Bootstrap FreeKB - Linux Commands - journalctl (view the journal)
Linux Commands - journalctl (view the journal)

Updated:   |  Linux Commands articles

The journalctl command displays messages in the journal. The journalctl command without any options displays every message in the journal.

[root@server1 ~]# journalctl
Oct 20 13:14:27 root root: Example message
Oct 20 13:14:31 root root: Another example message
Oct 20 13:14:33 root root: And another example message

 

Security

The journal is secured. Only root can view every message. Non root users can only view messages associated with their account. Non root users can be added to the adm group, which would allow a non root users to view every message.

[root@server1 ~]# usermod -a -G adm username

 

Reverse order

By default, the oldest messages is the journal are listed first. The -r or -reverse option can be used to display the newest records first.

[root@server1 ~]# journalctl -r
Nov 21 19:00:25 root root: Example message
Nov 21 18:57:14 root root: Another example message
Nov 21 18:57:12 root root: And another example message

 

Real time

The -f or --follow option can be used to watch the journal in real time.

[root@server1 ~]# journalctl -f
Nov 21 19:00:25 root root: Example message

 

Last n records

The -n or --lines= option can be used to view only a certain number of lines at the end of the journal.

[root@server1 ~]# journalctl -n 3
Nov 21 19:00:25 root root: First example message
Nov 21 19:00:25 root root: Second example message
Nov 21 19:00:25 root root: Third example message

 

Verbose

The -o option can be used to format the output. This produces a lot of output.

[root@server1 ~]# journalctl -n 1 -o verbose
Mon 2016-11-21 15:06:30.397161 CST
  _TRANSPORT=syslog
  PRIORITY=5
  _UID=0
  _GID=0
  _COMM=logger
  . . .

 

Since boot

The -b or --boot option can be used to view messages since the last boot.

[root@server1 ~]# journalctl -b
Nov 21 19:00:25 root root: Example message

 

Matches

The journal uses matches to filter messages in the journal. The PRIORITY or -p option can be used to filter messages on the priority match. With the -p option, either the number of name of the priority can be used.

  • 7 debug
  • 6 info
  • 5 notice
  • 4 warning
  • 3 err
  • 2 crit
  • 1 alert
  • 0 emerg

 

Bold text in the journal are for messages with a priority of notice or warning. Red text in the journal is for messages with a priority of error or above.

[root@server1 ~]# journalctl PRIORITY=2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]

[root@server1 ~]# journalctl -p 2
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]


[root@server1 ~]# journalctl -p crit
Nov 21 19:00:25 root sshd[32445]: fatal: no hostkey alg [preauth]

 

Or, a range of priorities can be matched. In this example, any match at emerg, alert, crit, err, warning, or notice will be returned.

[root@server1 ~]# journalctl -p crit..notice

 

The _UID match can be used to filter messages for a user account.

[root@server1 ~]# journalctl _UID=81
Nov 21 19:00:25 root dbus[613]: [system] Successfully activated service 'fi.w1.wpa_supplican1'

 

The _HOSTNAME match can be used to filter messages on a particular hostname.

[root@server1 ~]# journalctl _HOSTNAME=dhcp1
Nov 21 19:00:25 dhcp1 kernel: init_memory_mapping: [mem 0x7fe0000-0x7feeffff]

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter fed69d in the box below so that we can be sure you are a human.