You’ll find the journald logging system on any Linux distro that uses the systemd ecosystem. Instead of sending its messages to text files, journald sends messages to binary files. Instead of using normal Linux text file utilities to extract information, you have to use the journalctl utility.

#journalctl

To view the journald log file in its entirety, use the journalctl command. With Ubuntu, the person who installed the operating system has been added to the adm group, which allows that person to use journalctl without sudo or root privileges.

Any users who are added later would only be able to see their own messages.

There are lots of options that can display different types of information in various formats. For example, to only see messages about the cron service, use the –unit=cron option,

#journalctl --unit=cron

You can’t use the grep utility with these binary logs, but you can search for a string with the -g option. By default, it’s case-insensitive and finds your desired text string even when it’s embedded in another text string. Here, we see it finding the text string, fail:

#journalctl -g fail

To configure journald, you can edit the journald.conf file using the following command

#vi /etc/system/journald.conf

You can set the storage=volatile to store the journal in memory and to store it on disc, you can use storage=persistent. Most distributions have it set to auto, which means it will store the journal on disk if /var/log/journal exists, otherwise it will be stored in memory.

After you have decided where to store the journal, you may want to set some limits. For example, SystemMaxUse=4G will limit the logs to about 4GB.

Similarly, SystemKeepFree=10G will try to keep 10GB of disk space free. If you choose to keep the journal in memory, the equivalent options are RuntimeMaxUse and RuntimeKeepFree.

Once you have done the configuration changes, reload the journal service using the following command

#systemctl restart system-journald.service

 

The following two tabs change content below.
Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.