Linux Commands

How to Use Linux Journalctl Command?

4 years ago
by Syeda Wardah Batool
Linux-based systems provide multiple tools that help record and analyze system logs. Just like the “systemd”, which is a powerful tool used to collect logs from the sources in a binary format and allows the user to get the logs using command-line.

The logs we discussed in the above section are the “Journal logs”.

The “Journald” is a system program from the systemd tool that collects data from multiple logs in a binary format. It works the same way as syslog but gives a more efficient way to manage logs.

The Linux system has an effective tool termed “journalctl” that helps the user read and communicate with the “journal logs”. This utility is a standard way to display log messages provided by journald and monitor them.

The syntax of the “journalctl” command is:

journalctl [options…] [matches…]

How to Use “journalctl” Command?

Execute the “journalctl” command without any argument in a command-line to display all records of journal logs from the oldest entries:

$ sudo journalctl

The displayed output is listed in less which means you can use directional keys to search and read log entries.

How to Use “journalctl” Command Options?

The “journalctl” command has several options to display journal logs. These are:

Use the “–no-page” to get logs in the terminal instead of to show with “less” features:

$ sudo journalctl --no-page

It will display the following result:

To display all log fields whether they are unprintable, use the “–all” option in the command-line prompt:

$ sudo journalctl --all

To limit the output lines of journalctl log, run the “-n” flag with the number of lines you want to display:

$ sudo journalctl –n 15

Run the “-f” flag to display the journal log in real-time:

$ sudo journalctl –f

To display the record of kernel logs, execute the “-k” flag:

$ sudo journalctl -k

To display the list of boot sessions that include the boot time, run the “–list-boot” option of the “journalctl” command:

$ sudo journalctl --list-boot

Whenever you run the “journalctl” command, it will display the journal logs in local time by default, but if you want to specify the logs in UTC, do it through the given command:

$ sudo journalctl --utc

The “journalctl” command allows the user to get the record of logs of a certain period.

For example, to get the log record of yesterday, type:

$ sudo journalctl --since “yesterday”

Or if you want to check the record of the last 2 hours, use:

$ sudo journalctl --since2 hours ago”

The “-r” or “–reverse” option is used to display the logs with the newest entries first in command-line:

$ sudo journalctl –r

Execute the “-q” or “–quiet” option if you don’t want to display an irrelevant message like warning or info:

$ sudo journalctl --quiet

To display the help message of the “journalctl” command and all of its options, use the “–help” option:

$ sudo journalctl –-help

Check the version of the “journalctl” command using the “–version” option:

$ journalctl –-version

Conclusion:

In this brief tutorial, we have seen how the “journalctl” command and its options work. The “journalctl” command is a command-line utility used to display the record of journal logs. The Journal logs are recorded in a binary format that can be accessed anytime. Using the “journalctl” command, one can manage and analyze the record of all logs.

About the author

Syeda Wardah Batool

I am a Software Engineer Graduate and Self Motivated Linux writer. I also love to read latest Linux books. Moreover, in my free time, i love to read books on Personal development.

View all posts