介绍
journalctl是一个用于查看系统日志的命令行工具,它用于访问和管理 systemd-journald 服务收集的日志信息。systemd-journald 是 Systemd 系统管理守护进程的一部分,负责收集、存储和检索系统日志。只用journalctl一个命令,查看所有日志(内核日志和应用日志)。 journalctl需要管理员权限才能运行
- 以下是一些常用的参数:
- –since:指定起始时间,显示从指定时间开始的日志条目。
- –until:指定结束时间,显示到指定时间结束的日志条目。
- –identifier:按照指定的标识符(如进程名称或单元名称)筛选日志条目。
- –unit:按照指定的单元(服务、套接字、设备等)筛选日志条目。
- –priority 或 -p:按照指定的日志级别筛选日志条目。
- –grep:按照指定的关键字筛选包含该关键字的日志条目。
- –boot:按照指定的引导 ID 筛选日志条目。
- –system 或 --user:选择系统日志或用户日志。
- –output:指定输出日志的格式,如 short、short-iso、json 等。
- –follow 或 -f:实时跟踪日志的变化,类似于 tail -f 命令。
- 更多详细参数查看
man journalctl
部分参数示例
查看所有日志,一般不会这样用,输出太多了,不便于查看
[root@localhost ~]# journalctl
Oct 21 21:19:30 localhost kernel: microcode: microcode updated early to revision 0xf4, date = 2023-02-23
Oct 21 21:19:30 localhost kernel: Linux version 6.1.0-13-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 SMP PREE>
Oct 21 21:19:30 localhost kernel: Command line: BOOT_IMAGE=/vmlinuz-6.1.0-13-amd64 root=/dev/mapper/localhost--vg-root ro quiet
Oct 21 21:19:30 localhost kernel: BIOS-provided physical RAM map:
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x0000000000000fff] reserved
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x0000000000001000-0x000000000008ffff] usable
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x0000000000090000-0x0000000000090fff] type 20
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x0000000000091000-0x000000000009efff] usable
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x000000000009f000-0x00000000000fffff] reserved
Oct 21 21:19:30 localhost kernel: BIOS-e820: [mem 0x0000000000100000-0x000000007d8fcfff] usable
..........
查看内核日志,不显示应用日志
[root@localhost ~]# journalctl -k
Oct 28 00:55:30 localhost kernel: microcode: updated early: 0xd6 -> 0xf4, date = 2023-02-23
Oct 28 00:55:30 localhost kernel: Linux version 6.4.0-0.deb12.2-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 S>
Oct 28 00:55:30 localhost kernel: Command line: BOOT_IMAGE=/vmlinuz-6.4.0-0.deb12.2-amd64 root=/dev/mapper/localhost--vg-root ro reboot=bios quiet
Oct 28 00:55:30 localhost kernel: BIOS-provided physical RAM map:
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000005efff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x000000000005f000-0x000000000005ffff] reserved
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000060000-0x000000000009ffff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000100000-0x000000007d553fff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x000000007d554000-0x000000007eda2fff] reserved
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x000000007eda3000-0x000000007ef7dfff] ACPI data
查看系统本次启动日志
[root@localhost ~]# journalctl -b
Oct 28 00:55:30 localhost kernel: microcode: updated early: 0xd6 -> 0xf4, date = 2023-02-23
Oct 28 00:55:30 localhost kernel: Linux version 6.4.0-0.deb12.2-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 S>
Oct 28 00:55:30 localhost kernel: Command line: BOOT_IMAGE=/vmlinuz-6.4.0-0.deb12.2-amd64 root=/dev/mapper/localhost--vg-root ro reboot=bios quiet
Oct 28 00:55:30 localhost kernel: BIOS-provided physical RAM map:
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000005efff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x000000000005f000-0x000000000005ffff] reserved
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000060000-0x000000000009ffff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x0000000000100000-0x000000007d553fff] usable
Oct 28 00:55:30 localhost kernel: BIOS-e820: [mem 0x000000007d554000-0x000000007eda2fff] reserved
查看系统上次启动日志
# -1 意为上一次启动,该选项意思为倒数第几次启动,从0开始。例:-0为倒数第0次启动,即本次启动。-10为倒数第10次启动
[root@localhost ~]# journalctl -b -1
Oct 28 00:53:39 localhost kernel: microcode: updated early: 0xd6 -> 0xf4, date = 2023-02-23
Oct 28 00:53:39 localhost kernel: Linux version 6.4.0-0.deb12.2-amd64 (debian-kernel@lists.debian.org) (gcc-12 (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40) #1 S>
Oct 28 00:53:39 localhost kernel: Command line: BOOT_IMAGE=/vmlinuz-6.4.0-0.deb12.2-amd64 root=/dev/mapper/localhost--vg-root ro reboot=bios quiet
Oct 28 00:53:39 localhost kernel: BIOS-provided physical RAM map:
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000005efff] usable
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x000000000005f000-0x000000000005ffff] reserved
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x0000000000060000-0x000000000009ffff] usable
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x00000000000a0000-0x00000000000fffff] reserved
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x0000000000100000-0x000000007d553fff] usable
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x000000007d554000-0x000000007eda2fff] reserved
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x000000007eda3000-0x000000007ef7dfff] ACPI data
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x000000007ef7e000-0x000000007f42dfff] ACPI NVS
Oct 28 00:53:39 localhost kernel: BIOS-e820: [mem 0x000000007f42e000-0x000000007fc4afff] reserved
根据日志级别筛查
- 使用-p参数查询日志级别,可选参数如下:
- 0 或 emerg:紧急情况
- 1 或 alert:警报
- 2 或 crit:临界状态
- 3 或 err:错误
- 4 或 warning:警告
- 5 或 notice:注意
- 6 或 info:信息
- 7 或 debug:调试信息
[root@localhost ~]# journalctl -b -0 -p err
Oct 28 16:00:59 localhost sshd[94464]: error: kex_exchange_identification: banner line contains invalid characters
Oct 29 01:19:02 localhost sshd[150735]: error: kex_exchange_identification: Connection closed by remote host
Oct 29 01:19:25 localhost sshd[768]: error: beginning MaxStartups throttling
Oct 29 06:04:01 localhost sshd[196313]: error: kex_exchange_identification: banner line contains invalid characters
Oct 29 21:04:29 localhost sshd[277023]: error: kex_exchange_identification: banner line contains invalid characters
Oct 29 21:26:26 localhost sshd[278774]: error: kex_exchange_identification: banner line contains invalid characters
Oct 30 07:37:47 localhost sshd[307251]: error: kex_exchange_identification: Connection closed by remote host
Oct 30 07:43:33 localhost sshd[768]: error: beginning MaxStartups throttling
查看指定时间的日志
--since可选参数示例如下- –since=“2023-10-16 14:22:02”
- –since “30 min ago”
- –since yesterday
- –since “2021-01-01” --until “2021-09-16 13:40”
- –since 07:30 --until “2 hour ago”
- 使用
man 7 systemd.time命令查看更多支持的时间参数
[root@localhost ~]# journalctl --since="2023-10-30 14:22:02" --until "2023-10-31 13:40"
Oct 30 14:25:23 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=114.247.113.183 DST=192.168.1.80 LEN=70 TOS=0x00 PREC=0x00 TTL=116 ID=35>
Oct 30 14:25:38 localhost smartd[716]: Device: /dev/sdc [SAT], SMART Usage Attribute: 194 Temperature_Celsius changed from 112 to 113
Oct 30 14:25:44 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=222.129.130.135 DST=192.168.1.80 LEN=69 TOS=0x00 PREC=0x00 TTL=119 ID=26>
Oct 30 14:26:04 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=222.129.130.135 DST=192.168.1.80 LEN=66 TOS=0x00 PREC=0x00 TTL=119 ID=26>
Oct 30 14:29:51 localhost sshd[337868]: Received disconnect from 58.247.31.242 port 50136:11: disconnected by user
Oct 30 14:29:51 localhost sshd[337868]: Disconnected from user root 58.247.31.242 port 50136
显示结尾n行日志
-n参数指定需要查询的行数(从后往前)。
[root@localhost ~]# journalctl -n 15
Oct 30 21:13:23 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=101.80.50.91 DST=192.168.1.80 LEN=59 TOS=0x00 PREC=0x00 TTL=54 ID=61000 >
Oct 30 21:13:43 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=157.0.138.53 DST=192.168.1.80 LEN=58 TOS=0x00 PREC=0x00 TTL=57 ID=50602 >
Oct 30 21:14:11 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=117.65.234.127 DST=192.168.1.80 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=2188>
Oct 30 21:14:25 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=123.160.221.48 DST=192.168.1.80 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=2210>
Oct 30 21:14:44 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=124.79.246.214 DST=192.168.1.80 LEN=60 TOS=0x08 PREC=0x00 TTL=117 ID=142>
Oct 30 21:15:17 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=185.216.140.186 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=19>
Oct 30 21:15:24 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=183.211.128.84 DST=192.168.1.80 LEN=60 TOS=0x04 PREC=0x00 TTL=53 ID=1029>
Oct 30 21:15:43 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=172.105.80.248 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=219>
Oct 30 21:16:08 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=172.104.244.253 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=17>
Oct 30 21:16:26 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=172.232.218.227 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=12>
Oct 30 21:16:46 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=118.193.103.142 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=50>
Oct 30 21:17:01 localhost CRON[564547]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Oct 30 21:17:01 localhost CRON[564548]: (root) CMD (cd / && run-parts --report /etc/cron.hourly)
Oct 30 21:17:01 localhost CRON[564547]: pam_unix(cron:session): session closed for user root
Oct 30 21:17:03 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=77.90.185.110 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=4999>
lines 1-15/15 (END)
滚动显示最新日志,Ctrl+c 停止。与tail -f 类似
[root@localhost ~]# journalctl -f
Oct 30 21:16:26 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=172.232.218.227 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=12741 PROTO=TCP SPT=60000 DPT=39285 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 30 21:16:46 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=118.193.103.142 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=50572 PROTO=TCP SPT=65488 DPT=45054 WINDOW=512 RES=0x00 SYN URGP=0
Oct 30 21:17:01 localhost CRON[564547]: pam_unix(cron:session): session opened for user root(uid=0) by (uid=0)
Oct 30 21:17:01 localhost CRON[564548]: (root) CMD (cd / && run-parts --report /etc/cron.hourly)
Oct 30 21:17:01 localhost CRON[564547]: pam_unix(cron:session): session closed for user root
Oct 30 21:17:03 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=77.90.185.110 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=4999 PROTO=TCP SPT=49406 DPT=389 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 30 21:17:24 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=89.248.165.234 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=62693 PROTO=TCP SPT=49800 DPT=9674 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 30 21:17:44 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=222.70.57.0 DST=192.168.1.80 LEN=58 TOS=0x00 PREC=0x00 TTL=117 ID=20304 PROTO=UDP SPT=26316 DPT=54090 LEN=38
Oct 30 21:18:05 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=143.42.205.133 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=65209 PROTO=TCP SPT=60000 DPT=800 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 30 21:18:29 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=89.248.165.234 DST=192.168.1.80 LEN=44 TOS=0x00 PREC=0x00 TTL=243 ID=25611 PROTO=TCP SPT=49800 DPT=9651 WINDOW=1024 RES=0x00 SYN URGP=0
Oct 30 21:18:44 localhost kernel: [UFW BLOCK] IN=eno1 OUT= MAC=d4:5d:64:49:2e:3b:3c:06:a7:45:be:16:08:00 SRC=117.65.234.127 DST=192.168.1.80 LEN=60 TOS=0x00 PREC=0x00 TTL=52 ID=19596 DF PROTO=TCP SPT=43899 DPT=38891 WINDOW=7300 RES=0x00 SYN URGP=0
查看指定服务日志
- 在
/usr/lib/systemd目录下systemd-打头的即服务。
[root@localhost ~]# journalctl /usr/lib/systemd/systemd-logind
Oct 21 21:19:34 localhost systemd-logind[659]: New seat seat0.
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event2 (Power Button)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event1 (Power Button)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event0 (Sleep Button)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event8 (Logitech G903 LIGHTSPEED Wireless Gaming Mouse w/ HERO)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event3 (Usb KeyBoard Usb KeyBoard)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event4 (Usb KeyBoard Usb KeyBoard Consumer Control)
Oct 21 21:19:34 localhost systemd-logind[659]: Watching system buttons on /dev/input/event5 (Usb KeyBoard Usb KeyBoard System Control)
查看指定进程日志
[root@localhost ~]# ps -ef | grep docker
root 294013 1 0 Oct29 ? 00:13:02 /usr/sbin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
[root@localhost ~]# journalctl _PID=294013
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.604753087+08:00" level=info msg="Starting up"
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605832952+08:00" level=info msg="[core] parsed scheme: \"unix\"" module=grpc
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605848372+08:00" level=info msg="[core] scheme \"unix\" not registered, fallback to default scheme" module=grpc
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605871997+08:00" level=info msg="[core] ccResolverWrapper: sending update to cc: {[{unix:///run/containerd/conta>
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605883916+08:00" level=info msg="[core] ClientConn switching balancer to \"pick_first\"" module=grpc
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605891932+08:00" level=info msg="[core] Channel switches to new LB policy \"pick_first\"" module=grpc
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605916666+08:00" level=info msg="[core] Subchannel Connectivity change to CONNECTING" module=grpc
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605940619+08:00" level=info msg="[core] Subchannel picks a new address \"unix:///run/containerd/containerd.sock\>
Oct 29 23:25:45 localhost dockerd[294013]: time="2023-10-29T23:25:45.605963159+08:00" level=info msg="[core] Channel Connectivity change to CONNECTING" module=grpc
查看某个路径的脚本的日志
[root@localhost ~]# journalctl /usr/bin/bash
Oct 21 21:55:44 localhost blkdeactivate[5593]: Deactivating block devices:
Oct 21 21:55:44 localhost blkdeactivate[5593]: [SKIP]: unmount of localhost--vg-swap_1 (dm-1) mounted on [SWAP]
Oct 21 21:55:44 localhost blkdeactivate[5593]: [SKIP]: unmount of localhost--vg-root (dm-0) mounted on /
-- Boot f664eb6353aa45f98e0347f376ef54b7 --
Oct 21 22:00:55 localhost blkdeactivate[2057]: Deactivating block devices:
Oct 21 22:00:55 localhost blkdeactivate[2057]: [SKIP]: unmount of localhost--vg-swap_1 (dm-1) mounted on [SWAP]
Oct 21 22:00:55 localhost blkdeactivate[2057]: [SKIP]: unmount of localhost--vg-root (dm-0) mounted on /
-- Boot bf42901cdb8f465e8b366916c10f1fbb --
查看指定用户的日志
[root@localhost ~]# journalctl UID=1000 --since today
查看某个Unit的日志
[root@localhost ~]# journalctl -u nginx.service
Oct 21 22:42:01 localhost systemd[1]: Starting nginx.service - A high performance web server and a reverse proxy server...
Oct 21 22:42:01 localhost systemd[1]: Started nginx.service - A high performance web server and a reverse proxy server.
Oct 21 23:30:55 localhost systemd[1]: Stopping nginx.service - A high performance web server and a reverse proxy server...
Oct 21 23:30:55 localhost systemd[1]: nginx.service: Deactivated successfully.
Oct 21 23:30:55 localhost systemd[1]: Stopped nginx.service - A high performance web server and a reverse proxy server.
日志正常输出,默认为分页输出
[root@localhost ~]# journalctl --no-pager --since today -n 200
Oct 30 00:00:03 localhost systemd[1]: Starting dpkg-db-backup.service - Daily dpkg database backup service...
Oct 30 00:00:03 localhost systemd[1]: Starting logrotate.service - Rotate log files...
Oct 30 00:00:03 localhost systemd[1]: dpkg-db-backup.service: Deactivated successfully.
Oct 30 00:00:03 localhost systemd[1]: Finished dpkg-db-backup.service - Daily dpkg database backup service.
Oct 30 00:00:03 localhost systemd[1]: Stopping cups-browsed.service - Make remote CUPS printers available locally...
Oct 30 00:00:03 localhost systemd[1]: cups-browsed.service: Deactivated successfully.
Oct 30 00:00:03 localhost systemd[1]: Stopped cups-browsed.service - Make remote CUPS printers available locally.
Oct 30 00:00:03 localhost systemd[1]: Stopping cups.service - CUPS Scheduler...
以JSON格式输出
[root@localhost ~]# journalctl -b -u nginx.service -o json
{"__MONOTONIC_TIMESTAMP":"19240849","CODE_LINE":"581","_COMM":"systemd","TID":"1","_MACHINE_ID":"488a14197f1f48aaaaf23e5d2e2332f1","_SYSTEMD_CGROUP":"/init.scope","__REALTIME_TIMESTA>
{"_EXE":"/usr/lib/systemd/systemd","_SYSTEMD_CGROUP":"/init.scope","_UID":"0","_CAP_EFFECTIVE":"1ffffffffff","TID":"1","__MONOTONIC_TIMESTAMP":"19333651","CODE_LINE":"768","__REALTIM>
# 多行输出,提高可读性
[root@localhost ~]# journalctl -b -u nginx.service -o json-pretty
{
"_UID" : "0",
"INVOCATION_ID" : "393219bc05da474d95c080b5cfc27f4d",
"_SELINUX_CONTEXT" : "unconfined\n",
"PRIORITY" : "6",
"_RUNTIME_SCOPE" : "system",
"_SYSTEMD_SLICE" : "-.slice",
"_MACHINE_ID" : "488a14197f1f48aaaaf23e5d2e2332f1",
"_SYSTEMD_CGROUP" : "/init.scope",
"MESSAGE_ID" : "7d4958e842da4a758f6c1cdc7b36dcc5",
"_HOSTNAME" : "localhost",
"__MONOTONIC_TIMESTAMP" : "19240849",
.......
查看日志占据的硬盘空间
[root@localhost ~]# journalctl --disk-usage
Archived and active journals take up 235.8M in the file system.
指定日志文件的最大大小
[root@localhost ~]# journalctl --vacuum-size=10G
Vacuuming done, freed 0B of archived journals from /var/log/journal.
Vacuuming done, freed 0B of archived journals from /run/log/journal.
Vacuuming done, freed 0B of archived journals from /var/log/journal/488a14197f1f48aaaaf23e5d2e2332f1.
指定日志文件保存多久
[root@localhost ~]# journalctl --vacuum-time=1years
Vacuuming done, freed 0B of archived journals from /var/log/journal.
Vacuuming done, freed 0B of archived journals from /var/log/journal/488a14197f1f48aaaaf23e5d2e2332f1.
Vacuuming done, freed 0B of archived journals from /run/log/journal.
敲黑板!!
以上所有命令都可以组合使用
示例:
[root@localhost ~]# journalctl --since "2023-10-28" --until "2023-10-30" -u nginx.service -p info _COMM=systemd --no-pager --output short-iso
2023-10-28T00:19:45+0800 localhost systemd[1]: Stopping nginx.service - A high performance web server and a reverse proxy server...
2023-10-28T00:19:45+0800 localhost systemd[1]: nginx.service: Deactivated successfully.
2023-10-28T00:19:45+0800 localhost systemd[1]: Stopped nginx.service - A high performance web server and a reverse proxy server.
2万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
