1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2012 Lennart Poettering
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="journalctl">
27 <title>journalctl</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>journalctl</refentrytitle>
42 <manvolnum>1</manvolnum>
46 <refname>journalctl</refname>
47 <refpurpose>Query the systemd journal</refpurpose>
52 <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">MATCHES</arg></command>
57 <title>Description</title>
59 <para><command>journalctl</command> may be used to
60 query the contents of the
61 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
63 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
65 <para>If called without parameter it will show the full
66 contents of the journal, starting with the oldest
67 entry collected.</para>
69 <para>If one or more match arguments are passed the
70 output is filtered accordingly. A match is in the
71 format <literal>FIELD=VALUE</literal>,
72 e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>,
73 referring to the components of a structured journal
75 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
76 for a list of well-known fields. If multiple matches
77 are specified matching different fields the log
78 entries are filtered by both, i.e. the resulting output
79 will show only entries matching all the specified
80 matches of this kind. If two matches apply to the same
81 field, then they are automatically matched as
82 alternatives, i.e. the resulting output will show
83 entries matching any of the specified matches for the
84 same field. Finally, if the character
85 "<literal>+</literal>" appears as separate word on the
86 command line all matches before and after are combined
87 in a disjunction (i.e. logical OR).</para>
89 <para>As shortcuts for a few types of field/value
90 matches file paths may be specified. If a file path
91 refers to an executable file, this is equivalent to an
92 <literal>_EXE=</literal> match for the canonicalized
93 binary path. Similar, if a path refers to a device
94 node, this is equivalent to a
95 <literal>_KERNEL_DEVICE=</literal> match for the
98 <para>Output is interleaved from all accessible
99 journal files, whether they are rotated or currently
100 being written, and regardless whether they belong to the
101 system itself or are accessible user journals.</para>
103 <para>All users are granted access to their private
104 per-user journals. However, by default only root and
105 users who are members of the <literal>adm</literal>
106 group get access to the system journal and the
107 journals of other users.</para>
111 <title>Options</title>
113 <para>The following options are understood:</para>
117 <term><option>--help</option></term>
118 <term><option>-h</option></term>
120 <listitem><para>Prints a short help
121 text and exits.</para></listitem>
125 <term><option>--version</option></term>
127 <listitem><para>Prints a short version
128 string and exits.</para></listitem>
132 <term><option>--no-pager</option></term>
134 <listitem><para>Do not pipe output into a
135 pager.</para></listitem>
139 <term><option>--all</option></term>
140 <term><option>-a</option></term>
142 <listitem><para>Show all fields in
143 full, even if they include unprintable
144 characters or are very
145 long.</para></listitem>
149 <term><option>--follow</option></term>
150 <term><option>-f</option></term>
152 <listitem><para>Show only the most recent
153 journal entries, and continuously print
154 new entries as they are appended to
155 the journal.</para></listitem>
159 <term><option>--lines=</option></term>
160 <term><option>-n</option></term>
162 <listitem><para>Controls the number of
163 journal lines to show, counting from
164 the most recent ones. The argument is
165 optional, and if specified is a
166 positive integer. If not specified and
167 in follow mode defaults to 10. If this
168 option is not passed and follow mode
169 is not enabled, how many lines are
171 limited.</para></listitem>
175 <term><option>--no-tail</option></term>
177 <listitem><para>Show all stored output
178 lines, even in follow mode. Undoes the
180 <option>--lines=</option>.</para></listitem>
184 <term><option>--output=</option></term>
185 <term><option>-o</option></term>
187 <listitem><para>Controls the
188 formatting of the journal entries that
189 are shown. Takes one of
190 <literal>short</literal>,
191 <literal>short-monotonic</literal>,
192 <literal>verbose</literal>,
193 <literal>export</literal>,
194 <literal>json</literal>,
195 <literal>json-pretty</literal>,
196 <literal>json-sse</literal>,
197 <literal>cat</literal>. <literal>short</literal>
198 is the default and generates an output
199 that is mostly identical to the
200 formatting of classic syslog log
201 files, showing one line per journal
202 entry. <literal>short-monotonic</literal>
203 is very similar but shows monotonic
204 timestamps instead of wallclock
205 timestamps. <literal>verbose</literal>
206 shows the full structured entry items
208 fields. <literal>export</literal>
209 serializes the journal into a binary
210 (but mostly text-based) stream
211 suitable for backups and network
213 url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal
214 Export Format</ulink> for more
215 information). <literal>json</literal>
216 formats entries as JSON data
218 line. <literal>json-pretty</literal>
219 also formats entries as JSON data
220 structures, but formats them in
221 multiple lines in order to make them
223 humans. <literal>json-sse</literal>
224 also formats entries as JSON data
225 structures, but wraps them in a format
227 url="https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events">Server-Sent
228 Events</ulink>. <literal>cat</literal>
229 generates a very terse output only
230 showing the actual message of each
231 journal entry with no meta data, not
232 even a timestamp.</para></listitem>
236 <term><option>--quiet</option></term>
237 <term><option>-q</option></term>
239 <listitem><para>Suppresses any warning
240 message regarding inaccessible system
241 journals when run as normal
242 user.</para></listitem>
246 <term><option>--merge</option></term>
247 <term><option>-m</option></term>
249 <listitem><para>Show entries
250 interleaved from all available
251 journals, including remote
252 ones.</para></listitem>
256 <term><option>--this-boot</option></term>
257 <term><option>-b</option></term>
259 <listitem><para>Show data only from
260 current boot.</para></listitem>
264 <term><option>--cursor=</option></term>
265 <term><option>-c</option></term>
267 <listitem><para>Jump to the location
268 in the journal specified by the passed
269 cursor.</para></listitem>
273 <term><option>--directory=</option></term>
274 <term><option>-D</option></term>
276 <listitem><para>Takes an absolute
277 directory path as argument. If
278 specified journalctl will operate on the
279 specified journal directory instead of
280 the default runtime and system journal
281 paths.</para></listitem>
285 <term><option>-p</option></term>
286 <term><option>--priority=</option></term>
288 <listitem><para>Filter output by
289 message priorities or priority
290 ranges. Takes either a single numeric
291 or textual log level (i.e. between
292 0/<literal>emerg</literal> and
293 7/<literal>debug</literal>), or a
294 range of numeric/text log levels in
295 the form FROM..TO. The log levels are
296 the usual syslog log levels as
298 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
299 i.e. <literal>emerg</literal> (0),
300 <literal>alert</literal> (1),
301 <literal>crit</literal> (2),
302 <literal>err</literal> (3),
303 <literal>warning</literal> (4),
304 <literal>notice</literal> (5),
305 <literal>info</literal> (6),
306 <literal>debug</literal> (7). If a
307 single log level is specified all
308 messages with this log level or a
309 lower (hence more important) log level
310 are shown. If a range is specified all
311 messages within the range are shown,
312 including both the start and the end
313 value of the range.</para></listitem>
317 <term><option>--new-id128</option></term>
319 <listitem><para>Instead of showing
320 journal contents generate a new 128
321 bit ID suitable for identifying
322 messages. This is intended for usage
323 by developers who need a new
324 identifier for a new message they
325 introduce and want to make
326 recognizable. Will print the new ID in
327 three different formats which can be
328 copied into source code or
329 similar.</para></listitem>
333 <term><option>--header</option></term>
335 <listitem><para>Instead of showing
336 journal contents show internal header
337 information of the journal fields
338 accessed.</para></listitem>
342 <term><option>--disk-usage</option></term>
344 <listitem><para>Shows the current disk
346 journal files.</para></listitem>
350 <term><option>--setup-keys</option></term>
352 <listitem><para>Instead of showing
353 journal contents generate a new key
354 pair for Forward Secure Sealing
355 (FSS). This will generate a sealing
356 key and a verification key. The
357 sealing key is stored in the journal
358 data directory and shall remain on the
359 host. The verification key should be
360 stored externally.</para></listitem>
364 <term><option>--interval=</option></term>
366 <listitem><para>Specifies the change
367 interval for the sealing key, when
368 generating an FSS key pair with
369 <option>--setup-keys</option>. Shorter
370 intervals increase CPU consumption but
371 shorten the time range of
373 alterations. Defaults to
374 15min.</para></listitem>
378 <term><option>--verify</option></term>
380 <listitem><para>Check the journal file
381 for internal consistency. If the
382 file has been generated with FSS
383 enabled, and the FSS verification key
384 has been specified with
385 <option>--verify-key=</option>
386 authenticity of the journal file is
387 verified.</para></listitem>
391 <term><option>--verify-key=</option></term>
393 <listitem><para>Specifies the FSS
394 verification key to use for the
395 <option>--verify</option>
396 operation.</para></listitem>
403 <title>Exit status</title>
405 <para>On success 0 is returned, a non-zero failure
406 code otherwise.</para>
410 <title>Environment</title>
414 <term><varname>$SYSTEMD_PAGER</varname></term>
415 <listitem><para>Pager to use when
416 <option>--no-pager</option> is not given;
417 overrides <varname>$PAGER</varname>. Setting
418 this to an empty string or the value
419 <literal>cat</literal> is equivalent to passing
420 <option>--no-pager</option>.</para></listitem>
426 <title>Examples</title>
428 <para>Without arguments all collected logs are shown
431 <programlisting>journalctl</programlisting>
433 <para>With one match specified all entries with a field matching the expression are shown:</para>
435 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service</programlisting>
437 <para>If two different fields are matched only entries matching both expressions at the same time are shown:</para>
439 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting>
441 <para>If two matches refer to the same field all entries matching either expression are shown:</para>
443 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting>
445 <para>If the separator "<literal>+</literal>" is used
446 two expressions may be combined in a logical OR. The
447 following will show all messages from the Avahi
448 service process with the PID 28097 plus all messages
449 from the D-Bus service (from any of its
452 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting>
454 <para>Show all logs generated by the D-Bus executable:</para>
456 <programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
458 <para>Show all logs of the kernel device node <filename>/dev/sda</filename>:</para>
460 <programlisting>journalctl /dev/sda</programlisting>
465 <title>See Also</title>
467 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
468 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
469 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
470 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
471 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob