quick-docs/modules/ROOT/pages/_partials/proc_log-files-command-line.adoc
2023-05-29 15:34:55 +00:00

89 lines
2.9 KiB
Text

[id='using-the-command-line-to-view-log-files]
= Using the command line to view log files
The `journalctl` command can be used to view messages in the system journal on the command line.
For plain text log files, generic tools may be used:
* `cat`, `more`, `less`, `tail`, or `head`.
* the `grep` command to search for specific information.
* any text editor of your choosing (nano/pico/vim/emacs)
Please note that you may require `sudo` access to view these files.
[id='using-journalctl-to-view-system-information']
== Using journalctl to view system information
* To view all collected journal entries, simply use:
----
$ journalctl
----
* To view a logs related to a specific file, you can provide the `journalctl` command with a filepath.
The example shown below shows all logs of the kernel device node `/dev/sda`:
----
$ journalctl /dev/sda
----
* To view log for the current boot use the `-b` option :
----
$ journalctl -b
----
* To view kernel logs for the current boot, you can add the `-k` option:
----
$ journalctl -k -b -1
----
[id='using-journalctl-to-view-log-information-for-a-specific-service']
== Using journalctl to view log information for a specific service
* To filter logs to only see ones matching the "foo" systemd service:
----
$ journalctl -b _SYSTEMD_UNIT=foo
----
* Matches can be combined.
For example, to view logs for systemd-units that match `foo`, and the PID `number`:
----
$ journalctl -b _SYSTEMD_UNIT=foo _PID=number
----
* If the separator "+" is used, two expressions may be combined in a logical OR.
For example, to view all messages from the `foo` service process with the `PID` plus all messages from the `foo1` service (from any of its processes):
----
$ journalctl -b _SYSTEMD_UNIT=foo _PID=number + _SYSTEMD_UNIT=foo1
----
* If two matches refer to the same field, all entries matching either expression are shown.
For example, this command will show logs matching a systemd-unit `foo` or a systemd-unit `foo1`:
----
$ journalctl -b _SYSTEMD_UNIT=foo _SYSTEMD_UNIT=foo1
----
NOTE: The files for service modification are stored in a directory within `*/etc/systemd/system*`, to know more about systemd, please refer to <<understanding-and-administering-systemd.adoc#Understanding Systemd Services>>
[id='Using-journalctl-to-view-older-logs']
== Using journalctl to view older logs
* To view older logs use the `--list-boots` option :
This will show a tabular list of boot numbers, their IDs, and the timestamps of the first and last message pertaining to the boot:
----
$ journalctl --list-boots
-8 42cdeac65d494e938b9cb92f315b08a4 Mon 2018-11-12 10:36:42 CET—Mon 2018-11-12 20:08:24 CET
-7 c110d2b8705345b786fe310de628bfc7 Tue 2018-11-13 10:29:27 CET—Tue 2018-11-13 10:04:00 CET
----
with this ID you can use `journalctl` as usual :
----
$ journalctl --boot=ID _SYSTEMD_UNIT=foo
----
* To know more about `journalctl`, read the man page:
----
$ man journalctl
----