Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use the journalctl command under Linux". Interested friends may wish to have a look at it. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn how to use the journalctl command under Linux.

Before the emergence of Systemd, the logs of Linux systems and applications were managed separately, and Systemd began to manage the startup logs of all Unit. The advantage of this is that you can view the logs of all kernels and applications with only one journalctl command.

1) how to keep the log in the system for a long time?

Journal logging is enabled by default in most Linux distributions, but it stores log data in / run/log/journal/ and is deleted on restart. If you want the log to be saved permanently, perform the following steps, which will automatically create the / var/log/journal/ directory.

Open the / etc/systemd/journald.conf file as root and uncomment the line "Storage=auto" and change it to "Storage=persistent". Alternatively, you can use the sed command to replace the matching string in the file.

[root@server1] # sed-I'/ Storage/ c\ Storage=persistent' / etc/systemd/journald.conf

Restart the systemd-journald service:

[root@server1 ~] # systemctl restart systemd-journald

Modify / var/log/journal permissions:

[root@server1] # chown-R root:systemd-journal / var/log/journal

Now you can see the log in the directory.

2) options commonly used in journalctl

Before using the Journalctl tool, you can learn about some common options:

-f: displays the last 10 logs in real time. -e: jump to the end of the log to display the latest events. -r: prints log messages in reverse chronological order.-k: only kernel logs are displayed. -u: only messages for the specified systemd Unit are displayed. -b: displays a message from a specific boot, or the current boot message if a specific boot session is not included. -list-boots: displays the boot number (relative to the current boot), its id, and the timestamp of the first and last message related to the boot. -utc: expressed in UTC time. -p,-priority=: filter the output by message priority. -S,-since=: filter logs based on start time-U,-until=: filter logs based on end time-disk-usage: displays the current disk usage of all log files. 3) how to use journalctl to read logs

3.a) use the journalctl command to view the basic log

When journalctl has no option, it displays the full contents of the log, listing the oldest records first.

It uses the less command on the back end to display the log.

[root@server1 ~] # journalctl

3.b) display logs in reverse order

The above output displays the logs in chronological order. If you want to put the latest log first, you need to add the-r option.

[root@server1 ~] # journalctl-r

3.C) display logs with a specified number of lines

You can use the-n option to display only the logs with a specified number of lines in the log, as follows:

[root@server1 ~] # journalctl-n 20

3.d) View logs in real time

You can use the-f option to view the real-time log, as shown below. This is useful when troubleshooting some problems.

[root@server1] # journalctl-f

3.e) display only kernel logs

The filter can be used according to your needs. To display only kernel logs, you can use the-k option. This is equivalent to field matching _ TRANSPORT=kernel.

[root@server1 ~] # journalctl-k or [root@server1 ~] # journalctl _ TRANSPORT=kernel

3.f) filter out the system boot log

Each time you boot the system, a new boot entry is created in the log. To list all available boots, run the following command:

[root@server1] # journalctl-- list-boots-1 5d845cc6c67746bdabd9b9a91c0d86ee Tue 2021-06-08 14:58:47 CST-Fri 2021-06-11 08:32:36 CST0 5690a1c73db146bb8ceeaf3c8b1086f5 Wed 2021-06-16 15:40:42 CST-Wed 2021-06-16 15:41:20 CST

The system boot log is prefixed with a number starting at 0.' 0' refers to the current startup. The boot session "- 1" is the last booted session, and so on. Use the following command to display the logging of this system boot:

[root@server1 ~] # journalctl-b 0

To view the record of the last system boot, do the following:

[root@server1] # journalctl-b-1

3.g) filtering based on time interval

Logs can be filtered based on the interval. Multiple parameters can be used with the time filter, as shown below. To use a time filter, use the "- S or-since" and "- U or-until" command line switches.

To filter the logs from yesterday to the present, run the following command:

[root@server1] # journalctl-S yesterday

To filter only today's logs, run the following command:

[root@server1 ~] # journalctl-S today or [root@server1 ~] # journalctl-S 00:00

If you filter only yesterday's logs, not today's, run the following command:

[root@server1] # journalctl-S yesterday-- until 00:00

To filter logs since March 12, run the following command:

[root@server1] # journalctl-S 2021-03-12

To use the date and time to filter the log, run the following command.

Note: date and time format: year-month-day hour:minute:second

[root@server1] # journalctl-S "2021-06-01 20:00:00"-U "2021-06-16"

To filter messages for the past hour, use the following command:

[root@server1] # journalctl-S-1h

3.h) filter by priority

Filtering can be applied to message priorities, which is useful when you want to filter specific messages such as "Warn" or "Error".

All priorities are listed below:

PriorityCode0emerg1alert2crit3err4warning5notice6info7debug [root@server1 ~] # journalctl-p 3-b or [root@server1 ~] # journalctl-p err-b4) Field-based filtering

Journal logs can be filtered by specific fields. The syntax of the field to match is FIELD_NAME=MATCHED_VALUE, for example, SYSTEMD_UNIT=httpd.service'. In addition, you can specify multiple matches in a single query to filter output messages in a more convenient way.

4.A) filter by Unit

To display messages generated by the specified service, use the command given below. You can also filter any service message.

[root@server1 ~] # journalctl-u sshd.service or [root@server1 ~] # journalctl _ SYSTEMD_UNIT=sshd.service

4.b) filter by device path

To filter messages related to a specific device, run the following command:

[root@server1 ~] # journalctl / dev/sda5) check the disk usage of log files

When you enable persistent storage for journal logs, it uses at most "10%" of the file system capacity on which / var/log/journal resides.

When you enable persistent storage for log logs, it uses at most "10%" of the file system on which "/ var/log/journal" resides.

[root@server1] # journalctl-- disk-usageArchived and active journals take up 16.0m in the file system.

At this point, I believe you have a deeper understanding of "how to use the journalctl command under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.