Wednesday 20 July 2016

Filtering logs with journalctl

Coming over from Debian to CentOS / RHEL was mostly a smooth / simialr transition - although one of the little differences that I encountered was that CentOS 7 uses journalctl for general application / service logging - rather opposed to debian where everything was written to /var/log/messages (which translates to /var/log/syslog in the RHEL world.)

The journalctl tool is actually pretty cool and provides some in-built filters to allow you to quickly find the information you need rather than grepping everything!

I have included a few examples below of how information can be extracted:

To look at logs for a specific service we could issue something like the following for cron jobs:

journalctl SYSLOG_IDENTIFIER=crond

or something like follows for identifying selinux problems:

journalctl SYSLOG_IDENTIFIER=setroubleshoot

We can also filter dependent on time:

journalctl SYSLOG_IDENTIFIER=setroubleshoot --since "17:00" --until "19:00"

or filter dependent on a specific priority (e.g. Emergency to Error)

journalctl --priority 1..4

0 comments:

Post a Comment