rsyslog – is the old logging system and journald is the new one.
All journald logs are into a binary files.
Systemctl can be used to get the logs.
# systemctl status nfs
# journalctl – show the content of the file
# journalctl -b (boot information).
# journalctl –since=yesterday (all the info since yesterday)
look other server. SLAPD process is log there.
# systemctl status slapd
# systemctl status slapd -l
Journald is getting information from systemctl.
# journalctl -u slapd (all information about a process)
Details about information….VERY GOOD:
# journalctl -u slapd -o verbose
Configuring log rotate.
# cd /etc
# vi logrotate.conf – is the configuration file
# vi logrotate.d – is the directory where are stored logs for packages installed from RPM.
all the information about log rotate should be here:
# vi logrotate.conf
# tail /var/log/secure
# journalctl _COMM=su (check some commands that can be specify)
more information with verbose:
# journalctl _COMM=su -o verbose
Configure log rotate:
# vi /etc/logrotate.conf
No need to restart because is a cron job and the file will be read next time.