Code-Memo

Log management (syslog, journald)

journald (systemd journal)

View logs:

journalctl
journalctl -b                 # current boot
journalctl -b -1              # previous boot
journalctl -u ssh             # unit logs
journalctl -f                 # follow

Time filtering:

journalctl --since "2026-05-05 09:00" --until "2026-05-05 10:00"

Size / retention:

journalctl --disk-usage
sudo journalctl --vacuum-time=14d
sudo journalctl --vacuum-size=500M

syslog (rsyslog/syslog-ng)

Common files (distro-dependent):

/var/log/syslog (Debian/Ubuntu)
/var/log/messages (RHEL/CentOS)
/var/log/auth.log or /var/log/secure

Quick tail (GNU coreutils):

sudo tail -n 200 /var/log/syslog
sudo tail -f /var/log/auth.log

Logrotate

Config:

/etc/logrotate.conf
/etc/logrotate.d/*

Test:

sudo logrotate -d /etc/logrotate.conf

Tips

Prefer journalctl -u <unit> for systemd-managed services
Use structured filters first, then grep if needed

systemd and systemctl

Code-Memo

Log management (syslog, journald)

journald (systemd journal)

syslog (rsyslog/syslog-ng)

Logrotate

Tips

Related