From the course: LPIC-1 Exam 102 (Version 5.0) Cert Prep
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Retrieve systemd journal data from a rescue system - Linux Tutorial
From the course: LPIC-1 Exam 102 (Version 5.0) Cert Prep
Retrieve systemd journal data from a rescue system
- [Instructor] There are times where a server does crash we need to read the data from our recovered drive. For normal logging with our syslog or other equivalents, it's easy. We just mount the recovered drive into our file system and use grep to find what we want. This works because the syslog's messages are text files. However, the systemd-journald is binary so we can't do this. In order for us to access journals from a recovered system, they need be persistent. You make your journal persistent by creating a /var/log/journal directory. After restarting the system D dash journal D service, it creates a directory in /var/log/journal named with the UID or universally Unique Identification Number. This is different for your system. When you use journalctl it automatically reads the journal at /var/log/journal. And then, a directory named with your UID. Inside that directory, can be one or more journals depending on…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
-
-
-
-
(Locked)
Locate and interpret system log files4m 57s
-
Read the system journal3m 23s
-
(Locked)
Configuration of logrotate2m 33s
-
(Locked)
Filter journal data by criteria1m 25s
-
(Locked)
Rsyslog actions1m 41s
-
(Locked)
Clear old systemd journal data2m 33s
-
(Locked)
Retrieve systemd journal data from a rescue system2m 18s
-
(Locked)
About syslog, rsyslog, and syslog-ng3m 32s
-
(Locked)
-
-
-
-
-
-
-
-
-