journalctl and system logs
In this section, we will review journalctl in detail and then briefly examine the rsyslog alternative and the dmesg separate kernel log tool. Finally, we will look at the KSystemLog GUI tool, as its filtering and sorting functions provide easier and more effective log exploration.
On Linux, hundreds of events are logged at each boot, during normal operation, and on power off. All system changes at runtime write log entries, the kernel also logs messages, and many daemons and processes write logs on different events. The resulting logs can be big, so its messages are provided only when requested. journald, the systemd tool suite daemon, unites and handles them so we can get all the information at once. It uses a binary format, so we cannot read its data directly; instead, we use the journalctl command (which we have already used for ufw in Chapter 12). journald supports data compression to optimize memory usage and upload-to-server to get logs remotely...
