通过journalctl查看日志

# 查看UID为1000的用户今天以来的日志
sudo journalctl _UID=1000 --since today

# 查看1分钟以前的日志
 cqq@snort-ids  ~  sudo journalctl --since "1 min ago"                                                                          [13:18:26]
-- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:18:57 CST. --
424 13:18:19 snort-ids sudo[12664]:      cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/usr/bin/vi /home/cqq/.zshrc
424 13:18:19 snort-ids sudo[12664]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
424 13:18:26 snort-ids sudo[12664]: pam_unix(sudo:session): session closed for user root
424 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
424 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
424 13:18:50 snort-ids systemd[1]: Started Session c12 of user cqq.
424 13:18:50 snort-ids systemd-logind[246]: New session c12 of user cqq.
424 13:18:57 snort-ids sudo[12743]:      cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl --since 1 min ago
424 13:18:57 snort-ids sudo[12743]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)

# 查看某个单元/服务的日志
 cqq@snort-ids  ~  sudo journalctl -u ssh.service --since today                                                                 [13:37:48]
-- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:37:58 CST. --
424 13:06:43 snort-ids sshd[12157]: Accepted password for cqq from 192.168.10.247 port 52067 ssh2
424 13:06:43 snort-ids sshd[12157]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
424 13:18:50 snort-ids sshd[12696]: Accepted password for cqq from 192.168.10.247 port 63715 ssh2
424 13:18:50 snort-ids sshd[12696]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
424 13:28:10 snort-ids sshd[13096]: Accepted password for cqq from 192.168.10.247 port 56326 ssh2
424 13:28:10 snort-ids sshd[13096]: pam_unix(sshd:session): session opened for user cqq by (uid=0)
 cqq@snort-ids  ~  sudo journalctl -u apache2 --since "2015-01-10"                                                              [13:38:49]
-- Logs begin at Fri 2016-11-04 01:16:43 CST, end at Mon 2017-04-24 13:41:03 CST. --
421 18:55:57 snort-ids systemd[1]: Starting The Apache HTTP Server...
421 18:55:59 snort-ids systemd[1]: Started The Apache HTTP Server.
422 01:59:04 snort-ids systemd[1]: Stopping The Apache HTTP Server...
422 01:59:04 snort-ids systemd[1]: Stopped The Apache HTTP Server.
422 01:59:04 snort-ids systemd[1]: Starting The Apache HTTP Server...
422 01:59:05 snort-ids systemd[1]: Started The Apache HTTP Server.
422 06:25:52 snort-ids systemd[1]: Reloading The Apache HTTP Server.
422 06:25:52 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
423 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
423 06:25:34 snort-ids systemd[1]: Reloaded The Apache HTTP Server.
424 06:25:34 snort-ids systemd[1]: Reloading The Apache HTTP Server.
424 06:25:35 snort-ids systemd[1]: Reloaded The Apache HTTP Server.

# 查看实时日志
 cqq@snort-ids  ~  sudo journalctl -f                                                                                           [13:18:51]
[sudo] cqq 的密码:
-- Logs begin at Fri 2016-11-04 01:16:43 CST. --
424 13:23:27 snort-ids sudo[12888]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
424 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session opened for user root by (uid=0)
424 13:25:01 snort-ids CRON[12942]: (root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
424 13:25:01 snort-ids CRON[12935]: pam_unix(cron:session): session closed for user root
424 13:25:10 snort-ids sudo[12888]: pam_unix(sudo:session): session closed for user root
424 13:25:57 snort-ids sudo[12990]:      cqq : TTY=pts/0 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
424 13:25:57 snort-ids sudo[12990]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)
424 13:26:06 snort-ids sudo[12990]: pam_unix(sudo:session): session closed for user root
424 13:26:15 snort-ids sudo[13017]:      cqq : TTY=pts/1 ; PWD=/home/cqq ; USER=root ; COMMAND=/bin/journalctl -f
424 13:26:15 snort-ids sudo[13017]: pam_unix(sudo:session): session opened for user root by cqq(uid=0)

举个栗子。
先查看某个unit/service的状态,发现它failed,然后输出该unit/service的内容(到底写的是什么,错误在哪里),发现错误是因为按照别人教程上写的,没把ruby的路径搞对,然后查看一下这个unit/service的日志,果然是有错的。
这里写图片描述

这里写图片描述

这里写图片描述

  • 1
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值