How to Use journalctl for Systemd Logs

journalctl is a command-line utility that allows you to query and display logs collected by the systemd journal service. It provides a straightforward interface for accessing system messages, application logs, and kernel logs. This tutorial will guide you through the various uses of journalctl for managing system logs effectively.

1. Checking Basic Logs

To view logged messages, simply run:

journalctl

This command displays all available logs starting from the oldest entries. You can scroll through the logs using the arrow keys or exit with q.

2. Viewing Logs in Reverse Order

If you want to see the most recent logs first, use the -r option:

journalctl -r

This displays the logs in reverse chronological order, making it easier to see the latest activities.

3. Filtering by Time

To filter logs based on time, use the --since and --until options:

journalctl --since="2022-02-01" --until="2022-02-10"

This command shows log entries from February 1 to February 10, 2022.

4. Filtering by Unit

If you want to see logs for a specific systemd service, use the -u option:

journalctl -u service_name

For example, to view logs related to the SSH service:

journalctl -u ssh.service

5. Searching for Specific Messages

To search for specific messages within logs, you can use grep:

journalctl | grep 'keyword'

This will display all log messages containing the specified keyword.

6. Persistent Logging

By default, logs are stored in memory and are lost after a reboot. To enable persistent logging so that logs are stored on disk, create the following directory:

sudo mkdir /var/log/journal

Ensure that the systemd-journald service is configured to use persistent storage through the configuration file located at /etc/systemd/journald.conf. Look for the [Journal] section, and set:

Storage=persistent

Restart the service for changes to take effect:

sudo systemctl restart systemd-journald

7. Conclusion

By following this tutorial, you have learned how to use journalctl to access and manage system logs in Linux. Effective log management is crucial for troubleshooting and monitoring system performance. Continue to explore the many options of journalctl to optimize your log analysis skills!

About the Author

Dorian Kane

Author

View All Posts