Detailed explanation of journalctl command, and how to view system log

Introduction

• Since 2012, most Linux distributions have been ported from the traditional systemv initialization system to a brand new system called systemd. systemd is used to start the system and manage processes. systemd includes an auxiliary component called journalctl, whose main function is to manage system event log records.

1.journalctl overview

• journalctl can view all system log files. Due to the large amount of log information, journalctl also provides various parameters to help users locate log information more quickly.
• By default, users can access their logs. The main log of the system and the logs of other users are restricted to authorized users, such as the root user, users in the wheel group and the systemd group.

note:

• If the log is relatively long, we can view it through the up, down, left, and right keyboard keys.

2. Detailed explanation of journalctl command

• Show all information

journalctl

'如果不带参数，journalctl将显示所有的信息（从旧到新）'

• Reverse output

journalctl -r

-r参数表示反序输出（从新到旧）

• Track log files, read the latest entries

journalctl -f

要使用 journalctl 跟踪日志文件 (读取最新条目), 只需在命令后加参数 “-f” 即可。
会实时输出最新日志

• Specify the size of the output display

journalctl -n 数字	

我们可以通过-n 或者 --lines=参数来指定显示的行数大小。

• Display the event log of the specified time

journalctl --since "2021-01-05 20:00:00" --until "2021-01-06 14:00:00"

journalctl --since 1 hour ago 	'//查看1小时前到现在的日志'

journalctl可以显示指定时间段内发生的事件日志。 通过since和until 参数来实现。
其中日期的格式是“YY-MM-DD HH:MM:SS”

• View logs of certain services

journalctl -u 服务名.service

journalctl -u httpd.service 	'//查看web服务的日志'

journalctl -u httpd.service -u crond.service

• View the logs of a user

[root@localhost ~]# id ritter
uid=1000(ritter) gid=1000(ritter) 组=1000(ritter),10(wheel)
[root@localhost ~]# journalctl _UID=1000 -n 5

• Formatted output information

通过-o 或者--output 可以指定日志的输出格式

journalctl -o short  	//默认选项

journalctl -o short-precise  	//时间更精细

journalctl -o verbose 	//详细信息

• Display information related to specific system boot

 journalctl -b

 journalctl --list-boots

• Display system log information

journalctl -k
或
journalctl --dmesg	
 
用来显示系统的内核日志信息

3. View the log command

systemctl status 服务名			'//查看服务日志'
journalctl -xe					'//查看系统日志'
tail -f /var/log/messages		'//查看动态日志'

• Systemctl introduction

Systemctl is a systemd tool, mainly responsible for controlling the systemd system and service manager.
Important: Systemctl accepts service (.service), mount point (.mount), socket (.socket) and device (.device) as units.