seeking how to find a fresh boot in the system log files
 

Consider that a workstation re-boots several times over the course of an hour. A single copy of /var/log/syslog will contain entries for each of these system start events.

Which log file entry always appears as the very first record of a fresh system start?

Is there some way to force the use of a fresh copy of
/var/log/syslog for each system boot?
(I would enable this when working a boot-time issue, then disable for routine running.)

Thanks in advance,
~~~ 0;-Dan

did you try the command last ?

Are you looking for boot log? Which OS? For SuSE and CentOS (RH), there is /var/log/boot.log, and previous boot logs with boot.log-<date> in CentOS.

The next time this happens, after a reboot, you can use tail to check the most recent x number of lines in the log file. https://www.linode.com/docs/quick-an...w-to-use-tail/

I did a short gig with a hosting provider several years ago and that was the technique they recommended in situations like this.

Thanks, syg00. You taught me something.

Happy to help. In the past when I have posted similar it usually resulted in a mindless anti-systemd flamefest.

You might check /var/log/kern.log for it's date/time stamp. Not really a test of a reboot, but if it's days old, you probably have NOT rebooted in days old. Or booted to a read-only filesystem where logging would be mostly pointless, or checking them. Something which you could check as a lowly user, versus needing groups like systemd-journal in your permissions, or admin access(root). Or having to resort to a variety of other methods depending on the init system of the week.

That would have to be done in the startup of the syslogd (and klogd) daemons, which is highly distro dependant (and especially on your startup system, like init, runit, upstart or systemd).
Essentially init does it with some kind of startup script, which you would have to modify. I'm always been more of a Unix person so am not familiar with other startup systems.

The whole of logging can only be started after the disks have been checked (for which they're either readonly or unmounted) and optionally have been decrypted (with a LUKS filesystem), so it comes rather late in the bootup sequence.

I've looked there, but the messages I'm seeing do not appear in /var/log/boot.log.
I'm also looking at dmesg without success.
Is there some way to enhance the contents of this /var/log/boot.log?

The messages blink by so fast, I've no idea which component is reporting.
Can someone tell me how to watch boot on a non-graphical console with CTRL-ALT-F1 or such?

Thanks in advance,
~~~ 0;-Dan

I still do not understand what do you want to achieve.

Over there on disk is /var/log/* with all of its log files and folders.

I shutdown and restart my workstation. During boot, various components write into these log files and folders.
When I look at the contents of these logs, other than a time stamp in the log content, which entry(s) tell me
"A system restart begins here?"

Is there some way that I can cause a log file entry using logger or similar?

Thanks in advance,
~~~ 0;-Dan

see post #2. Did you try the command last ?

Hi, I'm running Mint 18.3 at present. This is what I get from /var/log/syslog when I did a restart:

Nope! I don't profess to know what it all means. If you had a crash and a restart and want to see if you can find out what happened I'd be inclined to trawl through the syslog file to see when the timestamp changes and the reboot starts. (Note there are really only two timestamps mentioned in my file section above; 13:26:47 and 13:27:55) In a crash, the messages prior to the restart are the interesting ones which may highlight the problem (Assuming you can decode what they're trying to tell you!)
Note that my reboot messages appear at some random point within the syslog file.

No idea if that'll be of any assistance to you but good luck!

Play Bonny!

:hattip:

As pan64 has said a couple of times, gives me
where I've highlighted the last two boots of the server.
Is that not what you're asking?