Journalctl

At my professional position, using journalctl has become a part of my life, and for the most part it took so long because I didn’t know how easy it was to use journalctl.

Journalctl is a logging platform for systemd services. Old timers may be opposed to it because it handles logging in its own ecosystem. In some ways, that’s easier, and journalctl has a bunch of built in nuances to make your life easier. In some ways, personal processes dealing with logging may have to be altered.

Basic Usage

I use journalctl to follow logs quickly and easily from custom services.

My basic copy and paste command looks like this: journalctl -f -n80 -u <SERVICE> -u will designate the service you want to view logs for.

-f is important as it will follow the log. Any new entries will be shown, and the terminal will scroll appropriately.

-n is more optional, but provides you the number of rows to show on the terminal.

Advanced Usage

Time Frame

-S yesterday --since yesterday

-U yesterday --until yesterday

JSON

--output=json

Old Syslog Format

--output=short

Other Options

journalctl --since "2 days ago"  
journalctl --since "today"
journalctl --since "yesterday --until "today" 
journalctl --since "2019-03-10" --until "2019-03-11 03:00"
journalctl -b # last boot 
journalctl -k # kernel messages
journalctl -p er # by priority (emerg|alert|crit|err|warning|info|debug)
journalctl -u sshd # by unit 
journalctl _UID=1000 # by user id

Benefits

A few of the perks I find with journalctl

  • integrated with systemd
  • use with handy single line commands
  • log rotation

Negatives

I tried using a systemd service that would start every 5 seconds, check wifi, and quit. I wanted to simply use journalctl to log the output. It worked, for the most part. The output was logged, but the format wasn’t ideal. The act of starting and stopping the service was also logged, which for this instance, defeated the purpose.

There may be a way that I am unaware of to prevent this, but as I dug deeper, it looked like I would need to make this whole thing a lot more messy to clean up the logs.

My solution was to make the service a daemon. I wrapped the wifi check in a while loop, and ran it every X number of seconds. The log cleaned up, but now the service is always running. Its a trade off I’m willing to accept.

Export Logs

sudo journalctl -u NetworkManager -S yesterday > NetworkManager_logs_1day.txt