viernes, 29 de noviembre de 2019

[EN] Cleaning old systemd journal logs

Have you found that your folder is too big?

esther@Raton:~# du -hs /var/log/journal/
6,5G    /var/log/journal/

or

esther@Raton:~# du -hs /run/log/journal/
2,5G    /run/log/journal/


And have you found that once there you can't read any log messages?

esther@Raton:/var/log/journal/xxxxxxxxxxxxxxxxxxxxxxx# tail system.journal
L�8M�ތp�+2uW����.��+0OÈ�
                         �+B�ةO\@H�+ւ���|�X��+.�{EPр�+��)���ב�+o�
                                                                 �PX���+q���r�� �+"��)F���+�N��6���h�+l@����+n��Bm�B���+�{۳O�z�h�+�Z-9a���+"_�����+*(W4W8,FP�2���*�땠�OT� %$�����.fV�9P�| �J�8��8������3.��p�MESSAGE=XXXX [...]


Don't worry, that's pretty normal.

First of all, you can read your systemd journal log files just using

>  journalctl

and explore its options; some pretty useful may be
     --system                Show the system journal
     --user                  Show the user journal for the current user
  -r --reverse               Show the newest entries first
  -o --output=STRING         Change journal output mode (short, short-precise,
  -a --all                   Show all fields, including long and unprintable
     --vacuum-size=BYTES     Reduce disk usage below specified size
     --vacuum-files=INT      Leave only the specified number of journal files
     --vacuum-time=TIME      Remove journal files older than specified time


For example, for cleaning old files we have different ways using the last three options

> journalctl --vacuum-time=15d
> journalctl --vacuum-size=1G

Or you can check the live logs from a systemctl service using

> journalctl -xef -u systemctl.service