1 <?xml version='1.0'?> <!--*-nxml-*-->
2 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
3 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
6 This file is part of systemd.
8 Copyright 2012 Lennart Poettering
10 systemd is free software; you can redistribute it and/or modify it
11 under the terms of the GNU Lesser General Public License as published by
12 the Free Software Foundation; either version 2.1 of the License, or
13 (at your option) any later version.
15 systemd is distributed in the hope that it will be useful, but
16 WITHOUT ANY WARRANTY; without even the implied warranty of
17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
18 Lesser General Public License for more details.
20 You should have received a copy of the GNU Lesser General Public License
21 along with systemd; If not, see <http://www.gnu.org/licenses/>.
24 <refentry id="journalctl">
27 <title>journalctl</title>
28 <productname>systemd</productname>
32 <contrib>Developer</contrib>
33 <firstname>Lennart</firstname>
34 <surname>Poettering</surname>
35 <email>lennart@poettering.net</email>
41 <refentrytitle>journalctl</refentrytitle>
42 <manvolnum>1</manvolnum>
46 <refname>journalctl</refname>
47 <refpurpose>Query the systemd journal</refpurpose>
52 <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">MATCHES</arg></command>
57 <title>Description</title>
59 <para><command>journalctl</command> may be used to
60 query the contents of the
61 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
63 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
65 <para>If called without parameter will show the full
66 contents of the journal, starting with the oldest
67 entry collected.</para>
69 <para>If one or more match arguments are passed the
70 output is filtered accordingly. A match is in the
71 format <literal>FIELD=VALUE</literal>,
72 e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>,
73 referring to the components of a structured journal
75 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
76 for a list of well-known fields. If multiple matches
77 are specified matching different fields the log
78 entries are filtered by both, i.e. the resulting output
79 will show only entries matching all the specified
80 matches of this kind. If two matches apply to the same
81 field, then they are automatically matched as
82 alternatives, i.e. the resulting output will show
83 entries matching any of the specified matches for the
84 same field. Finally, if the character
85 "<literal>+</literal>" appears as separate word on the
86 command line all matches before and after are combined
87 in a disjunction (i.e. logical OR).</para>
89 <para>As shortcuts for a few types of field/value
90 matches file paths may be specified. If a file path
91 refers to an executable file, this is equivalent to an
92 <literal>_EXE=</literal> match for the canonicalized
93 binary path. Similar, if a path refers to a device
94 node, this is equivalent to a
95 <literal>_KERNEL_DEVICE=</literal> match for the
98 <para>Output is interleaved from all accessible
99 journal files, whether they are rotated or currently
100 being written, and regardless whether they belong to the
101 system itself or are accessible user journals.</para>
103 <para>All users are granted access to their private
104 per-user journals. However, by default only root and
105 users who are members of the <literal>adm</literal>
106 group get access to the system journal and the
107 journals of other users.</para>
111 <title>Options</title>
113 <para>The following options are understood:</para>
117 <term><option>--help</option></term>
118 <term><option>-h</option></term>
120 <listitem><para>Prints a short help
121 text and exits.</para></listitem>
125 <term><option>--version</option></term>
127 <listitem><para>Prints a short version
128 string and exits.</para></listitem>
132 <term><option>--no-pager</option></term>
134 <listitem><para>Do not pipe output into a
135 pager.</para></listitem>
139 <term><option>--all</option></term>
140 <term><option>-a</option></term>
142 <listitem><para>Show all fields in
143 full, even if they include unprintable
144 characters or are very
145 long.</para></listitem>
149 <term><option>--follow</option></term>
150 <term><option>-f</option></term>
152 <listitem><para>Show only most recent
153 journal entries, and continuously print
154 new entries as they are appended to
155 the journal.</para></listitem>
159 <term><option>--lines=</option></term>
160 <term><option>-n</option></term>
162 <listitem><para>Controls the number of
163 journal lines to show, counting from
164 the most recent ones. Takes a positive
165 integer argument. In follow mode
166 defaults to 10, otherwise is unset
167 thus not limiting how many lines are
168 shown.</para></listitem>
172 <term><option>--no-tail</option></term>
174 <listitem><para>Show all stored output
175 lines, even in follow mode. Undoes the
177 <option>--lines=</option>.</para></listitem>
181 <term><option>--output=</option></term>
182 <term><option>-o</option></term>
184 <listitem><para>Controls the
185 formatting of the journal entries that
186 are shown. Takes one of
187 <literal>short</literal>,
188 <literal>short-monotonic</literal>,
189 <literal>verbose</literal>,
190 <literal>export</literal>,
191 <literal>json</literal>,
192 <literal>json-pretty</literal>,
193 <literal>cat</literal>. <literal>short</literal>
194 is the default and generates an output
195 that is mostly identical to the
196 formatting of classic syslog log
197 files, showing one line per journal
198 entry. <literal>short-monotonic</literal>
199 is very similar but shows monotonic
200 timestamps instead of wallclock
201 timestamps. <literal>verbose</literal>
202 shows the full structured entry items
204 fields. <literal>export</literal>
205 serializes the journal into a binary
206 (but mostly text-based) stream
207 suitable for backups and network
209 url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal
210 Export Format</ulink> for more
211 information). <literal>json</literal>
212 formats entries as JSON data
214 line. <literal>json-pretty</literal>
215 also formats entries as JSON data
216 structures, but formats them in
217 multiple lines in order to make them
219 humans. <literal>cat</literal>
220 generates a very terse output only
221 showing the actual message of each
222 journal entry with no meta data, not
223 even a timestamp.</para></listitem>
227 <term><option>--quiet</option></term>
228 <term><option>-q</option></term>
230 <listitem><para>Suppresses any warning
231 message regarding inaccessible system
232 journals when run as normal
233 user.</para></listitem>
237 <term><option>--local</option></term>
238 <term><option>-l</option></term>
240 <listitem><para>Show only locally
241 generated messages.</para></listitem>
245 <term><option>--this-boot</option></term>
246 <term><option>-b</option></term>
248 <listitem><para>Show data only from
249 current boot.</para></listitem>
253 <term><option>--directory=</option></term>
254 <term><option>-D</option></term>
256 <listitem><para>Takes an absolute
257 directory path as argument. If
258 specified will operate on the
259 specified journal directory instead of
260 the default runtime and system journal
261 paths.</para></listitem>
265 <term><option>-p</option></term>
266 <term><option>--priority=</option></term>
268 <listitem><para>Filter output by
269 message priorities or priority
270 ranges. Takes either a single numeric
271 or textual log level (i.e. between
272 0/<literal>emerg</literal> and
273 7/<literal>debug</literal>), or a
274 range of numeric/text log levels in
275 the form FROM..TO. The log levels are
276 the usual syslog log levels as
278 <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
279 i.e. <literal>emerg</literal> (0),
280 <literal>alert</literal> (1),
281 <literal>crit</literal> (2),
282 <literal>err</literal> (3),
283 <literal>warning</literal> (4),
284 <literal>notice</literal> (5),
285 <literal>info</literal> (6),
286 <literal>debug</literal> (7). If a
287 single log level is specified all
288 messages with this log levels or a
289 lower (hence more important) log level
290 are shown. If a range is specified all
291 messages within the range are shown,
292 including both the start and the end
293 value of the range.</para></listitem>
297 <term><option>--new-id128</option></term>
299 <listitem><para>Instead of showing
300 journal contents generate a new 128
301 bit ID suitable for identifying
302 messages. This is intended for usage
303 by developers who need a new
304 identifier for a new message they
305 introduce and want to make
306 recognizable. Will print the new ID in
307 three different formats which can be
308 copied into source code or
309 similar.</para></listitem>
313 <term><option>--header</option></term>
315 <listitem><para>Instead of showing
316 journal contents show internal header
317 information of the journal fiels
318 accessed.</para></listitem>
322 <term><option>--setup-keys</option></term>
324 <listitem><para>Instead of showing
325 journal contents generate a new key
326 pair for Forward Secure Sealing
327 (FSS). This will generate a sealing
328 key and a verification key. The
329 sealing key is stored in the journal
330 data directory and shall remain on the
331 host. The verification key should be
332 stored externally.</para></listitem>
336 <term><option>--interval=</option></term>
338 <listitem><para>Specifies the change
339 interval for the sealing key, when
340 generating an FSS key pair with
341 <option>--setup-keys</option>. Shorter
342 intervals increase CPU consumption but
343 shorten the time range of
345 alterations. Defaults to
346 15min.</para></listitem>
350 <term><option>--verify</option></term>
352 <listitem><para>Check the journal file
353 for internal consistency. If the
354 file has been generated with FSS
355 enabled, and the FSS verification key
356 has been specified with
357 <option>--verify-key=</option>
358 authenticity of the journal file is
359 verified.</para></listitem>
363 <term><option>--verify-key=</option></term>
365 <listitem><para>Specifies the FSS
366 verification key to use for the
367 <option>--verify</option>
368 operation.</para></listitem>
375 <title>Exit status</title>
377 <para>On success 0 is returned, a non-zero failure
378 code otherwise.</para>
382 <title>Environment</title>
386 <term><varname>$SYSTEMD_PAGER</varname></term>
387 <listitem><para>Pager to use when
388 <option>--no-pager</option> is not given;
389 overrides <varname>$PAGER</varname>. Setting
390 this to an empty string or the value
391 <literal>cat</literal> is equivalent to passing
392 <option>--no-pager</option>.</para></listitem>
398 <title>Examples</title>
400 <para>Without arguments all collected logs are shown
403 <programlisting>journalctl</programlisting>
405 <para>With one match specified all entries with a field matching the expression are shown:</para>
407 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service</programlisting>
409 <para>If two different fields are matched only entries matching both expressions at the same time are shown:</para>
411 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting>
413 <para>If two matches refer to the same field all entries matching either expression are shown:</para>
415 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting>
417 <para>If the separator "<literal>+</literal>" is used
418 two expression may be combined in a logical OR. The
419 following will show all messages from the Avahi
420 service process with the PID 28097 plus all messages
421 from the D-Bus service (from any of its
424 <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting>
426 <para>Show all logs generated by the D-Bus executable:</para>
428 <programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
430 <para>Show all logs of the kernel device node <filename>/dev/sda</filename>:</para>
432 <programlisting>journalctl /dev/sda</programlisting>
437 <title>See Also</title>
439 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
440 <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
441 <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
442 <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
443 <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
~ianmdlvl / elogind.git / blob