Linux Log Management

Linux Log Management Guide

Complete beginner-friendly guide to log management on Linux, covering Arch Linux, CachyOS, and other distributions including systemd journal, journalctl usage, log rotation, log analysis, and log maintenance.

systemd Journal

Journal Location

Journal files:

# Journal location
/var/log/journal/

# User journal
~/.local/share/journal/

Journal Configuration

Configure journal:

# Edit config
sudo vim /etc/systemd/journald.conf

Settings:

[Journal]
Storage=persistent
SystemMaxUse=1G
SystemKeepFree=2G

journalctl Usage

View Logs

Basic commands:

# All logs
journalctl

# Recent logs
journalctl -n 50

# Follow logs
journalctl -f

# Boot logs
journalctl -b

Filter Logs

Filter by:

# By service
journalctl -u service-name

# By priority
journalctl -p err

# By time
journalctl --since today
journalctl --since "2024-01-15 10:00" --until "2024-01-15 12:00"

See Journalctl Troubleshooting for detailed guide.

Log Rotation

Journal Rotation

Configure rotation:

# Edit journal config
sudo vim /etc/systemd/journald.conf

Settings:

[Journal]
SystemMaxUse=1G
SystemKeepFree=2G
MaxRetentionSec=2weeks

Manual Rotation

Rotate logs:

# Vacuum by time
sudo journalctl --vacuum-time=2weeks

# Vacuum by size
sudo journalctl --vacuum-size=1G

Log Analysis

Search Logs

Search in logs:

# Search for text
journalctl | grep "error"

# Case insensitive
journalctl | grep -i "error"

Export Logs

Export logs:

# Export to file
journalctl > logs.txt

# Export specific service
journalctl -u service-name > service-logs.txt

Log Maintenance

Check Disk Usage

Check usage:

# Check journal size
journalctl --disk-usage

# List boots
journalctl --list-boots

Clean Logs

Clean old logs:

# Vacuum by time
sudo journalctl --vacuum-time=2weeks

# Vacuum by size
sudo journalctl --vacuum-size=1G

Troubleshooting

Logs Too Large

Clean logs:

# Check size
journalctl --disk-usage

# Clean
sudo journalctl --vacuum-time=1week

Logs Not Showing

Check journal:

# Check journal status
systemctl status systemd-journald

# Restart journal
sudo systemctl restart systemd-journald

Summary

This guide covered log management for Arch Linux, CachyOS, and other distributions, including journalctl, log rotation, and maintenance.

Next Steps

Journalctl Troubleshooting - journalctl guide
System Monitoring - System monitoring
ArchWiki Log Management: https://wiki.archlinux.org/title/Systemd/Journal

This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.

Uh oh!

Linux Log Management

Linux Log Management Guide

Table of Contents

systemd Journal

Journal Location

Journal Configuration

journalctl Usage

View Logs

Filter Logs

Log Rotation

Journal Rotation

Manual Rotation

Log Analysis

Search Logs

Export Logs

Log Maintenance

Check Disk Usage

Clean Logs

Troubleshooting

Logs Too Large

Logs Not Showing

Summary

Next Steps

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!