How to use Journalctl to read Linux logs?

Linux sits at the heart of most of the world’s cloud and enterprise infrastructures. It’s also the foundation of Android. As a result, every serious developer has to know how to use it, and that includes its log files.

If you’re a Linux user who spends any time at all tinkering with their system, you need to be familiar with the journalctl command. This utility is the primary tool for reading and managing logs in the Linux operating system. Whether you’re looking to troubleshoot a networking issue, or just want to see how your system is running, journalctl can give you exactly the information you need.

As an avid Linux user, you know that when you experience problems with your system, it’s often just a matter of looking at the system logs to remedy the situation. All system, boot and kernel log files are stored in one place for easy access by the user.

In this article we will look at journalctl to see how Linux logs can be read.

Also read : How do you stop Linux from the command line?

The command itself is easy to use. Just type journalctl into the terminal and hit enter. You will see the entire log file with all the log entries. Note that the oldest entries are at the top.

The list of log messages is displayed in smaller numbers so that you can browse through the file with normal navigation. You can also use the left and right arrow keys to move the terminal window if the log message seems too large.

Pressing the End key takes you to the end of the list where the last messages in the logbook are listed. The key combination Ctrl + C completes the command.

Running journalctl with sudo gives much more information.

Another thing to note is that although you can run the journalctl command without sudo, running it together ensures that you don’t miss any administrator-level log messages. If you want to limit the output of the log or output it directly to the terminal, you can use the -n (number of lines) or -no-pager flags.

Also read : Explanation of the Linux command Chown

While the basic syntax of this command gives you all the information you need, there are additional flags or options that you can combine with the journalctl command to give you more control over the journal entries output.

Display of latest data in real time

You can use the -f flag to display all new log lines added to the log file.

sudo journalctl -f

Changing the display format

By default, the log data is analyzed in the so-called short format. This format is very similar to the normal log file format we are used to.

To print the logs explicitly in a short format, use the following command.

sudo journalctl -n 10 -o short

To get the full timestamp, use the short-full flag.

sudo journalctl -n 10 -o short-full

To view the metadata of each log message, use the verbose flag.

sudo journalctl -n 10 -o verbose

You can get the log output in JSON format with the following command.

sudo journalctl -n 10 -o json

Or in a nice JSON with this.

sudo journalctl -n 10 -o json-pretty

Finally, if you want to see only the log messages without the timestamp, use this command.

sudo journalctl -n 10 -o cat

Selection of log messages by time period

To display logs for a specific time period, you can use the -S (since) and -U (until) flags to specify the time period.

sudo journalctl -S 2021-01-12 07:00:00

The above command displays log entries from a specific date and time. You can also add an end time with the -U flag.

sudo journalctl -S 2020-01-12 07:00:00 -U 2020-10-12 07:00:00

Also read : Explanation of the Sudo command under Linux

Consideration of relative time periods

It is not always necessary to specify exact periods. You can also specify specifiers such as today or yesterday to receive log messages.

sudo journalctl -S -2d

The above command retrieves all log entries from the last two days up to the time you ran the command. You can use h, m or w to enter hours, minutes and weeks respectively. You can also specify yesterday, today and tomorrow (yes, you read that correctly).

You can also combine these relative time periods with the -S and -U flags above.

Log file size management

Obviously, as the size of the log increases, so does the file size. You can check the disk space usage of your log with the -disk-usage command.

sudo journalctl –disk-usage

You can limit the size of the log with the -vacuum-size option. It tells journalctl to reduce the size of the journal, but not below the specified size.

sudo journalctl –vacuum-size=150M

You can also delete messages based on time with the -vacuum-time flag. A z. B. To delete all log messages older than one week, use the following command.

sudo journalctl –vacuum-time=1weeks

Also read : What is DF? How can I check disk space under Linux with DF?

Selection of record data according to field

The data produced by the newspaper comes in many different forms. You can use the _COMM flag to retrieve log entries based on the specified application. Similarly, there are _PID and _UID flags to retrieve log entries according to the specified PID and UID respectively.

You can also combine these flags with -f to track all new updates to the specified data field for that particular process.

Note, however, that while the log may contain many data fields, it is entirely up to the application developers to determine whether a given application fills them all.

sudo journalctl _COMM=note-app

List of kernel or loading messages

If you want to see only the kernel messages in the log, use the -k option.

sudo journalctl -k

Similarly, you can retrieve boot records with the -b option.

sudo journalctl -b

You can also specify which download you want to see the logs for. For example, if you type -b3, you get the logs from three downloads ago. You can also create a list of registered downloads with the -list-boot flag.

Also read : How do I find large files under Linux?

Someone who writes, edits, films, presents technology programs and races virtual machines in their spare time. You can contact Yadullah at [email protected] or follow him on Instagram or Twitter.

This source has been very much helpful in doing our research. Read more about journalctl previous boot and let us know what you think.

Frequently Asked Questions

How do I view logs in Journalctl?

The systemd journal is a new logging system for the Linux kernel that is currently being adopted by many distributions. It can be used as a full replacement for syslog, or you can use it in conjunction with logrotate. These instructions will show you how to use it as a complete replacement. If you are using a modern Linux distribution such as Ubuntu or Arch Linux, you may have heard of a tool called journalctl. The first time I saw this tool, I had no idea how to use it. I was used to the (obvious by comparison) tools such as tail and grep that is available on most Linux distributions. However, this tool is more powerful than it seems on the surface. It can be used to view logs on a live system, or to filter a log file for specific time or event. In this guide, I will walk you through how to use journalctl to view logs.

How do I view logs in Linux?

If you’ve been following my blog, you know that I use Linux as my primary desktop operating system. I use the terminal a lot, and I’ve gotten used to quickly checking my system logs with a command called journalctl. I’ve also gotten used to wondering what the flags -u, -u, and -e do, because the man page and the help page both don’t explain what they do. The -u and -e options are self-explanatory: they show you logs for the current user or for the entire system. If you want to view logs in Linux you have a few options. The first and easiest is to use journalctl -xe . This will show you all the logs on the system. You can narrow it down to a specific directory or a specific application if you want to. With journalctl -xe you can also filter the logs based on the log level. The log level can be where 0 is the most drastic and 7 is the least. You can learn more here .

What is Linux Journalctl command?

“journalctl” is a command line tool that displays a list of all services and other system events since the last boot. Unlike “systemctl”, journalctl will display all log messages that are emitted via the journal system, including messages that have been rate-limited or are not issued to a tty. “journalctl” makes use of the systemd journal and colors its output. One of the great things about Linux is the variety of commands that are available in the terminal. Some are familiar, like those you might find on a Mac or Windows computer, but others are unique to Linux and Unix, and using them helps you learn the Linux way. One of these commands is the very useful journalctl command, which records and displays the messages from the syslog service, usually in real-time.

Related Tags:

journalctl -xejournalctl cheat sheetjournalctl tailjournalctl previous bootjournalctl latest logsjournalctl to file,People also search for,Feedback,Privacy settings,How Search works,journalctl -xe,journalctl cheat sheet,journalctl tail,journalctl previous boot,journalctl latest logs,journalctl to file,journalctl clear logs,journalctl -xe centos