journalctl command
journalctl and what is the role?
journalctl used to query log systemd-journald service collected. systemd-journald service is a service to collect system logs systemd init system provides.
The command format is:
journalctl [the OPTIONS ...] [MATCHES ...]
journalctl path command is:
/ bin / journalctl
View journalctl help documentation: journalctl --help
Journalctl can directly use all logging output, because all the log information, so little value, we just want to log information about a service output.
systemd-journald service collected logs saved by default in the / run / log directory, reboot the system will lose the previous log information.
If you need to permanently save the log, the log can be saved to a file.
Method One: Create the directory / var / log / journal, and then restart the journal service systemd-journald.service.
Method two: modify the configuration file /etc/systemd/journald.conf, the Storage = auto change Storage = persistent, and removed the comment, and then restart the journal service systemd-journald.service.
A detailed method of operation
created a directory named journal in / var / log / below, and you can set permissions:
$ sudo mkdir /var/log/journal
$ sudo chown root:systemd-journal /var/log/journal
$ sudo chmod 2775 /var/log/journal
$ sudo systemctl restart systemd-journald.service
Thus / run / log not below the journal log, the log file is saved to the / var / log / journal in the.
View log disk space
journalctl --disk-usage
Note that the log no matter where you are in the store, it is always to take up disk space.
Cleanup log data
if you intend to journal records to clean up, you can use two different ways.
- Use -vacuum-size option
- Use -vacuum-time option
If you use -vacuum-size option, you can specify the total volume of logs rigid, meaning that it will continue to delete old records until the share of capacity to meet the requirements:
$ sudo journalctl --vacuum-size=1G
Another way is to use -vacuum-time option. Any entry prior to this point in time will be deleted. For example, after the last entry to retain:
$ sudo journalctl --vacuum-time=1years
After viewing a particular boot log
systemd-journald serve only to save the log after this start by default (after restart lose the previous log). At this point nothing -b option is used. After when we systemd-journald service collected logs saved to a file, you can view the system restarts recording with the following command:
$ journalctl --list-boots
At this point we can be selected by the -b option to view a particular process running log:
$ sudo journalctl -b -1
或
$ sudo journalctl -b 9eaabbc25fe343999ef1024e6a16fb58
The following command will output after the last start log information:
$ sudo journalctl -b
$ sudo journalctl -b 0
View Log specified time period
Use --since and --until option set period of time, both were assigned to and responsible for logging before and after a given time. Time value may use a variety of formats, such as the following format:
YYYY-MM-DD HH:MM:SS
If we want to query the log after 8:20 pm 26th March 2018:
$ journalctl --since "2018-03-26 20:20:00"
If some part in the above format is not filled out, the system will direct the default fill. For example, if the date part not filled, it will directly display the current date. If time is not filled part, the default use the "00:00:00" (midnight). Second field may be left blank, the default value is "00", such as the following command:
$ journalctl --since "2018-03-26" --until "2018-03-26 03:00"
Further, journalctl portion can also be appreciated that the relative value and the abbreviated name. For example, you can use the "yesterday", "today", "tomorrow" or "now" and so on.
For example, yesterday acquired log data can use the following command:
$ journalctl --since yesterday
To get the log in the period 9:00 am to one hour before, you can use the following command:
$ journalctl --since 09:00 --until "1 hour ago"
Log filter press unit
systemd almost all tasks have become abstract unit, so we can easily use the -u option to filter by logging unit's name. View a unit's log:
$ sudo journalctl -u nginx.service
$ sudo journalctl -u nginx.service --since today
You can also use multiple -u options simultaneously obtaining a plurality of unit log:
$ journalctl -u nginx.service -u php-fpm.service --since today
Filtered through the log level
PRIORITY = addition by the way, you can also filter the log level by the -p option. Priority can be assigned as follows:
# 0: emerg
#. 1: Alert
# 2: Crit
#. 3: ERR
#. 4: warning
#. 5: Notice
#. 6: info
#. 7: Debug
$ sudo journalctl -p err
Note that this is the priority of the specified name.
Live Update log
With tail -f similar, journalctl support the -f option to display real-time log:
$ sudo journalctl -f
If you want to view real-time log of a unit, together with the -u option on:
$ sudo journalctl -f -u prometheus.service
Show only the most recent n lines
-N command-line option is used to control the display of only the most recent log n rows, the default is the latest 10-line log shows the tail:
$ sudo journalctl -n
It can also display the specified number of lines of the tail of the log:
$ sudo journalctl -n 20
The following is the latest of three lines of display cron.service service log:
$ journalctl -u cron.service -n 3
These are the simple use of journalctl can achieve simple to understand and use the basic purpose, more details can be found in: https://www.cnblogs.com/sparkdev/p/8795141.html