Another component of systemd is journald, which handles logging. The systemd method of journald enables binary logs, which is quite a different approach to simple text files as used before. Due to the fact that many distributions which have adopted systemd are still in a transitional phase, you're likely to still see text file logs in /var/log
in much the same way as you still may see init scripts in /etc/init.d
. It's always recommended to use the systemd approach whenever possible, as that is the current solution that distributions are moving toward.
You can view journald logs with the journalctl
command. In addition, various options can be used with the journalctl
command in order to narrow down the output or perform certain actions. For example, you can use journalctl -f
to follow new log output on your system, similar to how you could do the same with tail -f
against log files stored in /var/log
. Additionally, you can use journalctl
to show output from a particular PID. To do so, simply use journalctl
with PID=
along with a PID. For example, to view output from PID 11753
, you would execute the following command:
journalctl PID=11753
In addition, you can use the name of the unit to show its output:
journalctl -u sshd
While journalctl
is relatively simple to use, for those of you that are accustomed to the pervious syslog style of logging will be happy to know that you can (at least for now) still navigate to /var/log
and peruse the logs there. For example, the dmesg
command and log is still alive and well. But while journalctl
and the concept of binary logs may take a while to get used to, I'm sure you'll find with practice that it is actually very handy.