Home > Package & System Management > journalctl

Mastering Journalctl: Your Guide to Systemd Logs

The essential tool for viewing and managing systemd logs. This guide will help you understand the various options and uses of journalctl.

Key Options

Click the options below to build your `journalctl` command and learn about each function. This tool helps users intuitively understand how commands work by combining various options.

1. Basic Viewing

2. Filtering

3. Output Format

Generated command:

Try combining the commands.

Description:

`journalctl` Executes the command.

Combine the above options to virtually execute commands with AI.

Log Storage and Structure

The `journald` service stores system logs in a binary format at specific locations. The storage method varies depending on system settings, which directly relates to log retention periods. This section explains where and how logs are stored.

🌀 Volatile Storage

/run/log/journal/

Logs in this location are deleted upon system reboot. It is primarily used for short-term troubleshooting or temporary log storage. If a permanent storage directory is not configured on the system, this location is used by default.

💾 Persistent Storage

/var/log/journal/

This path is used to preserve logs even after a system reboot. In most production server environments, logs are configured to be stored here. If this directory exists, journald automatically preserves logs permanently.

Configuration Files and Log Cleanup

To prevent logs from consuming excessive disk space, you can modify `journald` settings or periodically clean up old logs. This section introduces relevant configuration files and cleanup commands.

Configuration File: journald.conf

All journald operations can be controlled via the /etc/systemd/journald.conf file. Below are the main configuration options. After making changes, you must restart the service with sudo systemctl restart systemd-journald.

  • Storage=: Determines the log storage method (persistent, volatile, auto).
  • SystemMaxUse=: Specifies the maximum disk space the journal can use (e.g., 1G).
  • SystemKeepFree=: Specifies the minimum free space that must always be maintained (e.g., 200M).
  • ForwardToSyslog=: Sets whether to forward logs to the traditional syslog daemon.

Log Cleanup

You can manually clean up logs to free up disk space. Be careful, as deleted logs cannot be recovered.

Check Current Disk Usage

journalctl --disk-usage

Checks the current disk space occupied by the journal.

Delete Old Logs (by time)

sudo journalctl --vacuum-time=2weeks

Deletes all logs older than the specified time.

Limit Log Size (by capacity)

sudo journalctl --vacuum-size=500M

Limits the total size of journal files to the specified capacity and deletes older logs.

Same category commands

acl

ACL: Access Control List Management

anacron

anacron: Run periodic commands when the system is not running

ansible

ansible: Remote Server Management and Automation

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide