No /var/log/messages?

baptizo · 13 January 2023 03:18

(Apologies if this is in the wrong category… wasn’t sure where to place it)

So I’m following along in “The Linux Command Line” book, learning about Linux/etc., and it’s directing me to take a look at /var/log/messages - but I can’t find that in my file system.

Here’s what my /var/log/ directory shows:

[me@here /var/log]$ 
total 300
drwxr-xr-x  10 root root             4096 Jan 12 18:37 .
drwxr-xr-x  12 root root             4096 Jan 11 18:48 ..
drwx------   2 root root             4096 Apr 21  2022 audit
-rw-------   1 root root            55192 Jan 12 18:37 boot.log
-rw-rw----   1 root utmp                0 Jan  3 06:12 btmp
drwxr-xr-x   2 root root             4096 Jun 10  2022 cups
drwxr-xr-x   2 root root             4096 Jun  6  2022 gssproxy
-rw-r--r--   1 root root               40 Jan  3 07:37 gufw.log
drwxr-sr-x+  4 root systemd-journal  4096 Jan  3 06:12 journal
-rw-rw-r--   1 root utmp                0 Jan  3 06:12 lastlog
drwx--x--x   2 root lightdm          4096 Jan 12 18:37 lightdm
drwxr-xr-x   2 root root             4096 Oct 19 07:12 old
-rw-r--r--   1 root root            15012 Jan 11 18:47 pacman.log
drwx------   2 root root             4096 Dec 23 20:35 private
drwxr-xr-x   2 root root             4096 Dec 19 01:52 samba
-rw-rw-r--   1 root utmp            22272 Jan 12 18:37 wtmp
-rw-r--r--   1 root root            36676 Jan 12 18:38 Xorg.0.log
-rw-r--r--   1 root root            37426 Jan 11 19:25 Xorg.0.log.old
-rw-r--r--   1 root root            33876 Jan  3 08:25 Xorg.1.log
-rw-r--r--   1 root root            33876 Jan  3 07:17 Xorg.1.log.old

I see others in this forum mentioning having /var/log/messages (though not in this context), so I’m assuming it should be there as a standard?

Thanks for your help.

xabbu · 13 January 2023 05:41

No, this is a relic from ancient times. However if you want it and don’t want to use the journal, you can set up systemd-journald to forward log entries to a syslog-daemon like syslog-ng or rsyslog.

See the Arch wiki for more infos on how to set it up.

https://wiki.archlinux.org/title/Systemd/Journal#Journald_in_conjunction_with_syslog
https://wiki.archlinux.org/title/Syslog-ng#syslog-ng_and_systemd_journal

stargazer · 13 January 2023 07:22

In addition to the above…

Yeah!

As a linux user on a current distribution that uses the systemd init system, logging is done via journald. Most mainstream distributions today, use systemd (vs SysVinit or Upstart). I think when reading anything on the Net, we have to verify certain things because the distribution, version of distribution, version of software, and personal customizations can alter things to some degree.

distrowatch can search for a distribution by init system and it shows which init system is used in a distribution’s details.
opensource .com - journals-systemd article. If you scroll to the bottom of the article, they have a link to a Digital Ocean tutorial. opensource .com has a series of articles on systemd and its various services. Unfortunately they aren’t indexed very well. This seems to be the start here. Systemd development has moved quickly, so documentation is kind of a moving target.

Working with the journal is a little different than syslog. It is a binary file and has a specific command to manage it, journalctl. This command uses a pager when displaying output. Whereas syslog is text file and you use a pager to view it. The pager is most likely less. So once you are displaying the filtered journal messages with journalctl, you are using less.

Some of the journalctl command options I use:

Display system messages

journalctl -b # current boot
journalctl -b 0 # the same
journalctl -b -1 # previouse boot

Search the current boot messages for regular expression (pattern)

journalctl -b -g 'pattern'

List all boot entries

journalctl --list-boots

Follow the journal so you can see messages as they happen (ctrl-c to exit)

journalctl -f

Display messages for a specific service (i.e., lightdm). This is a systemd-journald feature.

journalctl -b  -u lightdm

Display messages by priority (0-7)

journalctl -b  -p0..0 # emerg
journalctl -b  -p1..1 # alert
journalctl -b  -p0..2 # emerg thru critical
journalctl -b  -p2     # the same

Quick tips on less:

q - quit
arrows work to move up and down
/ - search for pattern forward
? - search for pattern backward
n - next
N - previous
g - top
G - bottom
h - help
-OPTION - inside less toggle an option; Case sensitivity is a useful one -i or -I

Remember to use the man pages.

Have Fun!

baptizo · 13 January 2023 16:34

The copy of “The Linux Command Line” I’m using is copyright 2019, fifth version. The book is good at what it does, and I’m surprised that for all the stuff the author mentions in the intro he didn’t mention that some of what he talks about won’t work for some systems.

Thanks for the additional learning references!

xabbu · 13 January 2023 16:52

Often the author specifies which distributions the books covers. It is usually not for Arch Linux or Manjaro. Most books are for the Debian- and/or Red Hat world.

For example, you might find a sentence like “I’ve tried to cover the two major distribution families: Debian
(including Ubuntu) and RHEL/Fedora/CentOS.” If the author is German you will get openSUSE too.

But some stuff is always universal.