Log messages are important for monitoring and maintaining a healthy Linux system. Every Linux computer stores log messages for different services or jobs. This guide shows you how to read and analyze log messages using analyze journalctl, a command line tool for reading log messages sent by. were written diary.

What is being recorded?

Journal is a system logging service that aggregates log messages into a journal. It is part of the systemd daemon that is responsible for event logging on Linux. The journal is simply a binary file that is used to store log messages generated by journald.

Journal log messages are not permanent as they are stored in RAM, which is a volatile form of storage. By default, recorded logs are lost or deleted when your PC restarts or the power fails. Linux allocates a fixed amount of RAM to journal logs to avoid clogging up system memory.

How to use the journalctl command

With journalctl you can query the systemd journal or the journal logs. The system indexes all journal logs to improve the efficiency of reading log messages from the journal.

note: This manual is used sudo Execute elevated commands because the journalctl command does not list all log messages when you run it as a normal Linux user.

View all log messages

To view all journal logs, simply run the journalctl command with no arguments:

sudo journalctl

The journalctl command lists all of the journal logs on your system in chronological order. The command uses fewer in the background, giving you the same navigational ability you would normally have with the less command. For example, you can use the button to navigate through the logs F. and B. Keys on your keyboard.

If you want to change the order in which the system outputs the logs, e.g. H. to see the latest ones first, you can use the -r mark with the command. That -r Flag stands for Turning back.

sudo journalctl -r

View kernel journal logs

Kernel logs are very important on Linux because they contain information about your system from the time it starts up. To only view kernel logs, enter the -k Flag with the journalctl command:

sudo journalctl -k

The output also lists some kernel information, such as the kernel version and its name.

Related: What Is A Kernel In Linux And How Do You Check Its Version?

Filter recorded logs for a specific program

You can also use journalctl to view logs about a specific program or service. For example, to view logs that were created with the cron service, run the following command:

sudo journalctl -u cron

View log messages in real time

Sometimes you may want to view the logs in real time as they are being logged. To do this, enter the following command:

sudo journalctl -f

Use the Ctrl + C Keyboard shortcut to exit the real-time view.

Retrieve log messages by date

You can use journalctl to filter and analyze the logs using a timestamp. For example, to view the logs from yesterday to today:

sudo journalctl –since = yesterday

You can be more specific by using a detailed "since" and "to" timestamp like this:

sudo journalctl –since = "2021-07-17 12:00:00" –to = "2021-07-17 15:00:00"

Journalctl only shows the log messages for the specified time period.

View log messages by UID or PID

You can also filter journal logs by user ID (UID) or process ID (PID). The basic syntax is:

sudo journalctl _UID = 0

… where 0 is the UID for the root account. You can also replace the UID in the above command with PID or GID (group ID).

Format the journalctl output

To view Journalctl logs in a specific output format, consider the journalctl -o Command followed by your preferred format. For example, to view the logs in a nice JSON format, run the following command:

sudo journalctl -o json-pretty

Output:

Related: Getting Started with System Logging on Linux

Configure journal under Linux

This guide showed you how to view and analyze journal log messages on Linux using the journalctl command. That / var / log / journal Directory stores all journal logs. Note that not all Linux distributions have journaling enabled by default.

You can use the … /etc/systemd/journald.conf File to configure or change the journal configuration on your PC. Aside from having an effective logging service, there are several other tools that are a must if you are serious about the security of your Linux servers.

6 essential open source tools to protect your Linux server

You don't want to compromise on the security of your Linux server? Install these six tools to create an impenetrable network.

Continue reading

About the author

Mwiza Kumwenda
(30 articles published)

Mwiza is a professional developer of software and writes extensively on Linux and front-end programming. His interests include history, economics, politics, and corporate architecture.

More
By Mwiza Kumwenda

Subscribe to our newsletter

Subscribe to our newsletter for tech tips, reviews, free e-books, and exclusive offers!

Click here to subscribe

Expand to read the full story