Evaluate systemd logs using journalctl
Early and Often
The journald daemon not only records much more data than other logging mechanisms, but actually starts up much earlier in the boot process than was previously possible. This is a huge help when narrowing down system startup problems. Readers who remember the number of photos taken of systems not booting because of a kernel panic or other boot issues on support forums will no doubt relate. Thanks to systemd this is a thing of the past.
Systems using SysVinit [2] do not store messages from the initial stages of the boot process, as the root file system has not yet been mounted as a writable medium. However, systems using systemd create a socket [3] at run time, from which collected messages can be read. The journal, therefore, offers some significant advantages, despite creating numerous binary files.
Status and verification
Your operating system contains a journal for each user as well as one for the system itself. If a user belongs to the group systemd-journal, they can access the journal and view all the data without running as root. Before you dive in and view all the data available, you may want to master a few basic but important commands.
View the current status of the journal daemon using Systemctl (Listing 1). Use journalctl --disk-usage
to check the current journal size and journalctl - verify
to test the integrity of your data (Listing 2).
Listing 1
Viewing the Current Status of the Journal Daemon
Listing 2
Checking the Size and Integrity of Journal Data
To see whether your log is recording the correct time, run timedatectl status
. This command lets you check that your time zone corresponds to your location (Listing 3). The top line should show the current time. If you're running the computer in a new time zone use timedatectl set-timezone <zone>
to adjust.
Listing 3
Checking Local Time
In theory, you can display any data from the journal using the journalctl
command. By default the terminal pager program less is used to display data. It allows you to scroll back and forth through the log. Most importantly, you can use it from your regular user account without root privileges. When you've finished examining the binary files, return to the command prompt by pressing Q.
The whole story
You can display the complete journal output by running the command journalctl
without any additional options. This will show all saved logs subject to any file size limitations and the time since your last reboot.
Each time you restart the computer, the program will insert the line – Reboot – to break up the information. This not only makes the logs easier on the eye, but is useful to determine how long an error has been occurring. Use journalctl -p err
to limit the output if necessary. This option will display only ERROR log levels from the journal.
Normally you'll most probably want to focus on issues occurring at a certain time or filter results. For instance, you can use journalctl -b
to show all logs since the last boot. If you're interested in logfiles from the last boot but one, run journalctl -b -1
. Use journalctl --list-boots
to display all boot events saved in the journal (Listing 4). Use the value from the first column of the output to display information on a specific boot e.g. journalctl -b -0
Listing 4
Displaying All Boot Events Saved in the Journal
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
OSJH and LPI Release 2024 Open Source Pros Job Survey Results
See what open source professionals look for in a new role.
-
Proton 9.0-1 Released to Improve Gaming with Steam
The latest release of Proton 9 adds several improvements and fixes an issue that has been problematic for Linux users.
-
So Long Neofetch and Thanks for the Info
Today is a day that every Linux user who enjoys bragging about their system(s) will mourn, as Neofetch has come to an end.
-
Ubuntu 24.04 Comes with a “Flaw"
If you're thinking you might want to upgrade from your current Ubuntu release to the latest, there's something you might want to consider before doing so.
-
Canonical Releases Ubuntu 24.04
After a brief pause because of the XZ vulnerability, Ubuntu 24.04 is now available for install.
-
Linux Servers Targeted by Akira Ransomware
A group of bad actors who have already extorted $42 million have their sights set on the Linux platform.
-
TUXEDO Computers Unveils Linux Laptop Featuring AMD Ryzen CPU
This latest release is the first laptop to include the new CPU from Ryzen and Linux preinstalled.
-
XZ Gets the All-Clear
The back door xz vulnerability has been officially reverted for Fedora 40 and versions 38 and 39 were never affected.
-
Canonical Collaborates with Qualcomm on New Venture
This new joint effort is geared toward bringing Ubuntu and Ubuntu Core to Qualcomm-powered devices.
-
Kodi 21.0 Open-Source Entertainment Hub Released
After a year of development, the award-winning Kodi cross-platform, media center software is now available with many new additions and improvements.