1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2012 Lennart Poettering
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="journalctl">
27 <title>journalctl</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>journalctl</refentrytitle>
42 <manvolnum>1</manvolnum>
46 <refname>journalctl</refname>
47 <refpurpose>Query the systemd journal</refpurpose>
52 <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">MATCHES</arg></command>
57 <title>Description</title>
59 <para><command>journalctl</command> may be used to
60 query the contents of the
61 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
63 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
65 <para>If called without parameter will show the full
66 contents of the journal, starting with the oldest
67 entry collected.</para>
69 <para>If one or more match arguments are passed the
70 output is filtered accordingly. A match is in the
71 format <literal>FIELD=VALUE</literal>,
72 e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>,
73 referring to the components of a structured journal
75 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
76 for a list of well-known fields. If multiple matches
77 are specified matching different fields the log
78 entries are filtered by both, i.e. the resulting output
79 will show only entries matching all the specified
80 matches of this kind. If two matches apply to the same
81 field, then they are automatically matched as
82 alternatives, i.e. the resulting output will show
83 entries matching any of the specified matches for the
84 same field. Finally, if the character
85 "<literal>+</literal>" appears as separate word on the
86 command line all matches before and after are combined
87 in a disjunction (i.e. logical OR).</para>
89 <para>As shortcuts for a few types of field/value
90 matches file paths may be specified. If a file path
91 refers to an executable file, this is equivalent to an
92 <literal>_EXE=</literal> match for the canonicalized
93 binary path. Similar, if a path refers to a device
94 node, this is equivalent to a
95 <literal>_KERNEL_DEVICE=</literal> match for the
98 <para>Output is interleaved from all accessible
99 journal files, whether they are rotated or currently
100 being written, and regardless whether they belong to the
101 system itself or are accessible user journals.</para>
103 <para>All users are granted access to their private
104 per-user journals. However, by default only root and
105 users who are members of the <literal>adm</literal>
106 group get access to the system journal and the
107 journals of other users.</para>
111 <title>Options</title>
113 <para>The following options are understood:</para>
117 <term><option>--help</option></term>
118 <term><option>-h</option></term>
120 <listitem><para>Prints a short help
121 text and exits.</para></listitem>
125 <term><option>--version</option></term>
127 <listitem><para>Prints a short version
128 string and exits.</para></listitem>
132 <term><option>--no-pager</option></term>
134 <listitem><para>Do not pipe output into a
135 pager.</para></listitem>
139 <term><option>--all</option></term>
140 <term><option>-a</option></term>
142 <listitem><para>Show all fields in
143 full, even if they include unprintable
144 characters or are very
145 long.</para></listitem>
149 <term><option>--follow</option></term>
150 <term><option>-f</option></term>
152 <listitem><para>Show only most recent
153 journal entries, and continuously print
154 new entries as they are appended to
155 the journal.</para></listitem>
159 <term><option>--lines=</option></term>
160 <term><option>-n</option></term>
162 <listitem><para>Controls the number of
163 journal lines to show, counting from
164 the most recent ones. Takes a positive
165 integer argument. In follow mode
166 defaults to 10, otherwise is unset
167 thus not limiting how many lines are
168 shown.</para></listitem>
172 <term><option>--no-tail</option></term>
174 <listitem><para>Show all stored output
175 lines, even in follow mode. Undoes the
177 <option>--lines=</option>.</para></listitem>
181 <term><option>--output=</option></term>
182 <term><option>-o</option></term>
184 <listitem><para>Controls the
185 formatting of the journal entries that
186 are shown. Takes one of
187 <literal>short</literal>,
188 <literal>short-monotonic</literal>,
189 <literal>verbose</literal>,
190 <literal>export</literal>,
191 <literal>json</literal>,
192 <literal>cat</literal>. <literal>short</literal>
193 is the default and generates an output
194 that is mostly identical to the
195 formatting of classic syslog log
196 files, showing one line per journal
197 entry. <literal>short-monotonic</literal>
198 is very similar but shows monotonic
199 timestamps instead of wallclock
200 timestamps. <literal>verbose</literal>
201 shows the full structured entry items
203 fields. <literal>export</literal>
204 serializes the journal into a binary
205 (but mostly text-based) stream
206 suitable for backups and network
208 url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal
209 Export Format</ulink> for more
210 information). <literal>json</literal>
211 formats entries as JSON data
212 structures. <literal>cat</literal>
213 generates a very terse output only
214 showing the actual message of each
215 journal entry with no meta data, not
216 even a timestamp.</para></listitem>
220 <term><option>--quiet</option></term>
221 <term><option>-q</option></term>
223 <listitem><para>Suppresses any warning
224 message regarding inaccessible system
225 journals when run as normal
226 user.</para></listitem>
230 <term><option>--local</option></term>
231 <term><option>-l</option></term>
233 <listitem><para>Show only locally
234 generated messages.</para></listitem>
238 <term><option>--this-boot</option></term>
239 <term><option>-b</option></term>
241 <listitem><para>Show data only from
242 current boot.</para></listitem>
246 <term><option>--directory=</option></term>
247 <term><option>-D</option></term>
249 <listitem><para>Takes an absolute
250 directory path as argument. If
251 specified will operate on the
252 specified journal directory instead of
253 the default runtime and system journal
254 paths.</para></listitem>
258 <term><option>-p</option></term>
259 <term><option>--priority=</option></term>
261 <listitem><para>Filter output by
262 message priorities or priority
263 ranges. Takes either a single numeric
264 or textual log level (i.e. between
265 0/<literal>emerg</literal> and
266 7/<literal>debug</literal>), or a
267 range of numeric/text log levels in
268 the form FROM..TO. The log levels are
269 the usual syslog log levels as
271 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
272 i.e. <literal>emerg</literal> (0),
273 <literal>alert</literal> (1),
274 <literal>crit</literal> (2),
275 <literal>err</literal> (3),
276 <literal>warning</literal> (4),
277 <literal>notice</literal> (5),
278 <literal>info</literal> (6),
279 <literal>debug</literal> (7). If a
280 single log level is specified all
281 messages with this log levels or a
282 lower (hence more important) log level
283 are shown. If a range is specified all
284 messages within the range are shown,
285 including both the start and the end
286 value of the range.</para></listitem>
290 <term><option>--new-id128</option></term>
292 <listitem><para>Instead of showing
293 journal contents generate a new 128
294 bit ID suitable for identifying
295 messages. This is intended for usage
296 by developers who need a new
297 identifier for a new message they
298 introduce and want to make
299 recognizable. Will print the new ID in
300 three different formats which can be
301 copied into source code or
302 similar.</para></listitem>
306 <term><option>--header</option></term>
308 <listitem><para>Instead of showing
309 journal contents show internal header
310 information of the journal fiels
311 accessed.</para></listitem>
315 <term><option>--setup-keys</option></term>
317 <listitem><para>Instead of showing
318 journal contents generate a new key
319 pair for Forward Secure Sealing
320 (FSS). This will generate a sealing
321 key and a verification key. The
322 sealing key is stored in the journal
323 data directory and shall remain on the
324 host. The verification key should be
325 stored externally.</para></listitem>
329 <term><option>--interval=</option></term>
331 <listitem><para>Specifies the change
332 interval for the sealing key, when
333 generating an FSS key pair with
334 <option>--setup-keys</option>. Shorter
335 intervals increase CPU consumption but
336 shorten the time range of
338 alterations. Defaults to
339 15min.</para></listitem>
343 <term><option>--verify</option></term>
345 <listitem><para>Check the journal file
346 for internal consistency. If the
347 file has been generated with FSS
348 enabled, and the FSS verification key
349 has been specified with
350 <option>--verify-key=</option>
351 authenticity of the journal file is
352 verified.</para></listitem>
356 <term><option>--verify-key=</option></term>
358 <listitem><para>Specifies the FSS
359 verification key to use for the
360 <option>--verify</option>
361 operation.</para></listitem>
368 <title>Exit status</title>
370 <para>On success 0 is returned, a non-zero failure
371 code otherwise.</para>
375 <title>Environment</title>
379 <term><varname>$SYSTEMD_PAGER</varname></term>
380 <listitem><para>Pager to use when
381 <option>--no-pager</option> is not given;
382 overrides <varname>$PAGER</varname>. Setting
383 this to an empty string or the value
384 <literal>cat</literal> is equivalent to passing
385 <option>--no-pager</option>.</para></listitem>
391 <title>Examples</title>
393 <para>Without arguments all collected logs are shown
396 <programlisting>journalctl</programlisting>
398 <para>With one match specified all entries with a field matching the expression are shown:</para>
400 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service</programlisting>
402 <para>If two different fields are matched only entries matching both expressions at the same time are shown:</para>
404 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting>
406 <para>If two matches refer to the same field all entries matching either expression are shown:</para>
408 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting>
410 <para>If the separator "<literal>+</literal>" is used
411 two expression may be combined in a logical OR. The
412 following will show all messages from the Avahi
413 service process with the PID 28097 plus all messages
414 from the D-Bus service (from any of its
417 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting>
419 <para>Show all logs generated by the D-Bus executable:</para>
421 <programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
423 <para>Show all logs of the kernel device node <filename>/dev/sda</filename>:</para>
425 <programlisting>journalctl /dev/sda</programlisting>
430 <title>See Also</title>
432 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
433 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
434 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
435 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
436 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob