Reduce Production Outages

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Journalctl Command - Linux System Log Viewer

Learn how to use the journalctl command to view and filter Linux system logs. Explore common examples for real-time monitoring, error filtering, and specific unit logs.

Journalctl Command Examples

The journalctl command is a powerful utility in Linux systems that use systemd for logging. It allows you to view and manipulate the systemd journal, which collects logs from the kernel, systemd services, and other system components. This tool is essential for system administrators and developers to diagnose issues, monitor system activity, and troubleshoot problems.

Real-time Log Monitoring

To actively follow log entries as they are generated, similar to tail -f, use the -f option:

# To actively follow log (like tail -f):
journalctl -f

Filtering Logs by Priority and Boot

You can filter logs based on their priority level and whether they occurred since the last boot. The -b flag shows logs from the current boot, and -p err filters for error messages.

# To display all errors since last boot:
journalctl -b -p err

Filtering Logs by Time Period

journalctl provides flexible options to filter logs within specific time ranges using --since and --until.

# To filter by time period:
journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"

Filtering Logs by Systemd Unit

You can easily view logs generated by specific systemd services or units. The -u flag is used for this purpose.

# To show list of systemd units logged in journal:
journalctl -F _SYSTEMD_UNIT

# To filter by specific unit:
journalctl -u dbus

Filtering Logs by Executable and PID

Filter logs based on the executable path or the process ID (PID) that generated the log entries.

# To filter by executable name:
journalctl /usr/bin/dbus-daemon

# To filter by PID:
journalctl _PID=123

Filtering Logs by Command Name

Filter logs by the command name (_COMM) or SYSLOG_INDENTIFIER, which is often the name of the process.

# To filter by Command, e.g., sshd:
journalctl _COMM=sshd

# To filter by Command and time period:
journalctl _COMM=crond --since '10:00' --until '11:00'

# To filter by specific SYSLOG_INDENTIFIER:
journalctl -t systemd-resolved

Listing Available Boots

See a list of all available boot sessions for which logs are stored.

# To list all available boots:
journalctl --list-boots

Filtering Logs by User ID

Filter logs generated by a specific user ID (UID).

# To filter by specific User ID e.g., user id 1000:
journalctl _UID=1000

Further Resources

For more in-depth information on journalctl and systemd logging, refer to the official documentation:

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments