mirror of
https://github.com/systemd/systemd.git
synced 2024-11-05 15:21:37 +03:00
d9e15cbd18
The option cursor-file takes a filename as argument. If the file exists and contains a valid cursor, this is used to start the output after this position. At the end, the last cursor gets written to the file. This allows for an easy implementation of a timer that regularly looks in the journal for some messages. journalctl --cursor-file err-cursor -b -p err journalctl --cursor-file audit-cursor -t audit --grep DENIED Or you might want to walk the journal in steps of 10 messages: journalctl --cursor-file ./curs -n10 --since=today -t systemd
1004 lines
44 KiB
XML
1004 lines
44 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
||
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
|
||
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
||
|
||
<!--
|
||
SPDX-License-Identifier: LGPL-2.1+
|
||
-->
|
||
|
||
<refentry id="journalctl"
|
||
xmlns:xi="http://www.w3.org/2001/XInclude">
|
||
|
||
<refentryinfo>
|
||
<title>journalctl</title>
|
||
<productname>systemd</productname>
|
||
</refentryinfo>
|
||
|
||
<refmeta>
|
||
<refentrytitle>journalctl</refentrytitle>
|
||
<manvolnum>1</manvolnum>
|
||
</refmeta>
|
||
|
||
<refnamediv>
|
||
<refname>journalctl</refname>
|
||
<refpurpose>Query the systemd journal</refpurpose>
|
||
</refnamediv>
|
||
|
||
<refsynopsisdiv>
|
||
<cmdsynopsis>
|
||
<command>journalctl</command>
|
||
<arg choice="opt" rep="repeat">OPTIONS</arg>
|
||
<arg choice="opt" rep="repeat">MATCHES</arg>
|
||
</cmdsynopsis>
|
||
</refsynopsisdiv>
|
||
|
||
<refsect1>
|
||
<title>Description</title>
|
||
|
||
<para><command>journalctl</command> may be used to query the
|
||
contents of the
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
journal as written by
|
||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||
|
||
<para>If called without parameters, it will show the full
|
||
contents of the journal, starting with the oldest entry
|
||
collected.</para>
|
||
|
||
<para>If one or more match arguments are passed, the output is
|
||
filtered accordingly. A match is in the format
|
||
<literal>FIELD=VALUE</literal>,
|
||
e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>, referring
|
||
to the components of a structured journal entry. See
|
||
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
|
||
for a list of well-known fields. If multiple matches are
|
||
specified matching different fields, the log entries are
|
||
filtered by both, i.e. the resulting output will show only
|
||
entries matching all the specified matches of this kind. If two
|
||
matches apply to the same field, then they are automatically
|
||
matched as alternatives, i.e. the resulting output will show
|
||
entries matching any of the specified matches for the same
|
||
field. Finally, the character <literal>+</literal> may appear
|
||
as a separate word between other terms on the command line. This
|
||
causes all matches before and after to be combined in a
|
||
disjunction (i.e. logical OR).</para>
|
||
|
||
<para>It is also possible to filter the entries by specifying an
|
||
absolute file path as an argument. The file path may be a file or
|
||
a symbolic link and the file must exist at the time of the query. If a
|
||
file path refers to an executable binary, an <literal>_EXE=</literal>
|
||
match for the canonicalized binary path is added to the query. If a
|
||
file path refers to an executable script, a <literal>_COMM=</literal>
|
||
match for the script name is added to the query. If a file path
|
||
refers to a device node, <literal>_KERNEL_DEVICE=</literal> matches for
|
||
the kernel name of the device and for each of its ancestor devices is
|
||
added to the query. Symbolic links are dereferenced, kernel names are
|
||
synthesized, and parent devices are identified from the environment at
|
||
the time of the query. In general, a device node is the best proxy for
|
||
an actual device, as log entries do not usually contain fields that
|
||
identify an actual device. For the resulting log entries to be correct
|
||
for the actual device, the relevant parts of the environment at the time
|
||
the entry was logged, in particular the actual device corresponding to
|
||
the device node, must have been the same as those at the time of the
|
||
query. Because device nodes generally change their corresponding devices
|
||
across reboots, specifying a device node path causes the resulting
|
||
entries to be restricted to those from the current boot.</para>
|
||
|
||
<para>Additional constraints may be added using options
|
||
<option>--boot</option>, <option>--unit=</option>, etc., to
|
||
further limit what entries will be shown (logical AND).</para>
|
||
|
||
<para>Output is interleaved from all accessible journal files,
|
||
whether they are rotated or currently being written, and
|
||
regardless of whether they belong to the system itself or are
|
||
accessible user journals.</para>
|
||
|
||
<para>The set of journal files which will be used can be
|
||
modified using the <option>--user</option>,
|
||
<option>--system</option>, <option>--directory</option>, and
|
||
<option>--file</option> options, see below.</para>
|
||
|
||
<para>All users are granted access to their private per-user
|
||
journals. However, by default, only root and users who are
|
||
members of a few special groups are granted access to the system
|
||
journal and the journals of other users. Members of the groups
|
||
<literal>systemd-journal</literal>, <literal>adm</literal>, and
|
||
<literal>wheel</literal> can read all journal files. Note
|
||
that the two latter groups traditionally have additional
|
||
privileges specified by the distribution. Members of the
|
||
<literal>wheel</literal> group can often perform administrative
|
||
tasks.</para>
|
||
|
||
<para>The output is paged through <command>less</command> by
|
||
default, and long lines are "truncated" to screen width. The
|
||
hidden part can be viewed by using the left-arrow and
|
||
right-arrow keys. Paging can be disabled; see the
|
||
<option>--no-pager</option> option and the "Environment" section
|
||
below.</para>
|
||
|
||
<para>When outputting to a tty, lines are colored according to
|
||
priority: lines of level ERROR and higher are colored red; lines
|
||
of level NOTICE and higher are highlighted; lines of level DEBUG
|
||
are colored lighter grey; other lines are displayed normally.</para>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Options</title>
|
||
|
||
<para>The following options are understood:</para>
|
||
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term><option>--no-full</option></term>
|
||
<term><option>--full</option></term>
|
||
<term><option>-l</option></term>
|
||
|
||
<listitem><para>Ellipsize fields when they do not fit in
|
||
available columns. The default is to show full fields,
|
||
allowing them to wrap or be truncated by the pager, if one
|
||
is used.</para>
|
||
|
||
<para>The old options
|
||
<option>-l</option>/<option>--full</option> are not useful
|
||
anymore, except to undo <option>--no-full</option>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-a</option></term>
|
||
<term><option>--all</option></term>
|
||
|
||
<listitem><para>Show all fields in full, even if they include unprintable characters or are very long. By
|
||
default, fields with unprintable characters are abbreviated as "blob data". (Note that the pager may escape
|
||
unprintable characters again.)</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-f</option></term>
|
||
<term><option>--follow</option></term>
|
||
|
||
<listitem><para>Show only the most recent journal entries,
|
||
and continuously print new entries as they are appended to
|
||
the journal.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-e</option></term>
|
||
<term><option>--pager-end</option></term>
|
||
|
||
<listitem><para>Immediately jump to the end of the journal
|
||
inside the implied pager tool. This implies
|
||
<option>-n1000</option> to guarantee that the pager will not
|
||
buffer logs of unbounded size. This may be overridden with
|
||
an explicit <option>-n</option> with some other numeric
|
||
value, while <option>-nall</option> will disable this cap.
|
||
Note that this option is only supported for the
|
||
<citerefentry project='man-pages'><refentrytitle>less</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
||
pager.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-n</option></term>
|
||
<term><option>--lines=</option></term>
|
||
|
||
<listitem><para>Show the most recent journal events and
|
||
limit the number of events shown. If
|
||
<option>--follow</option> is used, this option is
|
||
implied. The argument is a positive integer or
|
||
<literal>all</literal> to disable line limiting. The default
|
||
value is 10 if no argument is given.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--no-tail</option></term>
|
||
|
||
<listitem><para>Show all stored output lines, even in follow
|
||
mode. Undoes the effect of <option>--lines=</option>.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-r</option></term>
|
||
<term><option>--reverse</option></term>
|
||
|
||
<listitem><para>Reverse output so that the newest entries
|
||
are displayed first.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-o</option></term>
|
||
<term><option>--output=</option></term>
|
||
|
||
<listitem><para>Controls the formatting of the journal
|
||
entries that are shown. Takes one of the following
|
||
options:</para>
|
||
<variablelist>
|
||
<varlistentry>
|
||
<term>
|
||
<option>short</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is the default and generates an output that is
|
||
mostly identical to the formatting of classic syslog
|
||
files, showing one line per journal entry.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-full</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is very similar, but shows timestamps in the format the <option>--since=</option> and
|
||
<option>--until=</option> options accept. Unlike the timestamp information shown in
|
||
<option>short</option> output mode this mode includes weekday, year and timezone information in the
|
||
output, and is locale-independent.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-iso</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is very similar, but shows ISO 8601 wallclock
|
||
timestamps.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-iso-precise</option>
|
||
</term>
|
||
<listitem>
|
||
<para>as for <option>short-iso</option> but includes full
|
||
microsecond precision.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-precise</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is very similar, but shows classic syslog timestamps
|
||
with full microsecond precision.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-monotonic</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is very similar, but shows monotonic timestamps
|
||
instead of wallclock timestamps.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>short-unix</option>
|
||
</term>
|
||
<listitem>
|
||
<para>is very similar, but shows seconds passed since January 1st 1970 UTC instead of wallclock
|
||
timestamps ("UNIX time"). The time is shown with microsecond accuracy.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>verbose</option>
|
||
</term>
|
||
<listitem>
|
||
<para>shows the full-structured entry items with all
|
||
fields.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>export</option>
|
||
</term>
|
||
<listitem>
|
||
<para>serializes the journal into a binary (but mostly
|
||
text-based) stream suitable for backups and network
|
||
transfer (see
|
||
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/export">Journal Export Format</ulink>
|
||
for more information). To import the binary stream back
|
||
into native journald format use
|
||
<citerefentry><refentrytitle>systemd-journal-remote</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>json</option>
|
||
</term>
|
||
<listitem>
|
||
<para>formats entries as JSON objects, separated by newline characters (see <ulink
|
||
url="https://www.freedesktop.org/wiki/Software/systemd/json">Journal JSON Format</ulink> for more
|
||
information). Field values are generally encoded as JSON strings, with three exceptions:
|
||
<orderedlist>
|
||
<listitem><para>Fields larger than 4096 bytes are encoded as <constant>null</constant> values. (This
|
||
may be turned off by passing <option>--all</option>, but be aware that this may allocate overly long
|
||
JSON objects.) </para></listitem>
|
||
|
||
<listitem><para>Journal entries permit non-unique fields within the same log entry. JSON does not allow
|
||
non-unique fields within objects. Due to this, if a non-unique field is encountered a JSON array is
|
||
used as field value, listing all field values as elements.</para></listitem>
|
||
|
||
<listitem><para>Fields containing non-printable or non-UTF8 bytes are encoded as arrays containing
|
||
the raw bytes individually formatted as unsigned numbers.</para></listitem>
|
||
</orderedlist>
|
||
|
||
Note that this encoding is reversible (with the exception of the size limit).</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>json-pretty</option>
|
||
</term>
|
||
<listitem>
|
||
<para>formats entries as JSON data structures, but
|
||
formats them in multiple lines in order to make them
|
||
more readable by humans.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>json-sse</option>
|
||
</term>
|
||
<listitem>
|
||
<para>formats entries as JSON data structures, but wraps
|
||
them in a format suitable for
|
||
<ulink url="https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events">Server-Sent Events</ulink>.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>json-seq</option>
|
||
</term>
|
||
<listitem>
|
||
<para>formats entries as JSON data structures, but prefixes them with an ASCII Record Separator
|
||
character (0x1E) and suffixes them with an ASCII Line Feed character (0x0A), in accordance with <ulink
|
||
url="https://tools.ietf.org/html/rfc7464">JavaScript Object Notation (JSON) Text Sequences </ulink>
|
||
(<literal>application/json-seq</literal>).
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>cat</option>
|
||
</term>
|
||
<listitem>
|
||
<para>generates a very terse output, only showing the
|
||
actual message of each journal entry with no metadata,
|
||
not even a timestamp.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term>
|
||
<option>with-unit</option>
|
||
</term>
|
||
<listitem>
|
||
<para>similar to short-full, but prefixes the unit and
|
||
user unit names instead of the traditional syslog
|
||
identifier. Useful when using templated instances, as it
|
||
will include the arguments in the unit names.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
</variablelist>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--output-fields=</option></term>
|
||
|
||
<listitem><para>A comma separated list of the fields which should be included in the output. This only has an
|
||
effect for the output modes which would normally show all fields (<option>verbose</option>,
|
||
<option>export</option>, <option>json</option>, <option>json-pretty</option>, <option>json-sse</option> and
|
||
<option>json-seq</option>). The <literal>__CURSOR</literal>, <literal>__REALTIME_TIMESTAMP</literal>,
|
||
<literal>__MONOTONIC_TIMESTAMP</literal>, and <literal>_BOOT_ID</literal> fields are always
|
||
printed.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--utc</option></term>
|
||
|
||
<listitem><para>Express time in Coordinated Universal Time
|
||
(UTC).</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--no-hostname</option></term>
|
||
|
||
<listitem><para>Don't show the hostname field of log messages originating from the local host. This switch only
|
||
has an effect on the <option>short</option> family of output modes (see above).</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-x</option></term>
|
||
<term><option>--catalog</option></term>
|
||
|
||
<listitem><para>Augment log lines with explanation texts from
|
||
the message catalog. This will add explanatory help texts to
|
||
log messages in the output where this is available. These
|
||
short help texts will explain the context of an error or log
|
||
event, possible solutions, as well as pointers to support
|
||
forums, developer documentation, and any other relevant
|
||
manuals. Note that help texts are not available for all
|
||
messages, but only for selected ones. For more information on
|
||
the message catalog, please refer to the
|
||
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/catalog">Message Catalog Developer Documentation</ulink>.</para>
|
||
|
||
<para>Note: when attaching <command>journalctl</command>
|
||
output to bug reports, please do <emphasis>not</emphasis> use
|
||
<option>-x</option>.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-q</option></term>
|
||
<term><option>--quiet</option></term>
|
||
|
||
<listitem><para>Suppresses all informational messages
|
||
(i.e. "-- Logs begin at …", "-- Reboot --"),
|
||
any warning messages regarding
|
||
inaccessible system journals when run as a normal
|
||
user.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-m</option></term>
|
||
<term><option>--merge</option></term>
|
||
|
||
<listitem><para>Show entries interleaved from all available
|
||
journals, including remote ones.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-b <optional><replaceable>ID</replaceable></optional><optional><replaceable>±offset</replaceable></optional></option></term>
|
||
<term><option>--boot=<optional><replaceable>ID</replaceable></optional><optional><replaceable>±offset</replaceable></optional></option></term>
|
||
|
||
<listitem><para>Show messages from a specific boot. This will
|
||
add a match for <literal>_BOOT_ID=</literal>.</para>
|
||
|
||
<para>The argument may be empty, in which case logs for the
|
||
current boot will be shown.</para>
|
||
|
||
<para>If the boot ID is omitted, a positive
|
||
<replaceable>offset</replaceable> will look up the boots
|
||
starting from the beginning of the journal, and an
|
||
equal-or-less-than zero <replaceable>offset</replaceable> will
|
||
look up boots starting from the end of the journal. Thus,
|
||
<constant>1</constant> means the first boot found in the
|
||
journal in chronological order, <constant>2</constant> the
|
||
second and so on; while <constant>-0</constant> is the last
|
||
boot, <constant>-1</constant> the boot before last, and so
|
||
on. An empty <replaceable>offset</replaceable> is equivalent
|
||
to specifying <constant>-0</constant>, except when the current
|
||
boot is not the last boot (e.g. because
|
||
<option>--directory</option> was specified to look at logs
|
||
from a different machine).</para>
|
||
|
||
<para>If the 32-character <replaceable>ID</replaceable> is
|
||
specified, it may optionally be followed by
|
||
<replaceable>offset</replaceable> which identifies the boot
|
||
relative to the one given by boot
|
||
<replaceable>ID</replaceable>. Negative values mean earlier
|
||
boots and positive values mean later boots. If
|
||
<replaceable>offset</replaceable> is not specified, a value of
|
||
zero is assumed, and the logs for the boot given by
|
||
<replaceable>ID</replaceable> are shown.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--list-boots</option></term>
|
||
|
||
<listitem><para>Show a tabular list of boot numbers (relative to
|
||
the current boot), their IDs, and the timestamps of the first
|
||
and last message pertaining to the boot.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-k</option></term>
|
||
<term><option>--dmesg</option></term>
|
||
|
||
<listitem><para>Show only kernel messages. This implies
|
||
<option>-b</option> and adds the match
|
||
<literal>_TRANSPORT=kernel</literal>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-t</option></term>
|
||
<term><option>--identifier=<replaceable>SYSLOG_IDENTIFIER</replaceable></option></term>
|
||
|
||
<listitem><para>Show messages for the specified syslog
|
||
identifier
|
||
<replaceable>SYSLOG_IDENTIFIER</replaceable>.</para>
|
||
|
||
<para>This parameter can be specified multiple
|
||
times.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-u</option></term>
|
||
<term><option>--unit=<replaceable>UNIT</replaceable>|<replaceable>PATTERN</replaceable></option></term>
|
||
|
||
<listitem><para>Show messages for the specified systemd unit
|
||
<replaceable>UNIT</replaceable> (such as a service unit), or
|
||
for any of the units matched by
|
||
<replaceable>PATTERN</replaceable>. If a pattern is
|
||
specified, a list of unit names found in the journal is
|
||
compared with the specified pattern and all that match are
|
||
used. For each unit name, a match is added for messages from
|
||
the unit
|
||
(<literal>_SYSTEMD_UNIT=<replaceable>UNIT</replaceable></literal>),
|
||
along with additional matches for messages from systemd and
|
||
messages about coredumps for the specified unit.</para>
|
||
|
||
<para>This parameter can be specified multiple times.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--user-unit=</option></term>
|
||
|
||
<listitem><para>Show messages for the specified user session
|
||
unit. This will add a match for messages from the unit
|
||
(<literal>_SYSTEMD_USER_UNIT=</literal> and
|
||
<literal>_UID=</literal>) and additional matches for messages
|
||
from session systemd and messages about coredumps for the
|
||
specified unit.</para>
|
||
|
||
<para>This parameter can be specified multiple times.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-p</option></term>
|
||
<term><option>--priority=</option></term>
|
||
|
||
<listitem><para>Filter output by message priorities or
|
||
priority ranges. Takes either a single numeric or textual log
|
||
level (i.e. between 0/<literal>emerg</literal> and
|
||
7/<literal>debug</literal>), or a range of numeric/text log
|
||
levels in the form FROM..TO. The log levels are the usual
|
||
syslog log levels as documented in
|
||
<citerefentry project='man-pages'><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
|
||
i.e. <literal>emerg</literal> (0),
|
||
<literal>alert</literal> (1), <literal>crit</literal> (2),
|
||
<literal>err</literal> (3), <literal>warning</literal> (4),
|
||
<literal>notice</literal> (5), <literal>info</literal> (6),
|
||
<literal>debug</literal> (7). If a single log level is
|
||
specified, all messages with this log level or a lower (hence
|
||
more important) log level are shown. If a range is specified,
|
||
all messages within the range are shown, including both the
|
||
start and the end value of the range. This will add
|
||
<literal>PRIORITY=</literal> matches for the specified
|
||
priorities.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-g</option></term>
|
||
<term><option>--grep=</option></term>
|
||
|
||
<listitem><para>Filter output to entries where the <varname>MESSAGE=</varname>
|
||
field matches the specified regular expression. PERL-compatible regular expressions
|
||
are used, see
|
||
<citerefentry><refentrytitle>pcre2pattern</refentrytitle><manvolnum>3</manvolnum></citerefentry>
|
||
for a detailed description of the syntax.</para>
|
||
|
||
<para>If the pattern is all lowercase, matching is case insensitive.
|
||
Otherwise, matching is case sensitive. This can be overridden with the
|
||
<option>--case-sensitive</option> option, see below.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--case-sensitive<optional>=BOOLEAN</optional></option></term>
|
||
|
||
<listitem><para>Make pattern matching case sensitive or case insenstive.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-c</option></term>
|
||
<term><option>--cursor=</option></term>
|
||
|
||
<listitem><para>Start showing entries from the location in the
|
||
journal specified by the passed cursor.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--cursor-file=<replaceable>FILE</replaceable></option></term>
|
||
|
||
<listitem><para>If <replaceable>FILE</replaceable> exists and contains a
|
||
cursor, start showing entries <emphasis>after</emphasis> this location.
|
||
Otherwise the show entries according the other given options. At the end,
|
||
write the cursor of the last entry to <replaceable>FILE</replaceable>. Use
|
||
this option to continually read the journal by sequentially calling
|
||
<command>journalctl</command>.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--after-cursor=</option></term>
|
||
|
||
<listitem><para>Start showing entries from the location in the
|
||
journal <emphasis>after</emphasis> the location specified by
|
||
the passed cursor. The cursor is shown when the
|
||
<option>--show-cursor</option> option is used.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--show-cursor</option></term>
|
||
|
||
<listitem><para>The cursor is shown after the last entry after
|
||
two dashes:</para>
|
||
<programlisting>-- cursor: s=0639…</programlisting>
|
||
<para>The format of the cursor is private
|
||
and subject to change.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-S</option></term>
|
||
<term><option>--since=</option></term>
|
||
<term><option>-U</option></term>
|
||
<term><option>--until=</option></term>
|
||
|
||
<listitem><para>Start showing entries on or newer than the specified date, or on or older than the specified
|
||
date, respectively. Date specifications should be of the format <literal>2012-10-30 18:17:16</literal>. If the
|
||
time part is omitted, <literal>00:00:00</literal> is assumed. If only the seconds component is omitted,
|
||
<literal>:00</literal> is assumed. If the date component is omitted, the current day is assumed. Alternatively
|
||
the strings <literal>yesterday</literal>, <literal>today</literal>, <literal>tomorrow</literal> are understood,
|
||
which refer to 00:00:00 of the day before the current day, the current day, or the day after the current day,
|
||
respectively. <literal>now</literal> refers to the current time. Finally, relative times may be specified,
|
||
prefixed with <literal>-</literal> or <literal>+</literal>, referring to times before or after the current
|
||
time, respectively. For complete time and date specification, see
|
||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>. Note that
|
||
<option>--output=short-full</option> prints timestamps that follow precisely this format.
|
||
</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-F</option></term>
|
||
<term><option>--field=</option></term>
|
||
|
||
<listitem><para>Print all possible data values the specified
|
||
field can take in all entries of the journal.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-N</option></term>
|
||
<term><option>--fields</option></term>
|
||
|
||
<listitem><para>Print all field names currently used in all entries of the journal.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--system</option></term>
|
||
<term><option>--user</option></term>
|
||
|
||
<listitem><para>Show messages from system services and the
|
||
kernel (with <option>--system</option>). Show messages from
|
||
service of current user (with <option>--user</option>). If
|
||
neither is specified, show all messages that the user can see.
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-M</option></term>
|
||
<term><option>--machine=</option></term>
|
||
|
||
<listitem><para>Show messages from a running, local
|
||
container. Specify a container name to connect to.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>-D <replaceable>DIR</replaceable></option></term>
|
||
<term><option>--directory=<replaceable>DIR</replaceable></option></term>
|
||
|
||
<listitem><para>Takes a directory path as argument. If
|
||
specified, journalctl will operate on the specified journal
|
||
directory <replaceable>DIR</replaceable> instead of the
|
||
default runtime and system journal paths.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--file=<replaceable>GLOB</replaceable></option></term>
|
||
|
||
<listitem><para>Takes a file glob as an argument. If
|
||
specified, journalctl will operate on the specified journal
|
||
files matching <replaceable>GLOB</replaceable> instead of the
|
||
default runtime and system journal paths. May be specified
|
||
multiple times, in which case files will be suitably
|
||
interleaved.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--root=<replaceable>ROOT</replaceable></option></term>
|
||
|
||
<listitem><para>Takes a directory path as an argument. If
|
||
specified, journalctl will operate on journal directories and catalog file hierarchy
|
||
underneath the specified directory instead of the root
|
||
directory (e.g. <option>--update-catalog</option> will create
|
||
<filename><replaceable>ROOT</replaceable>/var/lib/systemd/catalog/database</filename>,
|
||
and journal files under <filename><replaceable>ROOT</replaceable>/run/journal</filename>
|
||
or <filename><replaceable>ROOT</replaceable>/var/log/journal</filename> will be displayed).
|
||
</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--header</option></term>
|
||
|
||
<listitem><para>Instead of showing journal contents, show
|
||
internal header information of the journal fields
|
||
accessed.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--disk-usage</option></term>
|
||
|
||
<listitem><para>Shows the current disk usage of all journal
|
||
files. This shows the sum of the disk usage of all archived
|
||
and active journal files.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--vacuum-size=</option></term>
|
||
<term><option>--vacuum-time=</option></term>
|
||
<term><option>--vacuum-files=</option></term>
|
||
|
||
<listitem><para>Removes the oldest archived journal files until the disk space they use falls below the
|
||
specified size (specified with the usual <literal>K</literal>, <literal>M</literal>, <literal>G</literal> and
|
||
<literal>T</literal> suffixes), or all archived journal files contain no data older than the specified timespan
|
||
(specified with the usual <literal>s</literal>, <literal>m</literal>, <literal>h</literal>,
|
||
<literal>days</literal>, <literal>months</literal>, <literal>weeks</literal> and <literal>years</literal>
|
||
suffixes), or no more than the specified number of separate journal files remain. Note that running
|
||
<option>--vacuum-size=</option> has only an indirect effect on the output shown by
|
||
<option>--disk-usage</option>, as the latter includes active journal files, while the vacuuming operation only
|
||
operates on archived journal files. Similarly, <option>--vacuum-files=</option> might not actually reduce the
|
||
number of journal files to below the specified number, as it will not remove active journal
|
||
files.</para>
|
||
|
||
<para><option>--vacuum-size=</option>, <option>--vacuum-time=</option> and <option>--vacuum-files=</option>
|
||
may be combined in a single invocation to enforce any combination of a size, a time and a number of files limit
|
||
on the archived journal files. Specifying any of these three parameters as zero is equivalent to not enforcing
|
||
the specific limit, and is thus redundant.</para>
|
||
|
||
<para>These three switches may also be combined with <option>--rotate</option> into one command. If so, all
|
||
active files are rotated first, and the requested vacuuming operation is executed right after. The rotation has
|
||
the effect that all currently active files are archived (and potentially new, empty journal files opened as
|
||
replacement), and hence the vacuuming operation has the greatest effect as it can take all log data written so
|
||
far into account.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--list-catalog
|
||
<optional><replaceable>128-bit-ID…</replaceable></optional>
|
||
</option></term>
|
||
|
||
<listitem><para>List the contents of the message catalog as a
|
||
table of message IDs, plus their short description strings.
|
||
</para>
|
||
|
||
<para>If any <replaceable>128-bit-ID</replaceable>s are
|
||
specified, only those entries are shown.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--dump-catalog
|
||
<optional><replaceable>128-bit-ID…</replaceable></optional>
|
||
</option></term>
|
||
|
||
<listitem><para>Show the contents of the message catalog, with
|
||
entries separated by a line consisting of two dashes and the
|
||
ID (the format is the same as <filename>.catalog</filename>
|
||
files).</para>
|
||
|
||
<para>If any <replaceable>128-bit-ID</replaceable>s are
|
||
specified, only those entries are shown.</para>
|
||
</listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--update-catalog</option></term>
|
||
|
||
<listitem><para>Update the message catalog index. This command
|
||
needs to be executed each time new catalog files are
|
||
installed, removed, or updated to rebuild the binary catalog
|
||
index.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--setup-keys</option></term>
|
||
|
||
<listitem><para>Instead of showing journal contents, generate
|
||
a new key pair for Forward Secure Sealing (FSS). This will
|
||
generate a sealing key and a verification key. The sealing key
|
||
is stored in the journal data directory and shall remain on
|
||
the host. The verification key should be stored
|
||
externally. Refer to the <option>Seal=</option> option in
|
||
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for information on Forward Secure Sealing and for a link to a
|
||
refereed scholarly paper detailing the cryptographic theory it
|
||
is based on.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--force</option></term>
|
||
|
||
<listitem><para>When <option>--setup-keys</option> is passed
|
||
and Forward Secure Sealing (FSS) has already been configured,
|
||
recreate FSS keys.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--interval=</option></term>
|
||
|
||
<listitem><para>Specifies the change interval for the sealing
|
||
key when generating an FSS key pair with
|
||
<option>--setup-keys</option>. Shorter intervals increase CPU
|
||
consumption but shorten the time range of undetectable journal
|
||
alterations. Defaults to 15min.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--verify</option></term>
|
||
|
||
<listitem><para>Check the journal file for internal
|
||
consistency. If the file has been generated with FSS enabled and
|
||
the FSS verification key has been specified with
|
||
<option>--verify-key=</option>, authenticity of the journal file
|
||
is verified.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--verify-key=</option></term>
|
||
|
||
<listitem><para>Specifies the FSS verification key to use for
|
||
the <option>--verify</option> operation.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--sync</option></term>
|
||
|
||
<listitem><para>Asks the journal daemon to write all yet
|
||
unwritten journal data to the backing file system and
|
||
synchronize all journals. This call does not return until the
|
||
synchronization operation is complete. This command guarantees
|
||
that any log messages written before its invocation are safely
|
||
stored on disk at the time it returns.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--flush</option></term>
|
||
|
||
<listitem><para>Asks the journal daemon to flush any log data
|
||
stored in <filename>/run/log/journal</filename> into
|
||
<filename>/var/log/journal</filename>, if persistent storage
|
||
is enabled. This call does not return until the operation is
|
||
complete. Note that this call is idempotent: the data is only
|
||
flushed from <filename>/run/log/journal</filename> into
|
||
<filename>/var/log/journal</filename> once during system
|
||
runtime, and this command exits cleanly without executing any
|
||
operation if this has already happened. This command
|
||
effectively guarantees that all data is flushed to
|
||
<filename>/var/log/journal</filename> at the time it
|
||
returns.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<varlistentry>
|
||
<term><option>--rotate</option></term>
|
||
|
||
<listitem><para>Asks the journal daemon to rotate journal files. This call does not return until the rotation
|
||
operation is complete. Journal file rotation has the effect that all currently active journal files are marked
|
||
as archived and renamed, so that they are never written to in future. New (empty) journal files are then
|
||
created in their place. This operation may be combined with <option>--vacuum-size=</option>,
|
||
<option>--vacuum-time=</option> and <option>--vacuum-file=</option> into a single command, see
|
||
above.</para></listitem>
|
||
</varlistentry>
|
||
|
||
<xi:include href="standard-options.xml" xpointer="help" />
|
||
<xi:include href="standard-options.xml" xpointer="version" />
|
||
<xi:include href="standard-options.xml" xpointer="no-pager" />
|
||
</variablelist>
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>Exit status</title>
|
||
|
||
<para>On success, 0 is returned; otherwise, a non-zero failure
|
||
code is returned.</para>
|
||
</refsect1>
|
||
|
||
<xi:include href="less-variables.xml" />
|
||
|
||
<refsect1>
|
||
<title>Examples</title>
|
||
|
||
<para>Without arguments, all collected logs are shown
|
||
unfiltered:</para>
|
||
|
||
<programlisting>journalctl</programlisting>
|
||
|
||
<para>With one match specified, all entries with a field matching
|
||
the expression are shown:</para>
|
||
|
||
<programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service
|
||
journalctl _SYSTEMD_CGROUP=/user.slice/user-42.slice/session-c1.scope</programlisting>
|
||
|
||
<para>If two different fields are matched, only entries matching
|
||
both expressions at the same time are shown:</para>
|
||
|
||
<programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting>
|
||
|
||
<para>If two matches refer to the same field, all entries matching
|
||
either expression are shown:</para>
|
||
|
||
<programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting>
|
||
|
||
<para>If the separator <literal>+</literal> is used, two
|
||
expressions may be combined in a logical OR. The following will
|
||
show all messages from the Avahi service process with the PID
|
||
28097 plus all messages from the D-Bus service (from any of its
|
||
processes):</para>
|
||
|
||
<programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting>
|
||
|
||
<para>To show all fields emitted <emphasis>by</emphasis> a unit and <emphasis>about</emphasis>
|
||
the unit, option <option>-u</option>/<option>--unit=</option> should be used.
|
||
<command>journalctl -u <replaceable>name</replaceable></command>
|
||
expands to a complex filter similar to
|
||
<programlisting>_SYSTEMD_UNIT=<replaceable>name</replaceable>.service
|
||
+ UNIT=<replaceable>name</replaceable>.service _PID=1
|
||
+ OBJECT_SYSTEMD_UNIT=<replaceable>name</replaceable>.service _UID=0
|
||
+ COREDUMP_UNIT=<replaceable>name</replaceable>.service _UID=0 MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1
|
||
</programlisting>
|
||
(see <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
||
for an explanation of those patterns).
|
||
</para>
|
||
|
||
<para>Show all logs generated by the D-Bus executable:</para>
|
||
|
||
<programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
|
||
|
||
<para>Show all kernel logs from previous boot:</para>
|
||
|
||
<programlisting>journalctl -k -b -1</programlisting>
|
||
|
||
<para>Show a live log display from a system service
|
||
<filename>apache.service</filename>:</para>
|
||
|
||
<programlisting>journalctl -f -u apache</programlisting>
|
||
|
||
</refsect1>
|
||
|
||
<refsect1>
|
||
<title>See Also</title>
|
||
<para>
|
||
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>coredumpctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-journal-remote.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
||
<citerefentry><refentrytitle>systemd-journal-upload.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
||
</para>
|
||
</refsect1>
|
||
</refentry>
|