The logs that are usually stored in the /var/log directory are missing on my Amazon Elastic Compute Cloud (Amazon EC2) Amazon Linux 2023 instance.
Resolution
The rsyslog service maintains various log files in the /var/log directory. Amazon Linux 2 keeps this service for backward compatibility. By default, the rsyslog service isn't installed in Amazon Linux 2023. So, the corresponding files in the /var/log directory, such as /var/log/messages, are also not available in Amazon Linux 2023.
The default service manager in Amazon Linux 2 and Amazon Linux 2023 is systemd, which uses systemd-journald to create logs.
How to query systemd-journald
Unlike rsyslog, the systemd-journald service doesn't record information into files, such as messages, secure, maillog, and spooler. Instead, systemd-journald stores system information in /var/log/journal.
To query the journal, run the journalctl command. The following are examples of common queries:
Check all logs
$ journalctl
Check logs in reverse order
$ journalctl -r
Check logs for a specified time duration
To check logs within the last 10 minutes, run the following command:
$ journalctl --since -10min
To check logs between a specific timestamp, run the following command:
$ journalctl --since "2023-06-21 10:50:00" --until "2023-06-21 11:00:00"
Check logs that are specific to a service
$ journalctl -u sshd
Check logs based on log level of messages, including emerg, alert, crit, err
$ journalctl -p err
Turn on log files in the /var/log/ directory on Amazon Linux 2023
To install the rsyslog package on Amazon Linux 2023 and start the service, run the following commands:
# dnf install rsyslog
# systemctl enable rsyslog --now
To validate that the logs are written to the messages files, run the following test:
# logger test_line
# grep "test_line" /var/log/messages
Jun 22 08:06:08 localhost root[1771]: test_line