Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
Chapter 2. Troubleshooting problems by using log files
Use log files to troubleshoot and monitor the system. Log files contain messages about the system, kernel, services, and applications, recorded efficiently using the built-in syslog protocol.
2.1. Services that handle syslog messages
Identify the system services, such as rsyslogd and journald, that handle syslog messages. These services are crucial for capturing, processing, and storing all security-relevant system events.
The following services handle syslog messages:
- The
systemd-journalddaemon Collects messages from the following sources and forwards them to Rsyslog for further processing:
- Kernel
- Early stages of the boot process
- Standard and error output of daemons as they start and run
- Syslog
- The
rsyslogservice -
Sorts syslog messages by type and priority and writes them to the files in the
/var/logdirectory. The/var/logdirectory persistently stores the log messages.
2.2. Subdirectories that store syslog messages
Locate where system logging services store recorded syslog messages. Most log files are kept in the /var/log/ directory, often organized logically into subdirectories based on the application.
The following subdirectories under the /var/log directory store syslog messages:
- /var/log/messages
- all syslog messages except the following
- /var/log/secure
- security and authentication-related messages and errors
- /var/log/maillog
- mail server-related messages and errors
- /var/log/cron
- log files related to periodically executed tasks
- /var/log/boot.log
- log files related to system startup
2.3. Commands for viewing logs
You can view and manage log files by using the Journal, which is a component of systemd. It addresses problems connected with traditional logging, is closely integrated with the rest of the system, and supports various logging technologies and access management for the log files.
You can use the journalctl command to view messages in the system journal, for example:
journalctl -b | grep kvm May 15 11:31:41 localhost.localdomain kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00 May 15 11:31:41 localhost.localdomain kernel: kvm-clock: cpu 0, msr 76401001, primary cpu clock
$ journalctl -b | grep kvm
May 15 11:31:41 localhost.localdomain kernel: kvm-clock: Using msrs 4b564d01 and 4b564d00
May 15 11:31:41 localhost.localdomain kernel: kvm-clock: cpu 0, msr 76401001, primary cpu clock2.3.1. Viewing system information
journalctl- Shows all collected journal entries.
journalctl FILEPATH-
Shows logs related to a specific file. For example, the
journalctl /dev/sdacommand displays logs related to the/dev/sdafile system. journalctl -b- Shows logs for the current boot.
journalctl -k -b -1- Shows kernel logs for the current boot.
2.3.2. Viewing information about specific services
journalctl -b _SYSTEMD_UNIT=<name.service>-
Filters log to show entries matching the
systemdservice. journalctl -b _SYSTEMD_UNIT=<name.service> _PID=<number>-
Combines matches. For example, this command shows logs for
systemd-unitsthat match<name.service>and the PID<number>. journalctl -b _SYSTEMD_UNIT=<name.service> _PID=<number> + _SYSTEMD_UNIT=<name2.service>-
The plus sign (+) separator combines two expressions in a logical OR. For example, this command shows all messages from the
<name.service>service process with thePIDplus all messages from the<name2.service>service (from any of its processes). journalctl -b _SYSTEMD_UNIT=<name.service> _SYSTEMD_UNIT=<name2.service>-
This command shows all entries matching either expression, referring to the same field. Here, this command shows logs matching a systemd-unit
<name.service>or a systemd-unit<name2.service>.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}