Journalctl: The Ultimate Tool for System Logging and Analysis"

Journalctl: The Ultimate Tool for System Logging and Analysis"

Today, we will dive deep into one of the most critical Linux utilities for logging errors and debugging messages. For those Linux systems that don't use systemd, the leading utility was rsyslogd daemon. Although you can still use rsyslogd with systemd systems, systemd has its own method of gathering and displaying messages called the systemd journal (journalctl command).

The primary command for viewing the messages from systemd journal is the journalctl command. The boot process, the kernel, and all systemd-managed services direct their status and error messages to the systemd journal.

Basic commands

jorunalctl

To display logs from a specific unit (service):

syntax: journalctl -u service_name

journalctl -u docker

To display logs from a specific time range:

syntax: journalctl -s "YYYY-MM-DD HH:MM:SS"

journalctl -S -4h # view system logs from the past 4 hours

To view the real-time logs

journalctl -f

To view the logs of specific process

syntax: journalctl _PID=processid

journalctl _PID=12644 # value is generated using ps command

To Clear Logs Older Than a Specific Time:

syntax: journalctl --vacuum-time=duration

journalctl --vacuum-time=2d #Retains log only of the past two days
journalctl --vacuum-size=500M #retains only past 500mb

Note*: The command is performed successfully but the execution failed as the regular user wasn't allowed to perform those deletions of the logs from the system. Since I don't want to delete any logs I am not performing the root user action. You can simply add sudo before the command and complete the command*

To view all kernel messages:

journalctl -k

To view logs in human-readable-format:

journalctl -o verbose

To export logs to a file:

journalctl > file_name.txt

For more commands, you can follow the man page of journalctl. In this way, we can use the journalctl command to perform normally to view any error message and debug the issues.

Happy Learning!!