For the logging service on systemd systems and the journalctl command used to view journald logs
systemd-journald is the journalling service in systems with systemd as init. From the manpage:
systemd-journald is a system service that collects and stores logging
data. It creates and maintains structured, indexed journals based on
logging information that is received from a variety of sources:
· Kernel log messages, via kmsg
· Simple system log messages, via the libc syslog(3) call
· Structured system log messages via the native Journal API, see
sd_journal_print(4)
· Standard output and standard error of system services
· Audit records, via the audit subsystem
The daemon will implicitly collect numerous metadata fields for each
log messages in a secure and unfakeable way.
journald logs are typically accessed by the journalctl command, which has a powerful set of options for filtering log entries of interest. By default journalctl without any options will show the whole log.
journalctl /usr/bin/sshd- logs from the/usr/bin/sshdcommandjournalctl -u sshd- logs from thesshdservice (or unit)journalctl -b1- logs from during the previous bootjournalctl _PID=123- logs from processes with PID 123journalctl -p3- filters output messages from log level alert, critical and error- and many other options.
