journalctl tail and cheatsheet

journalctl tail and cheatsheet
journalctl is a fancy new service in linux distributions, such as Ubuntu, Debian, CentOS and others, that wraps and abstracts the system log into a command line interface tool making it easier to find what you are looking for. The data is structured and indexed so its not like you are searching plain text files using grep, you have much more advanced searching and finding capabilities. You can use the journalctl command to print all the system logs, you can query it with a finer grained query, and sometimes you just want to TAIL the system logs to watch the system live as it operates. The –follow flag is used for the tail operation.

TL;DR : run journalctl -f

-f is short option for –follow. You can think of running journalctl -f as doing a tail operation on the system log.

journalctl cheatsheet

-a or –all

Show all characters, even long and unprintable lines and characters

-f or –follow

Like a tail operation for viewing live updates

-e or –page-end

Jump to the end of the log

-n or –lines=

Show the most recent n number of log lines

-o or –output=

Customizable output formatting. See man page for formatting options. Some examples include journalctl -o verbose to show all fields, journalctl -o cat to show compact terse output, journalctl -o json for JSON formatted output.

-x or –catalog

Explain the output fields based on metadata in the program

-q or –quiet

suppress warnings or info messages

-m or –merge

merge based on time local and remote entries

–list-boots

Print out the bootids which can be later used in filtering from time of a specific bootid

-b [ID][±offset]

Filter only based on the specified boot

-k or –dmesg

Filter only kernel messages

-g or –grep

Filter based on perl-compatible regular expressions for specific text

–case-sensitive[=BOOLEAN]

do case insensitive searching

-S, –since=, -U, –until=

Search based on a date. “2019-07-04 13:19:17”, “00:00:00”, “yesterday”, “today”, “tomorrow”, “now” are valid formats. For complete time and date specification, see systemd.time(7)

–system

Show system messages only

–user

Show user messages only

–disk-usage

Shows space used by this log system

The journalctl system takes system logging to the next level. To see all the options be sure to read the man page. I hope this cheat sheet helps you get started with some quick options.

Related Posts
Leave a Reply

Your email address will not be published.Required fields are marked *