Journals and their importance to `systemd` are a major change from the previous model of Linux logging, namely `Syslog` and its variants. As even the format of the logs or journal has changed, this is a true disruptor, or it could have been if the `systemd` team hadn’t put in some key migration and integration features—such as forwarding to `syslog` and the excellent `journalctl` command, which we’ll use heavily in this lab.
In this lab, you’ll gain the skills needed with `journalctl`:
* From simple querying to viewing boot session entries
* Monitoring a service, user’s entries by UID, times, and ranges of entries
* Extending your journal entries with standardized explanations from the Message Catalog.
Successfully complete this lab by achieving the following learning objectives:
- Query and View Journal Entries Including Boot Sessions
- View journal entries for a user and the system.
- View available boot sessions and entries.
- Monitor Services, CGroups, and Ranges
- Monitor a service’s entries.
- View a user’s scope entries.
- View entries based on times and ranges.
- Query User and Process Entries, and Add Explanations
- Find a user’s UID and journal entries for it.
- Find a process ID and view its entries.
- View the Message Catalog.
- Enhance journal entries with explanations.