Open In App

journalctl Command in Linux with Examples

The `journalctl` command is part of the systemd suite of utilities and is used to query and display log messages from the systemd journal. The systemd journal is a centralized logging system that collects and stores log data from various sources, including system services, kernel events, and user applications. The journalctl command provides a user-friendly interface to access and retrieve log information, allowing users to effectively monitor system activity and diagnose issues.

Syntax of the `journalctl` command in Linux

The basic syntax of the `journalctl` command is as follows:

journalctl [options] [unit]

Here,

[options] = The various command-line options available to customize the output.

[unit] = The specific system unit or log source to query. If no unit is specified, `journalctl` will display the message from all available units.

Working with journalctl command

1. To display all logs

journalctl

Display all Logs

This command will display the recent log messages from all units in reverse chronological order, starting from the most recent entries.

2. Reversing the log order

To reverse the order or to display the new entries first.

journalctl -r

Reversing Logs

This command displays logs in reverse chronological order, showing the most recent entries at the top.

3. Limiting the number of log entries

If you only want to display a specific number of log entries, you can use the -n option followed by the desired number

journalctl -n 2

Limiting the number

This will display just 2 log entries.

4. Filtering logs by keyword

To retrieve log entries containing a specific keyword or phrase, you can use the grep command in combination with journalctl.

journalctl | grep Centaur

Filtering Logs by keyword

This will display all the entries containing the word Centaur in them.

Advanced Usage of the journalctl Command

The journalctl command provides additional options and features to further refine log queries and retrieve specific information. Here are a few examples

1. Filtering logs by priority level

To display log entries based on their priority level, you can use the -p option followed by the desired level (e.g., emerg, alert, crit, err, warning, notice, info, or debug). For instance

journalctl -p warning

Filtering logs by priorty

It displays all log entries with priority as a warning.

2. Customizing output format

You can modify the format in which log entries are displayed using the -o option. For instance, to display verbose output, use

journalctl -o verbose

customizing output

This will display the formatted output in verbose mode.

3. Listing system boots

To view information about previous system boots, you can use the –list-boots option.

journalctl --list-boots

listning system boots

This command provides a list of system boots along with their boot IDs and timestamps.

4. Accessing help documentation

To access the journalctl command’s help section, you can use the –help option.

journalctl --help

Accessing Help

This command displays detailed information about the command’s usage, options, and functionalities.

Conclusion

In this article we have discussed the `journalctl` command in linux which is a powerful tool for accessing and analyzing system, kernel, and journal Overall, we can say that by understanding the `journalctl` command and leveraging its capabilities, system administrators and users can give valuable insights into system activity and resolve issues effectively

Article Tags :