Startpagina > Pakket- en systeembeheer > journalctl

journalctl: Realtime system log monitoring

journalctl is a powerful tool for querying and analyzing logs generated by the systemd journal. The `-f` option, in particular, is very useful for diagnosing system issues or monitoring application behavior by tracking new log entries in real-time. It is similar to the traditional `tail -f` command but offers more robust filtering and searching capabilities by leveraging the structured data of the systemd journal.

Overview

journalctl is a command to query logs from the journal, a centralized log management system in systemd-based systems. The `-f` option, short for 'follow', enables real-time monitoring by immediately displaying new log entries to the screen as they are written to the journal. This is an essential feature in various scenarios such as server administration, application debugging, and system event tracking.

Key Features

  • Real-time log tracking (-f)
  • Filtering by systemd service
  • Filtering by log level
  • Time-based log querying
  • Utilizing structured log data

Key Options

journalctl allows for fine-grained control over log querying through various options. Understanding the options used with `-f` can lead to efficient log analysis.

Real-time Tracking and Filtering

Gegenereerde opdracht:

Probeer de opdrachtcombinaties.

Uitleg:

`journalctl` Voer het commando uit.

Combineer deze opties en voer de opdracht virtueel uit met de AI.

Usage Examples

Demonstrates various real-time log monitoring methods using journalctl -f.

Real-time Tracking of All System Logs

journalctl -f

View all system logs in real-time.

Real-time Tracking of Specific Service Logs

journalctl -f -u nginx.service

Track logs only for the `nginx.service` unit in real-time.

Real-time Tracking of Error and Warning Logs

journalctl -f -p err

Track only logs with priority 'err' or higher in real-time.

Simultaneous Tracking of Multiple Service Logs

journalctl -f -u sshd.service -u cron.service

Simultaneously track logs from multiple services in real-time.

Tracking Logs Since a Specific Time

journalctl -f --since "1 hour ago"

Display logs from the last hour and start real-time tracking.

Tips & Precautions

Useful tips and precautions when using journalctl -f.

Useful Tips

  • Stop log tracking: Press `Ctrl+C` to stop real-time log tracking.
  • Additional filtering: You can further filter the output logs using `grep` and a pipe (|). Example: `journalctl -f | grep "error"`
  • Cursor movement: Use `PageUp`/`PageDown` keys to scroll, and the `End` key to jump to the latest logs.
  • Log coloring: `journalctl` by default uses different colors for log levels to improve readability.

Precautions

While journalctl -f does not consume significant system resources, in environments with a very high volume of rapidly generated logs, terminal output can become excessive. If necessary, it is advisable to reduce the load by filtering with options like `-u` or `-p`.

Hétzelfde categoriecommando

acl

ACL: Toegangscontrolelijstbeheer

anacron

anacron: periodieke taken uitvoeren na systeemopstart

ansible

ansible: Beheer en automatisering van servers op afstand

apropos

apropos: Handboekpagina's zoeken

apt

APT (Advanced Package Tool) Commandogids