journalctl #
journalctl output is automatically piped into less.
disk usage #
journalctl --disk-usage
bootups #
journalctl --list-boots
journalctl -b
journalctl -b -p err
journalctl -b -1
-g option #
The -g option allows you to grep for either specific text strings or Perl-compatible regular expressions.
journalctl -g fail
journalctl -g Fail
journalctl -g fail --case-sensitive=true
priority levels #
0:emerge, 1:alert, 2:crit, 3:err, 4:warning, 5:notice, 6:info, 7:debug
journalctl -p err
journalctl -p 1
journalctl -p 2..3
facilities #
auth,authpriv,cron,daemon,ftp,kern,lpr,mail,mark,news,syslog,user,uucp,local0..local7
journalctl --facility=help
journalctl --facility uucp
journalctl --facility daemon -p 4..4 -S yesterday
json format #
journalctl -u apache2 -o json
journalctl -u apache2 -o json-pretty
rotate #
sudo journalctl --flush
sudo journalctl --rotate --vacuum-time=5d
specify date #
journalctl --since yesterday
journalctl -S yesterday
miscellaneous #
journalctl -k
journalctl -u ssh.service
specify fields #
man 7 systemd.journal-fields
journalctl _COMM=sshd
journalctl _UID=1002
journalctl _COMM=sshd --since '00:00' --until '08:00'
–no-pager #
journalctl -u apache2 -S yesterday -U today -o json --no-pager | tee apache2.json
sealing log files #
-
Create a set of Forward Secure Sealing(FSS) keys
sudo journalctl --setup-keysThe sealing key is named fss and is stoerd in the same directory as the journald log files. The verification key only appears as a text string on your screen.
-
Verify
sudo journalctl --verify --verify-key=XXXXX