Evaluate systemd logs using journalctl
Finely Filtered

© Lead Image © Juergen Priewe, 123RF.com
The journal is the systemd component responsible for viewing and managing logfiles.
The systemd service journald creates very comprehensive logs, which allow you to analyze data in a variety of ways. Once you get used to the convenience this affords, you won't even miss the old-style logfiles.
Better structured
The journald daemon collects messages from the kernel, initrd, any running services and other available sources and collects them into one place. This results in a massive amount of data compared to the logfiles you're traditionally used to such as /var/log/messages or /var/log/syslog. You'll also find a huge amount of metadata is included, which can significantly improve your results when searching the journal.
This also results in a larger amount of data which is tricky to store in traditional text files. This is why the journald daemon stores this information in binary files. You can read this data, using the command journalctl
. If necessary, you can also convert the binary files to other formats for further analysis.
[...]