日志Linux日志管理的基本概念
日记帐CTL查询所有系统服务日志的内容
journalctlmaybeusedtoquerythecontentsofthesystemd (1) journalaswrittenbysystemd-journald.service )8)。
从CentOS 7开始,所有单元的启动日志都由Systemd统一管理。
好处是,journalctl中的一个命令可以显示所有系统日志
查看内容包括内核日志和APP应用程序日志。
日记账CTL的最常用方法systemctl status服务名
日记账CTL-xe
每次启动服务时发生错误时,首先检查服务的状态
运行日记账CRL以显示日志中记录的错误消息
日记账CTL来自系统systemdjournalctlis/usr/wgdcc /日记账CTL
[ root @ c8-186~] # rpm-qijournalctlpackagejournalctlisnotinstalled [ root @ c8-186~] # whichjournalctl/usr/wgdc CTL watisjournalctljournalctl (1)-querythesystemdjournal [ root @ c8-186~] # yumprovidesjournalctlsystemd-239-41.el8 _ 3.2.I 6863360 systemandservice 3360 manager repo : baseosmatchedfrom 3360文件识别器x86 _ 64:系统管理服务: manager repo : @ systemmatchedfrom 3360文件管理journalctlsystemd-239-41.el8 _ 3.2
所有注释都是默认值[ root @ c8-186~] # cat/etc/systemd/journald.conf # thisfileispartofsystemd.# # systemdisfresosofd youcanredistributeitand/ormodifyit # underthetermsofthegnulessergeneralpublicenseaspublishedby # thefreesoftwarefoundation either 2.1版of the license, or#(atyouroption ) anylaterversion.# # entriesinthisfileshowthecompiletimedefaults.# youcanchangesettingsbyeditingthisfis dfaultscanberestoredbysimplydeletingthisfile.# # seejournald.conf (5) for details.[ compra ge syncintervalsec=5m # ratelimitintervalsec=30s # rate limit burst=10000 # systemmaxuse=# systemkeepfree=# systee runtime max filesize=# runtime max files=100 # maxretentionsec=# max file sec=1month # forwardtosyslog=forwardtowall=yes
journalctl常见用法示例 #查看所有日志(默认情况下 ,只保存本次启动的日志)journalctl#查看内核日志(不显示应用日志)journalctl -k#查看系统本次启动的日志journalctl -bjournalctl -b -0#查看上一次启动的日志(需更改设置)journalctl -b -1#查看指定时间的日志journalctl --since="2017-10-30 18:10:30"journalctl --since "20 min ago"journalctl --since yesterdayjournalctl --since "2017-01-10" --until "2017-01-11 03:00"journalctl --since 09:00 --until "1 hour ago"#显示尾部的最新10行日志journalctl -n#显示尾部指定行数的日志journalctl -n 20#实时滚动显示最新日志journalctl -f#查看指定服务的日志journalctl /usr/lib/systemd/systemd#查看指定进程的日志journalctl _PID=1#查看某个路径的脚本的日志journalctl /usr/wgdcc/bash#查看指定用户的日志journalctl _UID=33 --since today#查看某个 Unit 的日志journalctl -u nginx.servicejournalctl -u nginx.service --since today#实时滚动显示某个 Unit 的最新日志journalctl -u nginx.service -f#合并显示多个 Unit 的日志journalctl -u nginx.service -u php-fpm.service --since today#查看指定优先级(及其以上级别)的日志,共有8级0: emerg1: alert2: crit3: err4: warning5: notice6: info7: debugjournalctl -p err -b#日志默认分页输出,--no-pager 改为正常的标准输出journalctl --no-pager#日志管理journalctl#以 JSON 格式(单行)输出journalctl -b -u nginx.service -o json#以 JSON 格式(多行)输出,可读性更好journalctl -b -u nginx.serviceqq -o json-pretty#显示日志占据的硬盘空间journalctl --disk-usage#指定日志文件占据的最大空间journalctl --vacuum-size=1G#指定日志文件保存多久journalctl --vacuum-time=1years journalctl 命令格式和选项 [root@C8-186 ~]# journalctl --helpjournalctl [OPTIONS...] [MATCHES...]Query the journal.Options: --system Show the system journal --user Show the user journal for the current user -M --machine=CONTAINER Operate on local container -S --since=DATE Show entries not older than the specified date -U --until=DATE Show entries not newer than the specified date -c --cursor=CURSOR Show entries starting at the specified cursor --after-cursor=CURSOR Show entries after the specified cursor --show-cursor Print the cursor after all the entries -b --boot[=ID] Show current boot or the specified boot --list-boots Show terse information about recorded boots -k --dmesg Show kernel message log from the current boot -u --unit=UNIT Show logs from the specified unit --user-unit=UNIT Show logs from the specified user unit -t --identifier=STRING Show entries with the specified syslog identifier -p --priority=RANGE Show entries with the specified priority -g --grep=PATTERN Show entries with MESSAGE matching PATTERN --case-sensitive[=BOOL] Force case sensitive or insenstive matching -e --pager-end Immediately jump to the end in the pager -f --follow Follow the journal -n --lines[=INTEGER] Number of journal entries to show --no-tail Show all lines, even in follow mode -r --reverse Show the newest entries first -o --output=STRING Change journal output mode (short, short-precise, short-iso, short-iso-precise, short-full, short-monotonic, short-unix, verbose, export, json, json-pretty, json-sse, cat, with-unit) --output-fields=LIST Select fields to print in verbose/export/json modes --utc Express time in Coordinated Universal Time (UTC) -x --catalog Add message explanations where available --no-full Ellipsize fields -a --all Show all fields, including long and unprintable -q --quiet Do not show info messages and privilege warning --no-pager Do not pipe output into a pager --no-hostname Suppress output of hostname field -m --merge Show entries from all available journals -D --directory=PATH Show journal files from directory --file=PATH Show journal file --root=ROOT Operate on files below a root directory --interval=TIME Time interval for changing the FSS sealing key --verify-key=KEY Specify FSS verification key --force Override of the FSS key pair with --setup-keysCommands: -h --help Show this help text --version Show package version -N --fields List all field names currently used -F --field=FIELD List all values that a specified field takes --disk-usage Show total disk usage of all journal files --vacuum-size=BYTES Reduce disk usage below specified size --vacuum-files=INT Leave only the specified number of journal files --vacuum-time=TIME Remove journal files older than specified time --verify Verify journal file consistency --sync Synchronize unwritten journal messages to disk --flush Flush all journal data from /run into /var --rotate Request immediate rotation of the journal files --header Show journal header information --list-catalog Show all message IDs in the catalog --dump-catalog Show entries in the message catalog --update-catalog Update the message catalog database --new-id128 Generate a new 128-bit ID --setup-keys Generate a new FSS key pairlines 33-66/66 (END)