linux sysadmin terminal tools

Understanding what systemd-journald is logging is essential for troubleshooting and monitoring system activity. The journalctl command provides a powerful way to access and filter logs generated by the systemd journal.

In this guide, we’ll go over various methods to inspect logs efficiently.

To display all logs in chronological order:

journalctl

This will show logs from the beginning, which may be overwhelming on a system with a lot of activity.

If you want to watch logs as they are being generated, use:

journalctl -f

This works similarly to tail -f for traditional log files.

Logs from today:

journalctl --since today

Logs from the last hour:

journalctl --since "1 hour ago"

Logs within a custom time frame:

journalctl --since "2024-03-01 12:00:00" --until "2024-03-01 14:00:00"

To view logs for a specific systemd service (e.g., nginx.service):

journalctl -u nginx.service

For multiple services:

journalctl -u nginx.service -u sshd.service

To filter logs by process, user or priority:

Logs from a specific process ID:

journalctl _PID=1234

Logs from a specific user:

journalctl _UID=1000

Logs with high priority (errors and above):

journalctl -p err..alert

Priority Levels:

  • 0 (emerg)
  • 1 (alert)
  • 2 (crit)
  • 3 (err)
  • 4 (warning)
  • 5 (notice)
  • 6 (info)
  • 7 (debug)

To find logs containing specific words:

journalctl | grep "failed"

A more efficient way using built-in filtering:

journalctl -g "failed"

To see logs from the current boot session:

journalctl -b

To view logs from a previous boot:

journalctl -b -1  # One boot ago
journalctl -b -2  # Two boots ago

To list all previous boot sessions:

journalctl --list-boots

To view only kernel messages:

journalctl -k

To see logs related to system reboots:

journalctl --list-boots

To view logs for a specific reboot:

journalctl -b -2

The journalctl command provides a powerful way to inspect system logs, allowing you to filter logs based on time, service, priority, and more. By mastering these commands, you can quickly diagnose issues and monitor system performance effectively.

You might also like:

If this post was enjoyable or useful for you, please share it! If you have comments, questions, or feedback, you can email my personal email. To get new posts, subscribe use the RSS feed.