Preserving the Systemd Journal

Systemd Journal Overview

  • Default Behavior:

    • The systemd journal is not persistent by default.

    • This design choice is due to the presence of rsyslog, which handles log persistence.

    • All journal messages are forwarded to the rsyslog service.

    • Rsyslog retains logs in the firewall directory, enabling easier access to log information.

Rsyslog and Log Persistence

  • Functionality of Rsyslog:

    • Rsyslog provides necessary filtering options for efficient log management.

    • It ensures the persistence of logs even when the systemd journal is not persistent.

Making Systemd Journal Persistent

  • RHCSA Exam Objective: Understanding how to change journal settings to make it persistent.

  • Configuration Location: The settings can be found in libsystemdjournal.com.

  • Key Settings:

    • Storage: Set to auto, which means persistent storage will be enabled automatically once the directory is created.

    • Log Rotation:

    • By default, it triggers monthly.

    • Utilizes no more than 10% of the filesystem size.

    • Can use no more than 15% of the free filesystem size.

Checking Current Journal Settings

  • To view current settings, use the following command:

  journalctl | grep -E 'runtime journal|system journal'

  • This command will display the settings for the runtime journal and the system journal.

    • Example Output Considerations:

  • The command uses an extended regular expression to search for both journal types.

  • Example parameters may include a size of 8 megabytes among other configuration details.

Steps to Enable Persistent Journal

  1. Check Current Configuration:

   journalctl | grep -E 'runtime journal|system journal'

  1. Verify and Modify Storage Setting:

    • Check the storage setting in /usr/lib/systemd/journal.conf:

      • It should be set to auto.

  2. Create Required Directory:

   mkdir /var/log/journal

  1. Restart Systemd Journal Flush Service:

   systemctl restart systemd-journal-flush.service

  • Note: Restarting the service is necessary to enable persistent logging; otherwise, a full system restart is required.

  1. Verify Persistence:

    • After the above commands, confirm in /var/log/journal that the persistent journal has been created.

Conclusion

  • Enabling persistent logging in the systemd journal is a crucial skill for system administration and is an essential topic for the RHCSA certification.

  • Remind oneself of the steps: checking configurations, modifying settings, creating directories, and appropriately restarting services to ensure persistence in logging.