Home > Package & System Management > journalctl

Mastering Journalctl

A key tool for querying and managing systemd logs. Use this guide to learn about the various options and uses of `journalctl`.

Main Options

Click on the options below to create the `journalctl` command and check the descriptions of each feature. This tool helps users intuitively understand how the command works by combining various options.

1. Basic Query

2. Filtering

3. Output Format

Generated command:

Try combining the commands.

Description:

`journalctl` Executes the command.

Combine the above options to virtually execute commands with AI.

Log Storage and Structure

The `journald` service stores system logs in a binary format at a specific location. The storage method varies depending on system settings, which directly affects log retention periods. This section explains where and how logs are stored.

🌀 Volatile Storage

/run/log/journal/

Logs here are deleted when the system is rebooted. It is primarily used for short-term troubleshooting or temporary log storage. If no permanent storage directory is set, this location is used by default.

💾 Persistent Storage

/var/log/journal/

This path is used when you want to preserve logs even after a system reboot. Most production server environments are configured to store logs at this path. If this directory exists, `journald` automatically preserves logs permanently.

Configuration Files and Log Cleanup

To prevent logs from excessively consuming disk space, you can modify the settings of `journald` or periodically clean up old logs. This section introduces related configuration files and cleanup commands.

Configuration File: journald.conf

All operations of `journald` can be controlled in the `/etc/systemd/journald.conf` file. Here are the main configuration options. After changing settings, restart the service with the command `sudo systemctl restart systemd-journald`.

  • Storage=: Determines how logs are stored. (`persistent`, `volatile`, `auto`)
  • SystemMaxUse=: Specifies the maximum disk space the journal can use. (e.g., `1G`)
  • SystemKeepFree=: Specifies the minimum amount of free space that must always be available. (e.g., `200M`)
  • ForwardToSyslog=: Determines whether to forward logs to the existing syslog daemon.

Log Cleanup

You can manually clean up logs to free up disk space. Deleted logs cannot be recovered, so caution is advised.

Check Current Disk Usage

journalctl --disk-usage

Checks the disk space currently occupied by the journal.

Delete Old Logs (Based on Time)

sudo journalctl --vacuum-time=2weeks

Deletes all logs older than the specified time.

Limit Log Size (Based on Size)

sudo journalctl --vacuum-size=500M

Limits the total size of journal files to the specified capacity and deletes old logs.

Same category commands

apropos

apropos: Search Manual Pages

apt

APT (Advanced Package Tool) Command Guide

at

at Command Guide: Scheduling One-Time Tasks

crontab

Complete Guide to the crontab Command: How to Schedule Repetitive Tasks

dd

dd: File Conversion and Copying