.d/warning.info
*.warn /var/log/warnings.log

Redémarrer le service :

# systemctl restart rsyslog

Configure Journald 4

| Add a custom message “This is a sample message on $(date) by $LOGNAME” to the /var/log/messages file as the root user.
| Use regular expression to confirm the message entry to the log file.

# logger "This is a s4mpl3 message on $(date) by $LOGNAME"
# grep s4mpl3 /var/log/messages

Configure Journald 5

| Donwload and install the apache web service.
| Try to configure apache to log error messages through syslog using the facility local1
| Create a rule that send all messages that it receives from local1 (That used above) facility to /var/log/httpd-error.log
| Verify the last changed by accessing a page that does not exist

# dnf install -y httpd 

Addin the line:

# vim /etc/httpd/conf/http.conf
ErrorLog	syslog:local1

# systemctl restart httpd 

Adding the following line in rule section:

# vim /etc/rsyslog.conf
local1.error		/var/log/httpd-error.log 

# systemctl restart rsyslogd

# curl localhost 	

Documentations

Internet
Git
ChatGPT