How to configure your system to preserve system logs after a reboot

Log entries for the systemd-journald service, which is at the heart of the logging architecture in Red Hat Enterprise Linux (RHEL), do not persist across reboots.

This means entries are wiped after a reboot, so you won't have historical data for analysis. However, with a little configuration, you can keep log entries even after a reboot.

Keep system journals after a reboot

The process involves creating a storage location (probably in /var/log) and then editing the journald configuration to direct messages to that location.

Create a storage directory

First, create a journal directory under the /var/log directory:

[server]$ sudo mkdir /var/log/journal

Edit the journald.conf file

Edit the file /etc/systemd/journald.conf and set the Storage parameter to persistent (it is set to auto by default):

[server]$ sudo vim /etc/systemd/journald.conf
[Journal]
Storage=persistent 
[...]

[ How are your text editor skills? Read up on Vim and Nano competencies to find out. ] 

Restart systemd-journald

Next, restart the systemd-journald service:

[server]$ systemctl restart systemd-journald

Reboot the server

Finally, reboot the server to confirm the persistence of entries by listing the /var/log/journal content. You should have output that looks similar to this:

[server]$ ls /var/log/journal
75ab164a278e48be9cf80d80716a8cd9

Wrap up

The logging capabilities of systemd-journald are critical, but the default configuration does not preserve these logs. Having data to analyze is vital when troubleshooting or profiling your system. Use this simple configuration to keep your system journals for as long as you need them.

[ Free download: Advanced Linux commands cheat sheet. ]