Table of contents
1. Linux journalctl to view system and kernel logs
1 Overview
The log management tool journalctl is a proprietary log management tool on centos7. This tool reads information from the message file. Systemd centrally manages the startup logs of all Units. The advantage is that you can view all logs (kernel logs and application logs) with just one command, journalctl. The log configuration file is /etc/systemd/journald.conf
journalctl is powerful and has many uses. This article will introduce the related usage of journalctl.
2 How to use journalctl
. View all logs
By default, only the log of this startup is saved.
journalctl
. View kernel logs (do not display application logs)
journalctl -k
. View the log of the system startup.
journalctl -b
journalctl -b -0
. View the log of the last startup
If you need to change the settings, such as the last time the system crashed and you need to check the log, you need to look at the last startup log.
journalctl -b -1
. View logs for a specified time
journalctl --since=“2012-10-3018:17:16”
journalctl --since “20 minutes”
journalctl --since yesterday
journalctl --since"2015-01-10" --until “2015-01-11 03:00”
journalctl --since 09:00 --until"1 hour ago"
journalctl --since"15:15" --until now
. Display the latest 10 lines of logs at the end
journalctl -n
. Display the log with the specified number of lines at the end
What you are viewing is the log of /var/log/messages, but the format has been adjusted, such as the host name format is different.
journalctl -n 20
. Real-time scrolling display of the latest logs
journalctl -f
. View the logs of the specified service
journalctl /usr/lib/systemd/systemd
. View the log of the specified process
journalctl _PID=1
. View the log of a script in a certain path
journalctl /usr/bin/bash
. View the logs of the specified user
journalctl _UID=33 --since today
. View the log of a Unit
journalctl -u nginx.service
journalctl -u nginx.service --since today
. Real-time scrolling display of the latest log of a Unit
journalctl -u nginx.service -f
. Combine and display the logs of multiple Units
journalctl -u nginx.service -u php-fpm.service --since today
View logs with a specified priority (and above)
There are 8 levels of log priority.
0: emerg
1: alert
2: crit
3: err
4: warning
5: notice
6: info
7: debug
journalctl -p err -b
. Unpaged standard output
Log default paging output –no-pager is changed to normal standard output.
journalctl --no-pager
. Output in JSON format (single line)
JSON (JavaScript Object Notation) is a lightweight data exchange format. Easy for humans to read and write. It is also easy for machines to parse and generate. It is based on a subset of JavaScript Programming Language, Standard ECMA-262 3rd Edition - December 1999. JSON uses a completely language-independent text format, but also uses conventions similar to the C language family (including C, C++, C#, Java, JavaScript, Perl, Python, etc.). These properties make JSON an ideal data exchange language.
JSON is constructed from two structures:
"A collection of name/value pairs": In different languages, it is understood as object, record, structure, dictionary, hash A hash table, a keyed list, or an associative array.
An ordered list of values: In most languages, this is understood as an array.
These are common data structures. In fact most modern computer languages support them in some form. This makes it possible for a data format to be exchanged between programming languages that are also based on these structures.
example
Output in JSON format (single line)
journalctl -b -u httpd.service -o json
. Output in JSON format (multi-line) for better readability. It is recommended to select multi-line output.
journalctl -b -u httpd.service -o json-pretty
. Display the hard disk space occupied by the log
journalctl --disk-usage
. Specify the maximum space occupied by the log file
journalctl --vacuum-size=1G
. Specify how long to keep log files
journalctl --vacuum-time=1years