Where to find the log file of specific service

systemd journalctl
19,600

Solution 1

Systems with s6, runit, perp, nosh, daemontools-encore, et al. doing the service management work this way. Each main service has an individual associated set of log files that can be monitored individually, and a decentralized logging mechanism.

systemd however does not work this way. There is no individual "associated log file" for any given service. There is no such file to be monitored.

All log output is funneled into a single central dæmon, systemd-journald, and that dæmon writes it as a single stream with all services' log outputs combined to the single central journal in /{run,var}/log/journal/.

The -u option to journalctl is a post-processing filter that filters what is printed from the single central journal, all journal entries being tagged with (amongst other things) the name of the associated service. Everything fans in, and it then has to be filtered to separate it back out to (approximately) how it was originally.

The systemd way is to use journalctl -f with appropriate filters added, or write your own program directly using the systemd-specific API for its journal.

Further reading

Solution 2

1.) If your Linux distribution uses journald to the full extent, there will be no easily readable traditional log file, as @JdeBP mentioned. The journal file uses a binary format and is not easily parseable by traditional log file tools.

2.) If journalctl -u {service} has the information you need, then you could use journalctl -f -u {service} and pipe the output to the program that parses the log and triggers any needed reactions. Anything beyond that is likely to be specific to your Linux distribution of choice.

For example, Debian 9 (Stretch) in a default configuration has journald maintaining the traditional /dev/log syslog input socket. But if rsyslogd is installed, journald is configured to forward incoming syslog messages to it.

Other Linux distributions might have the relationship between journald and a traditional syslog daemon structured differently.

Share:
19,600

Related videos on Youtube

pouya
Author by

pouya

Updated on September 18, 2022

Comments

  • pouya
    pouya over 1 year

    Using sudo journalctl -u {service} I can see the log of specific service.

    1. How to find the associated log file?
    2. What is the best way to monitor a log file programmatically? (I mean a program the react based on something appears in the log file)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Journalctl and syslog: How does it actually work?
How can I output logs to a file from the content of a service with systemd
systemd-journald Doesn't start at all
systemd's journalctl: how to filter by message?
How to allow a user to use journalctl to see user-specific systemd service logs?
journalctl: how to display colors in its output?
How do view older journalctl logs (after a rotation maybe?)
Setting up journalctl on Ubuntu Linux
Why `journalctl --list-boots` doesn't match what `uptime` and `who -b` report?
Can I mask the systemd-journal-flush service and run journalctl --flush later manually?