system logging other than journalctl

I’ve been assuming that journalctl is comprehensive aggregator of system logs but I find out this is incorrect.

For example dmesg provides logging of system before systemd is fully activated and presents a more precise view of hardware states and process.

Are there other standard or useful system logging facilities that knowledgeable sysadmins use in linux?

Asked By: Stephen Boston

||

I’ve been assuming that journalctl is comprehensive aggregator of system logs but I find out this is incorrect.

It kind of is! Journalctl is part of systemd systems; on these, all things concerning the life time of services, logins etc are indeed logged to the journal: Basically, everything that systemd does or knows of. This also involves services that are started through a systemd service file, which (as default) logs the standard output of these services to the journal.

However, every program is free to log however it wants. For example, your mail server daemons might log to /var/log/mail/…, your apache2 web server has its own configurable logging locations, etc.

So, /var/log is usually a place you find relevant log files, but you’d want to look into the configuration of the services you run; at least, every service that gets started through the usual ways gets logged to journal and listed in systemctl status.

For example dmesg provides logging of system before systemd is fully activated and presents a more precise view of hardware states and process.

don’t mistake dmesg for a competitor to the journal: it is just the command that outputs your kernel’s log buffer. It doesn’t log anything but kernel messages. And as such, yes, it is in working state before journald can start logging. But, if you do journalctl -b0 to read the log from the beginning of your current boot, you should see the same messages you see at the beginning of dmesg‘s output. So, what you can see on a running system through dmesg should be a strict subset of what you can see via journalctl.

Answered By: Marcus Müller
Categories: Answers Tags:
Answers are sorted by their score. The answer accepted by the question owner as the best is marked with
at the top-right corner.