F5F Stay Refreshed Software Operating Systems Keep system logs when a proper shutdown fails

Keep system logs when a proper shutdown fails

Keep system logs when a proper shutdown fails

J
JacobLouis30
Posting Freak
Find
856
03-22-2016, 12:52 AM
#1
In Linux there are numerous logs, but not every one is kept in RAM. When you shut down your PC while powering off, the system may lose current logs, and if it doesn't shut down correctly, those logs can be cleared during boot. To prevent this, you might want to set a kernel flag or modify the GRUB boot string so logs aren't removed after startup. P.S. So far I've only tried accessing these logs from a live USB or another machine to see how they're managed.
Reply
Reply
J
JacobLouis30
03-22-2016, 12:52 AM #1

In Linux there are numerous logs, but not every one is kept in RAM. When you shut down your PC while powering off, the system may lose current logs, and if it doesn't shut down correctly, those logs can be cleared during boot. To prevent this, you might want to set a kernel flag or modify the GRUB boot string so logs aren't removed after startup. P.S. So far I've only tried accessing these logs from a live USB or another machine to see how they're managed.

Reply
Reply
D
diogo218dvdv
Senior Member
Find
514
03-22-2016, 01:19 AM
#2
You want to retain specific logs. Live media stores logs in RAM and doesn’t persist them, so you’ll need alternative methods to capture them after shutdown.
Reply
Reply
D
diogo218dvdv
03-22-2016, 01:19 AM #2

You want to retain specific logs. Live media stores logs in RAM and doesn’t persist them, so you’ll need alternative methods to capture them after shutdown.

Reply
Reply
B
Boweetles
Junior Member
Find
36
03-26-2016, 06:32 PM
#3
System encounters issues / details about swap and power fluctuations / check journalctl / kernel logs and so On. No, I won't attempt to retrieve logs for live systems, as actual management is already in place on the PC.
Reply
Reply
B
Boweetles
03-26-2016, 06:32 PM #3

System encounters issues / details about swap and power fluctuations / check journalctl / kernel logs and so On. No, I won't attempt to retrieve logs for live systems, as actual management is already in place on the PC.

Reply
Reply
R
Roycie_Bear
Member
Find
181
03-31-2016, 07:49 PM
#4
Old boot files need to be kept using systemd-journald. Use journalctl --list-boots to see them. For crash analysis, kdump is a better option instead of journalctl --boot -1. If you want more details about system crashes, check the kdump documentation at https://wiki.archlinux.org/title/Kdump
Reply
Reply
R
Roycie_Bear
03-31-2016, 07:49 PM #4

Old boot files need to be kept using systemd-journald. Use journalctl --list-boots to see them. For crash analysis, kdump is a better option instead of journalctl --boot -1. If you want more details about system crashes, check the kdump documentation at https://wiki.archlinux.org/title/Kdump

Reply
Reply
_
_Emmie_
Junior Member
Find
8
04-02-2016, 05:42 PM
#5
When shutting down improperly, which journal is typically cleared upon startup?
Reply
Reply
_
_Emmie_
04-02-2016, 05:42 PM #5

When shutting down improperly, which journal is typically cleared upon startup?

Reply
Reply
R
RoiMP
Member
Find
80
04-02-2016, 07:22 PM
#6
If I am not mistaking, the only thing that should be lost is data that hasn't yet been committed, it's flushed to the actual log file in intervals, making a backup at the time of the commit. The logs are only deleted when they reach there configured limit, which can be configured in "/etc/systemd/journald.conf", https://www.freedesktop.org/software/sys....conf.html . If your losing them on boot, then either journald has been configured to live in ram or your experiencing corruption. It is also possible that we are not talking about the same logs, but I assume we are. For a quick test. I purposely crashed a server and forcefully restarted it (physically removed power while on). This is on a Arch Linux Server with the XFS Filesystem as root and default journald settings.
Reply
Reply
R
RoiMP
04-02-2016, 07:22 PM #6

If I am not mistaking, the only thing that should be lost is data that hasn't yet been committed, it's flushed to the actual log file in intervals, making a backup at the time of the commit. The logs are only deleted when they reach there configured limit, which can be configured in "/etc/systemd/journald.conf", https://www.freedesktop.org/software/sys....conf.html . If your losing them on boot, then either journald has been configured to live in ram or your experiencing corruption. It is also possible that we are not talking about the same logs, but I assume we are. For a quick test. I purposely crashed a server and forcefully restarted it (physically removed power while on). This is on a Arch Linux Server with the XFS Filesystem as root and default journald settings.

Reply
Reply