§2023-08-17
- How To Use Journalctl to View and Manipulate Systemd Logs Published on February 6, 2015 · Updated on July 10, 2021 System Tools
¶Introduction
Some of the most compelling advantages of systemd are those involved with process and system logging. The systemd logs all process information in binary form at,
$ ls -l /var/log/journal/
total 16
drwxr-sr-x+ 2 root systemd-journal 4096 8月 15 19:55 9759233adc5f447ea52e1e4ae8a45f96
drwxr-sr-x+ 2 root systemd-journal 4096 8月 15 21:11 de0a0437c9044040a19fdbc9eea846ba
$ ls -l /var/log/journal/9759233adc5f447ea52e1e4ae8a45f96/
total 13160
-rw-r-----+ 1 root systemd-journal 5083688 8月 15 19:55 system@f5bfac61aa8d443b8f3dc9d751970109-0000000000000001-0005fb38b0932f01.journal
-rw-r-----+ 1 root systemd-journal 8388608 8月 15 19:58 system.journal
To view and interpret the contents of these log files, you would typically use the journalctl command with appropriate options, as mentioned in my previous responses. This command allows you to query and read the logs stored in these binary files without needing to manually parse the binary data.
¶Setting the System Time
One of the benefits of using a binary journal for logging is the ability to view log records in UTC or local time at will. By default, systemd will display results in local time.
$ timedatectl list-timezones
Africa/Abidjan
Africa/Accra
Africa/Addis_Ababa
Africa/Algiers
Africa/Asmara
Africa/Asmera
...
to set time zone,
sudo timedatectl set-timezone zone
$ timedatectl status
Local time: 四 2023-08-17 05:55:00 CST
Universal time: 三 2023-08-16 21:55:00 UTC
RTC time: 三 2023-08-16 21:55:01
Time zone: Asia/Taipei (CST, +0800)
System clock synchronized: yes
NTP service: active
RTC in local TZ: no
¶ Basic Log Viewing
- display as your time zone
$ journalctl
8月 15 19:58:29 orgpi5Arch kernel: Booting Linux on physical CPU 0x0000000000 [0x412fd050]
8月 15 19:58:29 orgpi5Arch kernel: Linux version 5.10.110-4+ (root@aarch64) (gcc (GCC) 12.1.0, GNU ld (GNU Binutils) 2.38) #1 SMP Tue May 16 02:34:06 UT>
8月 15 19:58:29 orgpi5Arch kernel: Machine model: RK3588 OPi 5 Plus
8月 15 19:58:29 orgpi5Arch kernel: efi: UEFI not found.
8月 15 19:58:29 orgpi5Arch kernel: OF: fdt: Reserved memory: failed to reserve memory for node 'drm-logo@00000000': base 0x0000000000000000, size 0 MiB
8月 15 19:58:29 orgpi5Arch kernel: OF: fdt: Reserved memory: failed to reserve memory for node 'drm-cubic-lut@00000000': base 0x0000000000000000, size 0>
8月 15 19:58:29 orgpi5Arch kernel: Reserved memory: bypass cma node, using cmdline CMA params instead
8月 15 19:58:29 orgpi5Arch kernel: OF: reserved mem: node cma compatible matching fail
8月 15 19:58:29 orgpi5Arch kernel: Zone ranges:
8月 15 19:58:29 orgpi5Arch kernel: DMA [mem 0x0000000000200000-0x00000000ffffffff]
8月 15 19:58:29 orgpi5Arch kernel: DMA32 empty
8月 15 19:58:29 orgpi5Arch kernel: Normal [mem 0x0000000100000000-0x00000003ffefffff]
8月 15 19:58:29 orgpi5Arch kernel: Movable zone start for each node
8月 15 19:58:29 orgpi5Arch kernel: Early memory node ranges
- as UTC
$ journalctl --utc
8月 15 11:58:29 orgpi5Arch kernel: Booting Linux on physical CPU 0x0000000000 [0x412fd050]
8月 15 11:58:29 orgpi5Arch kernel: Linux version 5.10.110-4+ (root@aarch64) (gcc (GCC) 12.1.0, GNU ld (GNU Binutils) 2.38) #1 SMP Tue May 16 02:34:06 UT>
8月 15 11:58:29 orgpi5Arch kernel: Machine model: RK3588 OPi 5 Plus
8月 15 11:58:29 orgpi5Arch kernel: efi: UEFI not found.
8月 15 11:58:29 orgpi5Arch kernel: OF: fdt: Reserved memory: failed to reserve memory for node 'drm-logo@00000000': base 0x0000000000000000, size 0 MiB
8月 15 11:58:29 orgpi5Arch kernel: OF: fdt: Reserved memory: failed to reserve memory for node 'drm-cubic-lut@00000000': base 0x0000000000000000, size 0>
8月 15 11:58:29 orgpi5Arch kernel: Reserved memory: bypass cma node, using cmdline CMA params instead
8月 15 11:58:29 orgpi5Arch kernel: OF: reserved mem: node cma compatible matching fail
8月 15 11:58:29 orgpi5Arch kernel: Zone ranges:
8月 15 11:58:29 orgpi5Arch kernel: DMA [mem 0x0000000000200000-0x00000000ffffffff]
8月 15 11:58:29 orgpi5Arch kernel: DMA32 empty
journalctl --list-bootslist all the boots
[alexlai@orgpi5Arch ~]$ journalctl --list-boots
IDX BOOT ID FIRST ENTRY LAST ENTRY
-7 c5c41abf349a4f049c17c92cf1f26b37 Tue 2023-08-15 19:58:29 CST Tue 2023-08-15 20:02:45 CST
-6 491ae6a7684b47c79e342124fbdefbd0 Tue 2023-08-15 20:02:55 CST Tue 2023-08-15 20:12:49 CST
-5 5032f8645c4f4430a370713cc376f95a Tue 2023-08-15 20:13:00 CST Tue 2023-08-15 20:30:12 CST
-4 75f29e066009486c8eb78f3e2df35672 Tue 2023-08-15 20:30:23 CST Tue 2023-08-15 20:54:42 CST
-3 cf4daaac53254d5c883e088ac8475ce6 Tue 2023-08-15 20:54:52 CST Tue 2023-08-15 20:59:19 CST
-2 ac4b650196894659b93847e26e632f6d Tue 2023-08-15 20:59:29 CST Tue 2023-08-15 21:02:36 CST
-1 284fde743f2a40e58ac0b4e424adc942 Tue 2023-08-15 21:02:46 CST Tue 2023-08-15 21:10:09 CST
0 6f3c5d3fdc654361b9a843b0d9af3bd2 Tue 2023-08-15 21:10:20 CST Thu 2023-08-17 06:04:50 CST
¶Journal Filtering by Time
-bThis will show you all of the journal entries that have been collected since the most recent reboot.
$ journalctl -b
5Arch kernel: Booting Linux on physical CPU 0x0000000000 [0x412fd050]
8月 15 21:10:20 orgpi5Arch kernel: Linux version 5.10.110-4+ (root@aarch64) (gcc (GCC) 12.1.0, GNU ld (GNU Binutils) 2.38) #1 SMP Tue May 16 02:34:06 UT>
8月 15 21:10:20 orgpi5Arch kernel: Machine model: RK3588 OPi 5 Plus
8月 15 21:10:20 orgpi5Arch kernel: efi: UEFI not found.
8月 15 21:10:20 orgpi5Arch kernel: OF: fdt: Reserved memory:
- journalctl -b -1
- see the journal from the previous boot, use the -1 relative pointer with the -b flag: