Linux-based systems provide multiple tools that help record and analyze system logs. Just like the “systemd”, which is a powerful tool used to collect logs from the sources in a binary format and allows the user to get the logs using command-line.
The logs we discussed in the above section are the “Journal logs”.
The “Journald” is a system program from the systemd tool that collects data from multiple logs in a binary format. It works the same way as syslog but gives a more efficient way to manage logs.
The Linux system has an effective tool termed “journalctl” that helps the user read and communicate with the “journal logs”. This utility is a standard way to display log messages provided by journald and monitor them.
The syntax of the “journalctl” command is:
journalctl [options…] [matches…]
How to Use “journalctl” Command?
Execute the “journalctl” command without any argument in a command-line to display all records of journal logs from the oldest entries:
The displayed output is listed in less which means you can use directional keys to search and read log entries.
How to Use “journalctl” Command Options?
The “journalctl” command has several options to display journal logs. These are:
Use the “–no-page” to get logs in the terminal instead of to show with “less” features:
$ sudo journalctl –no-page
It will display the following result:
To display all log fields whether they are unprintable, use the “–all” option in the command-line prompt:
To limit the output lines of journalctl log, run the “-n” flag with the number of lines you want to display:
$ sudo journalctl –n 15
Run the “-f” flag to display the journal log in real-time:
To display the record of kernel logs, execute the “-k” flag:
To display the list of boot sessions that include the boot time, run the “–list-boot” option of the “journalctl” command:
$ sudo journalctl –list-boot
Whenever you run the “journalctl” command, it will display the journal logs in local time by default, but if you want to specify the logs in UTC, do it through the given command:
The “journalctl” command allows the user to get the record of logs of a certain period.
For example, to get the log record of yesterday, type:
$ sudo journalctl –since “yesterday”
Or if you want to check the record of the last 2 hours, use:
$ sudo journalctl –since “2 hours ago”
The “-r” or “–reverse” option is used to display the logs with the newest entries first in command-line:
Execute the “-q” or “–quiet” option if you don’t want to display an irrelevant message like warning or info:
$ sudo journalctl –quiet
To display the help message of the “journalctl” command and all of its options, use the “–help” option:
$ sudo journalctl –-help
Check the version of the “journalctl” command using the “–version” option:
In this brief tutorial, we have seen how the “journalctl” command and its options work. The “journalctl” command is a command-line utility used to display the record of journal logs. The Journal logs are recorded in a binary format that can be accessed anytime. Using the “journalctl” command, one can manage and analyze the record of all logs.