Viewing Logs
Basic View
Jump to the end of the journal (-e)
Enable follow mode (-f)
This will keep the journal open on screen, displaying new messages as they come in.
Viewing Units
This will display all messages generated by, and about, the sshd.service systemd unit.
journalctl -u sshd.service
Stack multiple related units:
journalctl -u nginx.service -u mysql.service
Display all messages in the journal with a priority
Order: 0: emerg;1: alert;2: crit;3: err;4: warning;5: notice;6: info;7: debug
journalctl -p err #error/critital/alert/emergency entries
journalctl -p 3 #critical/alert/emergency entries
List recorded boots
Only show messages from the last system boot.
This is useful for searching for information about a system crash.
THIS REQUIRES A PERSISTENT JOURNAL TO BE CONFIGURED.
Show Entries from the last x
journalctl --since "1 hour ago"
journalctl --since "2 days ago"
Showing Timeranges
Displays all messages between February 2, half past eight in the evening, and noon on March 31st.
Use one or both options as needed
tHIS REQUIRES A PERSISTENT JOURNAL TO BE CONFIGURED.
journalctl --since "2015-02-02 20:30:00" --until "2015-03-31 12:00:00"
Combining Options
Combine the previous options to find what you need
journalctl -n 50 --since "1 hour ago"
#50 log entries, max 1hr ago
journalctl -u sshd.service -r -n 1 # last 10 entries for sshd in reverse order
journalctl -u mysql.service -f #show mysql logs and follow for new updates
Kernal Messges
(Historically dmesg log)
journalctl -k
journalctl -k -b -5
Verbose
Use verbose output mode (-o verbose). This will show all fields stored in the journal with their field name and contents.
All field names can be used as filters on the journalctl command line.