seeking how to find a fresh boot in the system log files
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
seeking how to find a fresh boot in the system log files
Consider that a workstation re-boots several times over the course of an hour. A single copy of /var/log/syslog will contain entries for each of these system start events.
Which log file entry always appears as the very first record of a fresh system start?
Is there some way to force the use of a fresh copy of /var/log/syslog for each system boot?
(I would enable this when working a boot-time issue, then disable for routine running.)
You might check /var/log/kern.log for it's date/time stamp. Not really a test of a reboot, but if it's days old, you probably have NOT rebooted in days old. Or booted to a read-only filesystem where logging would be mostly pointless, or checking them. Something which you could check as a lowly user, versus needing groups like systemd-journal in your permissions, or admin access(root). Or having to resort to a variety of other methods depending on the init system of the week.
Which log file entry always appears as the very first record of a fresh system start?[/CODE]
None, as the syslog facility isn't active yet. A lot of systems will make a copy of the kernel diagnostic mesgs in a file (in MY system /var/log/dmesg) and that then is the first info about the reboot.
[CODE]Is there some way to force the use of a fresh copy of /var/log/syslog for each system boot?
That would have to be done in the startup of the syslogd (and klogd) daemons, which is highly distro dependant (and especially on your startup system, like init, runit, upstart or systemd).
Essentially init does it with some kind of startup script, which you would have to modify. I'm always been more of a Unix person so am not familiar with other startup systems.
The whole of logging can only be started after the disks have been checked (for which they're either readonly or unmounted) and optionally have been decrypted (with a LUKS filesystem), so it comes rather late in the bootup sequence.
Are you looking for boot log? Which OS? For SuSE and CentOS (RH), there is /var/log/boot.log, and previous boot logs with boot.log-<date> in CentOS.
I've looked there, but the messages I'm seeing do not appear in /var/log/boot.log.
I'm also looking at dmesg without success.
Is there some way to enhance the contents of this /var/log/boot.log?
The messages blink by so fast, I've no idea which component is reporting.
Can someone tell me how to watch boot on a non-graphical console with CTRL-ALT-F1 or such?
I still do not understand what do you want to achieve.
Over there on disk is /var/log/* with all of its log files and folders.
I shutdown and restart my workstation. During boot, various components write into these log files and folders.
When I look at the contents of these logs, other than a time stamp in the log content, which entry(s) tell me
"A system restart begins here?"
Is there some way that I can cause a log file entry using logger or similar?
Distribution: Cinnamon Mint 20.1 (Laptop) and 20.2 (Desktop)
Posts: 1,672
Rep:
Hi, I'm running Mint 18.3 at present. This is what I get from /var/log/syslog when I did a restart:
Code:
Dec 28 13:26:29 HP-Z400-Workstation kernel: [ 543.810423] [UFW BLOCK] IN=enp1s0 OUT= MAC=01:00:5e:00:00:fb:00:d0:b8:1
9:94:51:08:00 SRC=192.168.0.26 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0xC0 TTL=1 ID=0 DF PROTO=2
Dec 28 13:26:46 HP-Z400-Workstation cinnamon-session[2253]: WARNING: t+511.93396s: Playing logout sound '/usr/share/mi
nt-artwork-cinnamon/sounds/logout.ogg'
Dec 28 13:26:46 HP-Z400-Workstation cinnamon-session[2253]: WARNING: t+512.03512s: Finished playing logout sound
Dec 28 13:26:46 HP-Z400-Workstation cinnamon-session[2253]: WARNING: t+512.03516s: Resuming logout sequence...
Dec 28 13:26:47 HP-Z400-Workstation cinnamon-session[2253]: GLib-GIO-CRITICAL: t+512.98112s: g_dbus_connection_call_sy
nc_internal: assertion 'G_IS_DBUS_CONNECTION (connection)' failed
Dec 28 13:26:47 HP-Z400-Workstation cinnamon-session[2253]: WARNING: t+512.98130s: Requesting system restart...
Dec 28 13:26:47 HP-Z400-Workstation cinnamon-session[2253]: WARNING: t+512.98165s: Attempting to restart using systemd
...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped target Sound Card.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping User Manager for UID 1000...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping RealtimeKit Scheduling Policy Service...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Manage, Install and Generate Color Profiles...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping ACPI event daemon...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped target Bluetooth.
Dec 28 13:26:47 HP-Z400-Workstation bluetoothd[1195]: Terminating
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Bluetooth service...
Dec 28 13:26:47 HP-Z400-Workstation bluetoothd[1195]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSour
ce
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Authenticate and Authorize Users to Run Privileged Tasks...
Dec 28 13:26:47 HP-Z400-Workstation bluetoothd[1195]: Endpoint unregistered: sender=:1.52 path=/MediaEndpoint/A2DPSink
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Console Manager...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped target Timers.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped Daily apt upgrade and clean activities.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped Daily apt download activities.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped target System Time Synchronized.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Disk Manager...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Closed Load/Save RF Kill Switch Status /dev/rfkill Watch.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Daemon for power management...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped Daily Cleanup of Temporary Directories.
Dec 28 13:26:47 HP-Z400-Workstation nvidia-persistenced: Received signal 15
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping flatpak system helper...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping NVIDIA Persistence Daemon...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopping Save/Restore Sound Card State...
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped Stop ureadahead data collection 45s after completed startup.
Dec 28 13:26:47 HP-Z400-Workstation systemd[1]: Stopped target Graphical Interface.
Dec 28 13:26:47 HP-Z400-Workstation rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1130" x-info="http
://www.rsyslog.com"] exiting on signal 15. <--- SYSTEM STOPPED AT THIS POINT
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd: [origin software="rsyslogd" swVersion="8.16.0" x-pid="1164" x-info="http
://www.rsyslog.com"] start <--- SYSTEM RESTARTS FROM HERE
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd-2222: command 'KLogPermitNonKernelFacility' is currently not permitted -
did you already set it via a RainerScript command (v6+ config)? [v8.16.0 try http://www.rsyslog.com/e/2222 ]
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd: rsyslogd's groupid changed to 108
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd: rsyslogd's userid changed to 104
Dec 28 13:27:55 HP-Z400-Workstation systemd-modules-load[420]: Inserted module 'lp'
Dec 28 13:27:55 HP-Z400-Workstation systemd-modules-load[420]: Inserted module 'ppdev'
Dec 28 13:27:55 HP-Z400-Workstation systemd-modules-load[420]: Inserted module 'parport_pc'
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Create list of required static device nodes for the current ke
rnel.
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Starting Create Static Device Nodes in /dev...
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Apply Kernel Variables.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] microcode: microcode updated early to revision 0x1d, date =
2018-05-11
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Linux version 4.15.0-43-generic (buildd@lcy01-amd64-007) (g
cc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.10)) #46~16.04.1-Ubuntu SMP Fri Dec 7 13:31:08 UTC 2018 (Ubuntu 4.15
.0-43.46~16.04.1-generic 4.15.18)
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Command line: BOOT_IMAGE=/boot/vmlinuz-4.15.0-43-generic ro
ot=UUID=a37d1251-ba0e-42de-81c1-5c62e58f1e38 ro quiet splash vt.handoff=7
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] KERNEL supported cpus:
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Intel GenuineIntel
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Mounted FUSE Control File System.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] AMD AuthenticAMD
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Centaur CentaurHauls
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] x86/fpu: x87 FPU will use FXSAVE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] e820: BIOS-provided physical RAM map:
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x0000000000000000-0x00000000000957ff] usab
le
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Mounted Debug File System.
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Mounted POSIX Message Queue File System.
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Mounted Configuration File System.
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Mounted Huge Pages File System.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x0000000000095800-0x000000000009ffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x00000000000e8000-0x00000000000fffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Remount Root and Kernel File Systems.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x0000000000100000-0x00000000defa57ff] usab
le
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x00000000defa5800-0x00000000dfffffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x00000000f0000000-0x00000000f3ffffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x00000000fec00000-0x00000000fed3ffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Create Static Device Nodes in /dev.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x00000000fed45000-0x00000000ffffffff] rese
rved
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BIOS-e820: [mem 0x0000000100000000-0x000000041fffffff] usab
le
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] NX (Execute Disable) protection: active
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] SMBIOS 2.6 present.
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Starting udev Kernel Device Manager...
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] DMI: Hewlett-Packard HP Z400 Workstation/0B4Ch, BIOS 786G3
v03.60 02/24/2016
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] e820: update [mem 0x00000000-0x00000fff] usable ==> reserve
d
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Starting Flush Journal to Persistent Storage...
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] e820: remove [mem 0x000a0000-0x000fffff] usable
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] e820: last_pfn = 0x420000 max_arch_pfn = 0x400000000
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] MTRR default type: write-back
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] MTRR fixed ranges enabled:
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd-2039: Could not open output pipe '/dev/xconsole':: No such file or direct
ory [v8.16.0 try http://www.rsyslog.com/e/2039 ]
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 00000-9FFFF write-back
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Starting udev Coldplug all Devices...
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] A0000-BFFFF uncachable
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Starting Load/Save Random Seed...
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] C0000-E7FFF write-protect
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] E8000-EFFFF write-back
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] F0000-FFFFF write-protect
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] MTRR variable ranges enabled:
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 0 base 0E0000000 mask FE0000000 uncachable
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 1 base 420000000 mask FE0000000 uncachable
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started LVM2 metadata daemon.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 2 disabled
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 3 disabled
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 4 disabled
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 5 disabled
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Load/Save Random Seed.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 6 disabled
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] 7 disabled
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Flush Journal to Persistent Storage.
Dec 28 13:27:55 HP-Z400-Workstation rsyslogd-2007: action 'action 10' suspended, next retry is Fri Dec 28 13:28:25 201
8 [v8.16.0 try http://www.rsyslog.com/e/2007 ]
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] x86/PAT: Configuration [0-7]: WB WC UC- UC WB WP UC- W
T
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] e820: last_pfn = 0xdefa5 max_arch_pfn = 0x400000000
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] found SMP MP-table at [mem 0x000f9bf0-0x000f9bff] mapped at
[ (ptrval)]
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Scanning 1 areas for low memory corruption
Dec 28 13:27:55 HP-Z400-Workstation loadkeys[419]: Loading /etc/console-setup/cached.kmap.gz
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] Base memory trampoline at [ (ptrval)] 8f000 size 245
76
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started Set console keymap.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b93f000, 0x33b93ffff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b940000, 0x33b940fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b941000, 0x33b941fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b942000, 0x33b942fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b943000, 0x33b943fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b944000, 0x33b944fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation systemd[1]: Started udev Coldplug all Devices.
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b945000, 0x33b945fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b946000, 0x33b946fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] BRK [0x33b947000, 0x33b947fff] PGTABLE
Dec 28 13:27:55 HP-Z400-Workstation kernel: [ 0.000000] RAMDISK: [mem 0x314d2000-0x34a60fff]
... Loadsmore startup messages...
Nope! I don't profess to know what it all means. If you had a crash and a restart and want to see if you can find out what happened I'd be inclined to trawl through the syslog file to see when the timestamp changes and the reboot starts. (Note there are really only two timestamps mentioned in my file section above; 13:26:47 and 13:27:55) In a crash, the messages prior to the restart are the interesting ones which may highlight the problem (Assuming you can decode what they're trying to tell you!)
Note that my reboot messages appear at some random point within the syslog file.
No idea if that'll be of any assistance to you but good luck!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.