The journalctl command displays messages in the journal. The journalctl command without any options displays every message in the journal.
[root@server1 ~]# journalctl
Oct 20 13:14:27 root root: Example message
Oct 20 13:14:31 root root: Another example message
Oct 20 13:14:33 root root: And another example message
Security
The journal is secured. Only root can view every message. Non root users can only view messages associated with their account. Non root users can be added to the adm group, which would allow a non root users to view every message.
[root@server1 ~]# usermod -a -G adm username
Reverse order
By default, the oldest messages is the journal are listed first. The -r or -reverse option can be used to display the newest records first.
[root@server1 ~]# journalctl -r
Nov 21 19:00:25 root root: Example message
Nov 21 18:57:14 root root: Another example message
Nov 21 18:57:12 root root: And another example message
Real time
The -f or --follow option can be used to watch the journal in real time.
[root@server1 ~]# journalctl -f
Nov 21 19:00:25 root root: Example message
Last n records
The -n or --lines= option can be used to view only a certain number of lines at the end of the journal.
[root@server1 ~]# journalctl -n 3
Nov 21 19:00:25 root root: First example message
Nov 21 19:00:25 root root: Second example message
Nov 21 19:00:25 root root: Third example message
Verbose
The -o option can be used to format the output. This produces a lot of output.
[root@server1 ~]# journalctl -n 1 -o verbose
Mon 2016-11-21 15:06:30.397161 CST
_TRANSPORT=syslog
PRIORITY=5
_UID=0
_GID=0
_COMM=logger
. . .
Since boot
The -b or --boot option can be used to view messages since the last boot.
[root@server1 ~]# journalctl -b
Nov 21 19:00:25 root root: Example message
Matches
The journal uses matches to filter messages in the journal. The PRIORITY or -p option can be used to filter messages on the priority match. With the -p option, either the number of name of the priority can be used.
- 7 debug
- 6 info
- 5 notice
- 4 warning
- 3 err
- 2 crit
- 1 alert
- 0 emerg
Bold text in the journal are for messages with a priority of notice or warning. Red text in the journal is for messages with a priority of error or above.
[root@server1 ~]# journalctl PRIORITY=2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]
[root@server1 ~]# journalctl -p 2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]
[root@server1 ~]# journalctl -p crit
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]
Or, a range of priorities can be matched. In this example, any match at emerg, alert, crit, err, warning, or notice will be returned.
[root@server1 ~]# journalctl -p crit..notice
The _UID match can be used to filter messages for a user account.
[root@server1 ~]# journalctl _UID=81
Nov 21 19:00:25 root dbus[613]: [system] Successfully activated service 'fi.w1.wpa_supplican1'
The _HOSTNAME match can be used to filter messages on a particular hostname.
[root@server1 ~]# journalctl _HOSTNAME=dhcp1
Nov 21 19:00:25 dhcp1 kernel: init_memory_mapping: [mem 0x7fe0000-0x7feeffff]
Did you find this article helpful?
If so, consider buying me a coffee over at