Linux常用命令-journalctl

命令

journalctl

描述

Query the systemd journal
查询systemd系统日志

用法

1
journalctl [OPTIONS...] [MATCHES...]

选项

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
Options:
Flags:
--system 显示系统日志
--user 显示当前用户日志
-S --since=DATE 显示指定时间之后的日志,如"2021-02-10 16:00:00",日期可省略
-U --until=DATE 显示指定时间之前的日志,即从开始到指定时间
-b --boot[=ID] 显示启动日志
-k --dmesg 显示kernel日志
-u --unit=UNIT 显示指定单元的日志,可使用tab补全参数
-t --identifier=STRING 显示指定标识的日志,可使用tab补全参数
-p --priority=RANGE 显示指定级别日志,如err,warning
-e --pager-end 跳转到日志结尾
-f --follow 追加显示新的日志
-n --lines[=INTEGER] 指定显示的日志条目数
-r --reverse 从后往前倒序显示
-o --output=STRING 指定日志的显示格式,可选参数short,short-iso,verbose,export,json等
--utc 使用utc时间
-a --all 显示所有字段,包括不可打印字段
-q --quiet 不显示特权警告
--no-pager 直接显示所有日志,不分页
-D --directory=PATH 指定日志目录
--file=PATH 指定日志文件
Commands:
--field=FIELD 显示指定字段的日志,可tab补全
--new-id128 生成一个128bit的UUID值
--disk-usage 查看所有日志所占用的空间大小
--vacuum-size=BYTES 将磁盘使用减少到指定大小以下
--vacuum-time=TIME 删除指定时间之前的日志
--flush 刷新所有日志从/run到/var
--header 显示系统日志信息,包括日志路径,大小,时间,条目等
--verify 验证日志文件的一致性

注意

该命令是通过less命令来查看日志的,具体快捷键参考less命令
journald服务对应的配置文件路径为/etc/systemd/journald.conf

示例

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
$ journalctl
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:03:26 CST. --
Feb 26 15:58:23 centos7 systemd-journal[95]: Runtime journal is using 8.0M (max allowed 99.0M, tryi
Feb 26 15:58:23 centos7 kernel: Initializing cgroup subsys cpuset
Feb 26 15:58:23 centos7 kernel: Initializing cgroup subsys cpu
Feb 26 15:58:23 centos7 kernel: Initializing cgroup subsys cpuacct
Feb 26 15:58:23 centos7 kernel: Linux version 3.10.0-1160.11.1.el7.x86_64 (mockbuild@kbuilder.bsys.
Feb 26 15:58:23 centos7 kernel: Command line: BOOT_IMAGE=/vmlinuz-3.10.0-1160.11.1.el7.x86_64 root=
Feb 26 15:58:23 centos7 kernel: Disabled fast string operations
...
# -S显示指定时间之后的日志
$ journalctl -S 16:00
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:13:26 CST. --
Feb 26 16:00:01 centos7 systemd[1]: Started Session 3 of user root.
Feb 26 16:00:01 centos7 CROND[1231]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Feb 26 16:00:01 centos7 systemd[1]: Created slice User Slice of usera.
Feb 26 16:00:01 centos7 systemd[1]: Started Session 4 of user usera.
Feb 26 16:00:01 centos7 systemd[1]: Started Session 5 of user root.
# 显示指定时间段的日志
$ journalctl -S 16:00 -U 16:02
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:50:01 CST. --
Feb 26 16:00:01 centos7 systemd[1]: Started Session 3 of user root.
Feb 26 16:00:01 centos7 postfix/pickup[1018]: 1F95078C82: uid=1004 from=<usera>
Feb 26 16:00:01 centos7 postfix/pickup[1018]: 2075E78C83: uid=0 from=<root>
Feb 26 16:00:01 centos7 postfix/qmgr[1019]: 2075E78C83: removed
Feb 26 16:01:01 centos7 systemd[1]: Created slice User Slice of usera.
Feb 26 16:01:01 centos7 systemd[1]: Started Session 6 of user usera.
Feb 26 16:01:01 centos7 systemd[1]: Started Session 7 of user root.
$ journalctl -u (tab补全)
auditd.service session-34.scope
crond.service session-35.scope
dbus.service session-36.scope
lvm2-monitor.service session-37.scope
lvm2-pvscan@8:2.service session-38.scope
NetworkManager-dispatcher.service
...
# 查看crond服务日志
$ journalctl -u crond.service
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:10:01 CST. --
Feb 26 15:58:26 centos7 systemd[1]: Started Command Scheduler.
Feb 26 15:58:26 centos7 crond[667]: (CRON) INFO (RANDOM_DELAY will be scaled with factor 8% if used
Feb 26 15:58:26 centos7 crond[667]: (CRON) INFO (running with inotify support)
Feb 26 16:34:01 node01 crond[667]: (root) RELOAD (/var/spool/cron/root)
Feb 26 16:35:01 node01 crond[667]: (usera) RELOAD (/var/spool/cron/usera)
# 查看sshd服务日志
$ journalctl -u sshd.service
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:13:26 CST. --
Feb 26 15:58:26 centos7 systemd[1]: Starting OpenSSH server daemon...
Feb 26 15:58:26 centos7 sshd[889]: Server listening on 0.0.0.0 port 22.
Feb 26 15:58:26 centos7 systemd[1]: Started OpenSSH server daemon.
Feb 26 15:58:36 centos7 sshd[1152]: Accepted password for root from 192.168.80.1 port 52361 ssh2
Feb 26 16:18:15 centos7 sshd[2013]: Accepted password for root from 192.168.80.1 port 52387 ssh2
# -t显示指定标识的日志
$ journalctl -t sshd
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:18:26 CST. --
Feb 26 15:58:26 centos7 sshd[889]: Server listening on 0.0.0.0 port 22.
Feb 26 15:58:36 centos7 sshd[1152]: Accepted password for root from 192.168.80.1 port 52361 ssh2
Feb 26 15:58:36 centos7 sshd[1152]: pam_unix(sshd:session): session opened for user root by (uid=0)
Feb 26 16:18:15 centos7 sshd[2013]: Accepted password for root from 192.168.80.1 port 52387 ssh2
Feb 26 16:18:15 centos7 sshd[2013]: pam_unix(sshd:session): session opened for user root by (uid=0)
# -p显示指定级别日志
$ journalctl -p
alert crit debug emerg err info notice warning
$ journalctl -p err
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:20:01 CST. --
Feb 26 15:58:24 centos7 kernel: sd 2:0:0:0: [sda] Assuming drive cache: write through
Feb 26 15:58:24 centos7 systemd[1]: Failed to start Apply Kernel Variables.
Feb 26 15:58:25 centos7 kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
# -r倒叙显示日志
$ journalctl -r
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:43:26 CST. --
Feb 26 17:43:26 centos7 postfix/local[5069]: EDB3777F93: to=<usera@centos7.localdomain>, orig_to=<u
Feb 26 17:43:26 centos7 postfix/local[5069]: warning: specify "strict_mailbox_ownership = no" to ig
Feb 26 17:40:01 centos7 CROND[5022]: (root) CMD (/usr/lib64/sa/sa1 1 1)
Feb 26 17:40:01 centos7 systemd[1]: Started Session 58 of user root.
# -o指定显示格式
$ journalctl -o short-iso
-- Logs begin at Fri 2021-02-26 15:58:23 CST, end at Fri 2021-02-26 17:43:26 CST. --
2021-02-26T15:58:23+0800 centos7 systemd-journal[95]: Runtime journal is using 8.0M (max allowed 99
2021-02-26T15:58:23+0800 centos7 kernel: Initializing cgroup subsys cpuset
2021-02-26T15:58:23+0800 centos7 kernel: Initializing cgroup subsys cpu
2021-02-26T15:58:23+0800 centos7 kernel: Initializing cgroup subsys cpuacct
# 生成uuid
$ journalctl --new-id128
As string:
e67db95d9be24298a2d2c4fa208ba404
As UUID:
e67db95d-9be2-4298-a2d2-c4fa208ba404
As macro:
#define MESSAGE_XYZ SD_ID128_MAKE(e6,7d,b9,5d,9b,e2,42,98,a2,d2,c4,fa,20,8b,a4,04)
As Python constant:
>>> import uuid
>>> MESSAGE_XYZ = uuid.UUID('e67db95d9be24298a2d2c4fa208ba404')
# 查看日志占用大小
$ journalctl --disk-usage
Archived and active journals take up 8.0M on disk.
# 指定日志最大占用1G空间,最长保留30天的日志
$ journalctl --vacuum-size=1G
$ journalctl --vacuum-time=30day