journalctl viser dine logfiler i et format, der ligner det traditionelle syslog-format. Hver linje starter med datoen (i serverens lokale tid), efterfulgt af serverens værtsnavn, procesnavnet og meddelelsen til loggen.
$ journalctl -r
For at se logs fra en bestemt service skal du bruge -u parameteren. Her viser vi logs fra ssh. Med den nyeste logs først.
$ journalctl -r -u ssh
For at se logs efter en bestemt dato skal du bruge –since parameteren.
Det format du skal bruge er YYYY-MM-DD HH:MM:SS
$ journalctl --since "2020-01-01 14:00:00"
Du kan også få vist logs indtil en dato.
$ journalctl --until "2020-01-01 14:00:00"
For at se boot logs bruger du parameteren -b
$ journalctl -b
Sep 05 08:56:59 server kernel: microcode: microcode updated early to revision 0x1d, date = 2018-05-11 Sep 05 08:56:59 server kernel: Linux version 4.15.0-60-generic (buildd@lgw01-amd64-030) (gcc version 7.4.0 (Ubuntu 7.4.0-1ubuntu1~18.04 Sep 05 08:56:59 server kernel: Command line: BOOT_IMAGE=/vmlinuz-4.15.0-60-generic root=UUID=c9d9e11a-28ba-4453-8751-6e3948eda9e5 ro Sep 05 08:56:59 server kernel: KERNEL supported cpus: Sep 05 08:56:59 server kernel: Intel GenuineIntel Sep 05 08:56:59 server kernel: AMD AuthenticAMD Sep 05 08:56:59 server kernel: Centaur CentaurHauls Sep 05 08:56:59 server kernel: x86/fpu: x87 FPU will use FXSAVE Sep 05 08:56:59 server kernel: e820: BIOS-provided physical RAM map: Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009e3ff] usable Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x000000000009e400-0x000000000009ffff] reserved Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000000e4c00-0x00000000000fffff] reserved Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000bf77ffff] usable Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000bf780000-0x00000000bf797fff] ACPI data Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000bf798000-0x00000000bf7dbfff] ACPI NVS Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000bf7dc000-0x00000000bfffffff] reserved Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x00000000ffe00000-0x00000000ffffffff] reserved Sep 05 08:56:59 server kernel: BIOS-e820: [mem 0x0000000100000000-0x000000043fffffff] usable Sep 05 08:56:59 server kernel: NX (Execute Disable) protection: active Sep 05 08:56:59 server kernel: SMBIOS 2.5 present. Sep 05 08:56:59 server kernel: DMI: System manufacturer System Product Name/P6X58D-E, BIOS 0701 05/10/2011 Sep 05 08:56:59 server kernel: e820: update [mem 0x00000000-0x00000fff] usable ==> reserved Sep 05 08:56:59 server kernel: e820: remove [mem 0x000a0000-0x000fffff] usable Sep 05 08:56:59 server kernel: e820: last_pfn = 0x440000 max_arch_pfn = 0x400000000 Sep 05 08:56:59 server kernel: MTRR default type: uncachable Sep 05 08:56:59 server kernel: MTRR fixed ranges enabled:
For at se kernel logs bruger du som du nok har gættet -k for kernel.
$ journalctl -k
