The journalctl command enables you to view and query log files created by the journal component of the systemd suite. Log information is collected and stored via the systemd journald service. You can use journalctl to print the entire journal log, or you can issue various options with the command to filter the log in a variety of ways, such as matching a service name or only printing messages matching the specified severity level.
The journald service is often used in conjunction with a traditional syslog daemon such as syslogd or rsyslogd. The settings for journald are configured in the /etc/systemd/journald.conf file.
Syntax
The syntax of the journalctl command is:
# journalctl [options] [matches]
journalctl Command Options
The journalctl utility provides a number of options for querying journald log data. Some of the frequently used options are listed in the following table.
| Option | Used To |
|---|---|
| -n {number of lines} | Specify the number of lines of journal logs to display. |
| -o {output format} | Specify the format of the output. For example: short, verbose, or export. |
| -f | Display the most recent journal entries, and continuously update the display with new entries as they are added to the journal. |
| -p | Filter journal log output by severity (alert, err, warning, notice, info, etc.). |
| -u | Filter journal log output by the specified unit, such as the name of a service. |
| -b [boot ID] | Show log message from the current boot only, or the boot ID specified. |
journalctl Command Examples
1. Show all messages with priority level 3 (errors) from this [b]oot:
# journalctl -b --priority=3
2. Show all messages from last [b]oot:
# journalctl -b -1
3. Delete journal logs which are older than 2 days:
# journalctl --vacuum-time=2d
4. [f]ollow new messages (like `tail -f` for traditional syslog):
# journalctl -f
5. Show all messages by a specific [u]nit:
# journalctl -u unit
6. Filter messages within a time range (either timestamp or placeholders like “yesterday”):
# journalctl --since now|today|yesterday|tomorrow --until YYYY-MM-DD HH:MM:SS
7. Show all messages by a specific process:
# journalctl _PID=pid
8. Show all messages by a specific executable:
# journalctl path/to/executable