Understanding systemctl, journald, and Targets: RHCSA System Management Essentials

Objective

System management in Linux can feel overwhelming to newcomers, especially when preparing for the RHCSA (Red Hat Certified System Administrator) exam. With the shift to systemd as the default init system in RHEL 9, knowing how to use tools like systemctl, journald, and understanding targets is no longer optional but essential. The objective of this blog is to provide RHCSA aspirants and Linux system administrators with a comprehensive understanding of systemctl, journald, and systemd targets. These are three core components of system management in modern RHEL-based systems. By breaking down these tools in a clear and practical manner, the blog aims to enhance the reader’s ability to manage services, troubleshoot issues, and control system states effectively, both for exam success and real-world application.

Why systemd matters ?

systemd is the modern init system and service manager used in RHEL and most major Linux distributions. It replaces older init systems like SysVinit and Upstart, providing faster boot times, parallel service startup, and advanced dependency handling.

What systemd manages:

• System boot sequences: Controls how and in what order the system starts.

• Services (daemons): Manages background processes like web servers, sshd, etc.

• Mount points: Manages filesystem mounting

• Devices: Manages device activation.

• Logging: Centralized logging through journald.

• Targets: Modern equivalent of runlevels, defining system states.

For RHCSA candidates, understanding how to interact with systemd through systemctl and how to interpret logs from journald is fundamental.

What is systemd?

systemd is a system and service manager that initializes the system during boot, manages services and processes, and keeps track of dependencies. It supports parallel startup of services and on-demand activation, making the system faster and more reliable.

Importance and Uses:

• Handles service lifecycle: start, stop, enable, disable, restart.

• Manages system states and dependencies.

• Supports socket and device activation (services start when needed).

• Offers improved logging via journald.

Getting to Know systemctl

systemctl is the primary command-line utility to control systemd. It lets you manage services, check their status, enable or disable them at boot, and manage system states. Below are the following commands used frequently :

• Starting and Stopping Services

sudo systemctl start httpd.service # Starts the httpd (Apache web server) service immediately.
sudo systemctl stop firewalld.service # Stops the firewalld (firewall) service immediately.
                            

• Enabling and Disabling Services

sudo systemctl enable nginx.service # Configures nginx service to start automatically at boot.
sudo systemctl disable nginx.service # Prevents nginx service from starting automatically at boot.

• Checking Service Status

sudo systemctl status sshd.service  # Shows whether the sshd service is running, enabled, and recent logs.

• Restarting and Reloading

sudo systemctl restart network.service  # Stops and then starts the network service to apply changes.
sudo systemctl reload sshd.service  # Reloads sshd service configuration without interrupting active connections.

• Masking a Service

sudo systemctl mask telnet.service  # Disables telnet service completely by linking it to /dev/null.

# Prevents both manual and automatic starts.
sudo systemctl unmask telnet.service  # Removes the mask and allows telnet service to start again.

• Checking if a Service is Enabled or Active

sudo systemctl is-enabled mariadb.service  # Returns whether mariadb service is enabled to start at boot.
sudo systemctl is-active mariadb.service  # Returns whether mariadb service is currently running.

What is journald?

journald is the logging service of systemd. It collects logs from the kernel, system services, and user applications into a centralized, structured journal. This allows for advanced filtering and searching capabilities compared to traditional syslog.

Importance and Uses:

• Centralized log collection.

• Time-range and service-specific log querying.

• Persistent logging to aid forensic analysis.

• Real-time log monitoring.

Understanding journald commands

• View All Logs

journalctl # Displays all system logs from all services and kernel.

• View Logs for a Specific Service

journalctl -u sshd.service # Shows logs only for the sshd service.

• Show Real-Time Logs

journalctl -f  # Follows the journal in real-time (like 'tail -f' for logs).

• Show Logs Since Boot

journalctl -b  # Displays logs collected since the last system boot.

• View Logs Between Dates

journalctl --since "2025-05-01" --until "2025-05-02"  # Shows logs between May 1, 2025, and May 2, 2025.

• View Logs by Priority

journalctl -p err # Shows only error-level logs and above (error, critical, alert).

What are Targets?

Targets are systemd units that group other units together to define system states, like traditional runlevels. They control which services and units run in different modes (e.g., graphical, multi-user, rescue).

Importance and Uses:

• Control system boot levels (rescue, multi-user, graphical).

• Smooth transitions between system states.

• Create custom environment configurations.

• Facilitate troubleshooting by isolating minimal services.

Targets: Modern Runlevels

Traditional runlevels are replaced by systemd targets:

• Check Current Default Target

systemctl get-default  # Shows the default target the system boots into.

• Set Default Target

sudo systemctl set-default multi-user.target  # Sets the default target to  multi-user (non-GUI multi-user mode).

• Switch to a Different Target (Instantly)

sudo systemctl isolate rescue.target  # Switch system immediately to rescue mode (single-user).

• List All Targets

systemctl list-units --type=target  # Lists all loaded target units currently active or available.

• Create a Custom Target

To create a custom target, create a .target file in /etc/systemd/system/ and define dependencies and wanted units. This is advanced but useful to group specific services together.

Real-World Examples and RHCSA Exam Relevance

Troubleshooting a Service (httpd)

systemctl status httpd  # Check if httpd service is running or failed
journalctl -u httpd -b  # View httpd logs since last boot to identify errors
systemctl list-dependencies httpd  # Check dependent units that httpd service needs
sudo systemctl restart httpd  # Restart httpd to apply fixes or configuratio changes

Switching to Rescue Mode to Fix Issues

sudo systemctl isolate rescue.target # Switch to rescue mode for troubleshooting (root shell).

Best Practices to Remember

• Always use systemctl instead of legacy commands like service or chkconfig.

• Use journalctl filtering options (-u, -p, --since) to quickly find errors.

• Know the difference between rescue.target (basic single-user mode) and emergency.target (minimal shell).

• Test changes with systemctl isolate before setting a target as default with set-default.

Conclusion

Mastering the core components of system management—systemctl, journald, and systemd targets—is absolutely essential for anyone preparing for the RHCSA exam or aiming to excel as a Linux system administrator in today’s enterprise environments. These tools are the foundation of modern system control, enabling you to efficiently manage services, monitor logs, and control system states with precision and confidence. For those who want to go beyond theoretical knowledge and engage in hands-on learning, platforms like RHCSA.GURU provide invaluable practical labs, simulated exam environments, and expert guidance designed to reinforce your skills and boost your exam readiness. Investing time in mastering these concepts today will pay dividends in your Linux career tomorrow, ensuring you can confidently manage modern Red Hat Enterprise Linux systems both during and after your certification journey.