medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
333cb753bf7acfeabf1b4344f3093dec0dbef3b0
the_information_nexus/tech_docs/linux/journalctl.md

127 lines
4.9 KiB
Markdown
Raw Blame History

Here's the optimized version of your cheat sheet, maintaining the clear tabular format while removing hashtags and refining the organization:
---
### `journalctl` Sysadmin Cheat Sheet
*A comprehensive reference for system log management in systemd-based Linux systems*
---
#### **1. Basic Log Inspection**
| Command | Description |
|--------------------------|----------------------------------------------|
| `journalctl` | View full system logs (press `q` to exit) |
| `journalctl -n 50` | Show last 50 log entries |
| `journalctl -f` | Follow logs in real-time (`Ctrl+C` to stop) |
| `journalctl -e` | Jump to end of logs (most recent entries) |
---
#### **2. Boot-Specific Logs**
| Command | Description |
|--------------------------|----------------------------------------------|
| `journalctl -b` | Current boot logs |
| `journalctl -b -1` | Previous boot logs |
| `journalctl -b -2` | Two boots ago |
| `journalctl --list-boots`| List all recorded boot sessions |
---
#### **3. Service-Specific Logs**
| Command | Example | Description |
|--------------------------|-----------------------------|--------------------------------------|
| `journalctl -u [service]`| `-u nginx` | Show logs for specific service |
| `journalctl -fu [service]`| `-fu sshd` | Follow service logs in real-time |
| `journalctl _SYSTEMD_UNIT=`| `_SYSTEMD_UNIT=crond` | Alternate service filtering syntax |
---
#### **4. Priority Level Filters**
| Level | Name | Description | Example Usage |
|-------|---------|---------------------------------|-----------------------------------|
| 0 | emerg | System is unusable | `journalctl -p emerg -b` |
| 3 | err | Error conditions | `journalctl -p err --since today` |
| 4 | warning | Warning messages | `journalctl -p 3..4` (error+warn) |
---
#### **5. Time-Based Filtering**
| Command Format | Example |
|---------------------------|----------------------------------|
| `--since "YYYY-MM-DD"` | `--since "2023-10-01"` |
| `--since "HH:MM:SS"` | `--since "09:30:00"` |
| `--since "1 hour ago"` | `--since "yesterday 14:00"` |
| `--until "tomorrow"` | `--until "2023-10-05 18:00:00"` |
---
#### **6. Advanced Filtering**
| Command | Description |
|--------------------------|----------------------------------------------|
| `journalctl _UID=1000` | Filter by user ID |
| `journalctl _PID=1234` | Filter by process ID |
| `journalctl _COMM=sshd` | Filter by process name |
| `journalctl -k` | Kernel logs (equivalent to `dmesg`) |
---
#### **7. Output Formatting**
| Command | Description |
|--------------------------|----------------------------------------------|
| `--output=json` | JSON format for parsing |
| `--output=json-pretty` | Human-readable JSON |
| `--output=short` | Compact format |
| `--output=verbose` | Full details including metadata |
---
#### **8. Log Maintenance**
| Command | Description |
|----------------------------------|------------------------------------------|
| `sudo journalctl --vacuum-size=1G` | Limit logs to 1GB (removes oldest) |
| `sudo journalctl --vacuum-time=2weeks` | Keep only last 2 weeks of logs |
| `journalctl --disk-usage` | Show current log storage usage |
---
### **Practical Examples**
**1. Diagnosing SSH Issues**
```bash
journalctl -fu sshd
```
**2. Checking Today's Errors**
```bash
journalctl -p err --since today
```
**3. Comparing Boot Logs**
```bash
journalctl -b -1 | grep "fail" > prev_boot_errors.txt
journalctl -b | grep "fail" > current_boot_errors.txt
diff prev_boot_errors.txt current_boot_errors.txt
```
**4. Persistent Logging Setup**
```bash
sudo mkdir -p /var/log/journal
sudo systemctl restart systemd-journald
```
---
### **Best Practices**
- Combine with standard tools:
```bash
journalctl -u apache --since yesterday | grep -i timeout | less
```
- For long-term analysis, export to files:
```bash
journalctl --since "2023-01-01" --until "2023-06-30" > first_half_2023.log
```
- Monitor log growth regularly:
```bash
journalctl --disk-usage
Reference in New Issue View Git Blame Copy Permalink