View the journal using the JOURNALCTL command in Linux

Home > Search > Linux commands
  by

The journalctl command displays messages in the journal. The journalctl command without any options displays every message in the journal.

[root@server1 ~]# journalctl
Oct 20 13:14:27 root root: Example message
Oct 20 13:14:31 root root: Another example message
Oct 20 13:14:33 root root: And another example message

 


Security

The journal is secured. Only root can view every message. Non root users can only view messages associated with their account. Non root users can be added to the adm group, which would allow a non root users to view every message.

[root@server1 ~]# usermod -a -G adm username

 


Reverse order

By default, the oldest messages is the journal are listed first. The -r or -reverse option can be used to display the newest records first.

[root@server1 ~]# journalctl -r
Nov 21 19:00:25 root root: Example message
Nov 21 18:57:14 root root: Another example message
Nov 21 18:57:12 root root: And another example message

 


Real time

The -f or --follow option can be used to watch the journal in real time.

[root@server1 ~]# journalctl -f
Nov 21 19:00:25 root root: Example message

 


Last n records

The -n or --lines= option can be used to view only a certain number of lines at the end of the journal.

[root@server1 ~]# journalctl -n 3
Nov 21 19:00:25 root root: First example message
Nov 21 19:00:25 root root: Second example message
Nov 21 19:00:25 root root: Third example message

 


Verbose

The -o option can be used to format the output. This produces a lot of output.

[root@server1 ~]# journalctl -n 1 -o verbose
Mon 2016-11-21 15:06:30.397161 CST
  _TRANSPORT=syslog
  PRIORITY=5
  _UID=0
  _GID=0
  _COMM=logger
  . . .

 


Since boot

The -b or --boot option can be used to view messages since the last boot.

[root@server1 ~]# journalctl -b
Nov 21 19:00:25 root root: Example message

 


Since / Until

The --since and --until options can be used to view records in a certain time period.

[root@server1 ~]# journalctl --since="2016-11-21 19:00:00" --until="2016-11-21 19:01:00"
Nov 21 19:00:25 root root: Example message

 


Matches

The journal uses matches to filter messages in the journal. The PRIORITY or -p option can be used to filter messages on the priority match. With the -p option, either the number of name of the priority can be used.

  • 7 debug
  • 6 info
  • 5 notice
  • 4 warning
  • 3 err
  • 2 crit
  • 1 alert
  • 0 emerg

 

Bold text in the journal are for messages with a priority of notice or warning. Red text in the journal is for messages with a priority of error or above.

[root@server1 ~]# journalctl PRIORITY=2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]

[root@server1 ~]# journalctl -p 2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]


[root@server1 ~]# journalctl -p crit
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]

 

The _UID match can be used to filter messages for a user account.

[root@server1 ~]# journalctl _UID=81
Nov 21 19:00:25 root dbus[613]: [system] Successfully activated service 'fi.w1.wpa_supplican1'

 

The _HOSTNAME match can be used to filter messages on a particular hostname.

[root@server1 ~]# journalctl _HOSTNAME=dhcp1
Nov 21 19:00:25 dhcp1 kernel: init_memory_mapping: [mem 0x7fe0000-0x7feeffff]

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter in the box below so that we can be sure you are a human.




Comments