How to use journalctl to read Linux System Logse

Configurare noua (How To)

Situatie

Linux system logging changed with the introduction of systemd. Learn how to use the journalctl command to read and filter system log messages.

Solutie

journalctl With No Frills

You can invoke journalctl with no command line parameters:

journalctl displays the entire journal, with the oldest entries at the top of the list. The list is displayed in less, allowing you to page and search using the usual navigation features of less. You can also use the Left Arrow and Right Arrow keys to scroll sideways to read wide log entries.

Pressing the End key will hop straight to the bottom of the list, and the newest log entries.

Press Ctrl+C to exit.

Although journalctl can be called without using sudo, you will ensure you see all the detail within the log if you do use sudo.

sudo journalctl

If you need to, you can make journalctl send its output to the terminal window instead of to less, by using the –no-pager option.

The output scrolls quickly through the terminal window, and you are returned to the command prompt.

To limit the number of lines that journalctl returns, use the -n (lines) option. Let’s ask for ten lines of output:

sudo journalctl -n 10

Following Journal Updates

To make journalctl display the newest entries as they arrive in the journal, use the -f (follow) option.

sudo journalctl -f

The newest entry has a timestamp of 07:09:07. As new activity takes place, the new entries are appended to the bottom of the display. Near real-time updates—cool!

At 07:09:59 an application called geek-app injected a log entry into the journal that said, “New Message from HTG.”

Changing the Display Format

Because the journal is a binary file, the data in it needs to be translated or parsed into text before it can be displayed to you. With different parsers, different output formats can be created from the same binary source data. There are several different formats that journalctl can use.

The default output is the short format, which is very similar to the classic system log format. To explicitly request the short format, use the -o (output) option with the short modifier.

sudo journalctl -n 10 -o short-full

To obtain a complete date and time stamp use the short-full modifier:

sudo journalctl -n 10 -o short-full

Tip solutie

Permanent

Voteaza

Up Down
(2 din 3 persoane apreciaza acest articol)
Share
Tweet
Share

Despre Autor

Leave A Comment?