Copyright 2012 Lennart Poettering
systemd is free software; you can redistribute it and/or modify it
- under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 2 of the License, or
+ under the terms of the GNU Lesser General Public License as published by
+ the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU General Public License
+ You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
-->
<refnamediv>
<refname>journalctl</refname>
- <refname>systemd-journalctl</refname>
<refpurpose>Query the systemd journal</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
- <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt">MATCH</arg></command>
+ <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">MATCHES</arg></command>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
- <para><command>journalctl</command> may be
- used to query the contents of the
+ <para><command>journalctl</command> may be used to
+ query the contents of the
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
- journal.</para>
+ journal as written by
+ <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
- <para>If called without parameter will show the full
+ <para>If called without parameter it will show the full
contents of the journal, starting with the oldest
entry collected.</para>
- <para>If a match argument is passed the output is
- filtered accordingly. A match is in the format
- <literal>FIELD=VALUE</literal>,
- e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>.</para>
+ <para>If one or more match arguments are passed the
+ output is filtered accordingly. A match is in the
+ format <literal>FIELD=VALUE</literal>,
+ e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>,
+ referring to the components of a structured journal
+ entry. See
+ <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for a list of well-known fields. If multiple matches
+ are specified matching different fields the log
+ entries are filtered by both, i.e. the resulting output
+ will show only entries matching all the specified
+ matches of this kind. If two matches apply to the same
+ field, then they are automatically matched as
+ alternatives, i.e. the resulting output will show
+ entries matching any of the specified matches for the
+ same field. Finally, if the character
+ "<literal>+</literal>" appears as separate word on the
+ command line all matches before and after are combined
+ in a disjunction (i.e. logical OR).</para>
+
+ <para>As shortcuts for a few types of field/value
+ matches file paths may be specified. If a file path
+ refers to an executable file, this is equivalent to an
+ <literal>_EXE=</literal> match for the canonicalized
+ binary path. Similar, if a path refers to a device
+ node, this is equivalent to a
+ <literal>_KERNEL_DEVICE=</literal> match for the
+ device.</para>
<para>Output is interleaved from all accessible
journal files, whether they are rotated or currently
<varlistentry>
<term><option>--no-pager</option></term>
- <listitem><para>Do not pipe output into a
- pager.</para></listitem>
- </varlistentry>
+
<listitem><para>Do not pipe output into a
+ pager.</para></listitem>
+ </varlistentry>
<varlistentry>
<term><option>--all</option></term>
<term><option>--follow</option></term>
<term><option>-f</option></term>
- <listitem><para>Show only most recent
- journal entries, and continously print
+ <listitem><para>Show only the most recent
+ journal entries, and continuously print
new entries as they are appended to
the journal.</para></listitem>
</varlistentry>
<listitem><para>Controls the number of
journal lines to show, counting from
- the most recent ones. Takes a positive
- integer argument. In follow mode
- defaults to 10, otherwise is unset
- thus not limiting how many lines are
- shown.</para></listitem>
+ the most recent ones. The argument is
+ optional, and if specified is a
+ positive integer. If not specified and
+ in follow mode defaults to 10. If this
+ option is not passed and follow mode
+ is not enabled, how many lines are
+ shown is not
+ limited.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-o</option></term>
<listitem><para>Controls the
- formatting of the journal entries that are
- shown. Takes one of
+ formatting of the journal entries that
+ are shown. Takes one of
<literal>short</literal>,
<literal>short-monotonic</literal>,
<literal>verbose</literal>,
<literal>export</literal>,
<literal>json</literal>,
+ <literal>json-pretty</literal>,
+ <literal>json-sse</literal>,
<literal>cat</literal>. <literal>short</literal>
is the default and generates an output
that is mostly identical to the
is very similar but shows monotonic
timestamps instead of wallclock
timestamps. <literal>verbose</literal>
- shows the full structered entry items
+ shows the full structured entry items
with all
- fiels. <literal>export</literal>
+ fields. <literal>export</literal>
serializes the journal into a binary
(but mostly text-based) stream
suitable for backups and network
- transfer. <literal>json</literal>
+ transfer (see <ulink
+ url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal
+ Export Format</ulink> for more
+ information). <literal>json</literal>
formats entries as JSON data
- structures. <literal>cat</literal>
+ structures, one per
+ line. <literal>json-pretty</literal>
+ also formats entries as JSON data
+ structures, but formats them in
+ multiple lines in order to make them
+ more readable for
+ humans. <literal>json-sse</literal>
+ also formats entries as JSON data
+ structures, but wraps them in a format
+ suitable for <ulink
+ url="https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events">Server-Sent
+ Events</ulink>. <literal>cat</literal>
generates a very terse output only
showing the actual message of each
journal entry with no meta data, not
<term><option>-q</option></term>
<listitem><para>Suppresses any warning
- message regarding inaccessable system
+ message regarding inaccessible system
journals when run as normal
user.</para></listitem>
</varlistentry>
<varlistentry>
- <term><option>--local</option></term>
- <term><option>-l</option></term>
+ <term><option>--merge</option></term>
+ <term><option>-m</option></term>
+
+ <listitem><para>Show entries
+ interleaved from all available
+ journals, including remote
+ ones.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--this-boot</option></term>
+ <term><option>-b</option></term>
+
+ <listitem><para>Show data only from
+ current boot. This will add a match
+ for <literal>_BOOT_ID=</literal> for
+ the current boot ID of the
+ kernel.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--unit=</option></term>
+ <term><option>-u</option></term>
+
+ <listitem><para>Show data only of the
+ specified unit. This will add a match
+ for <literal>_SYSTEMD_UNIT=</literal>
+ for the specified
+ unit.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-p</option></term>
+ <term><option>--priority=</option></term>
+
+ <listitem><para>Filter output by
+ message priorities or priority
+ ranges. Takes either a single numeric
+ or textual log level (i.e. between
+ 0/<literal>emerg</literal> and
+ 7/<literal>debug</literal>), or a
+ range of numeric/text log levels in
+ the form FROM..TO. The log levels are
+ the usual syslog log levels as
+ documented in
+ <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>,
+ i.e. <literal>emerg</literal> (0),
+ <literal>alert</literal> (1),
+ <literal>crit</literal> (2),
+ <literal>err</literal> (3),
+ <literal>warning</literal> (4),
+ <literal>notice</literal> (5),
+ <literal>info</literal> (6),
+ <literal>debug</literal> (7). If a
+ single log level is specified all
+ messages with this log level or a
+ lower (hence more important) log level
+ are shown. If a range is specified all
+ messages within the range are shown,
+ including both the start and the end
+ value of the range. This will add
+ <literal>PRIORITY=</literal> matches
+ for the specified
+ priorities.</para></listitem>
+ </varlistentry>
- <listitem><para>Show only locally
- generated messages.</para></listitem>
+ <varlistentry>
+ <term><option>--cursor=</option></term>
+ <term><option>-c</option></term>
+
+ <listitem><para>Start showing entries
+ from the location in the journal
+ specified by the passed
+ cursor.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--since=</option></term>
+ <term><option>--until=</option></term>
+
+ <listitem><para>Start showing entries
+ on or newer than the specified date,
+ or on or older than the specified
+ date, respectively. Date specifications should be of
+ the format "2012-10-30 18:17:16". If
+ the time part is omitted, 00:00:00 is
+ assumed. If only the seconds component
+ is omitted, :00 is assumed. If the
+ date component is ommitted, the
+ current day is assumed. Alternatively
+ the strings
+ <literal>yesterday</literal>,
+ <literal>today</literal>,
+ <literal>tomorrow</literal> are
+ understood, which refer to 00:00:00 of
+ the day before the current day, the
+ current day, or the day after the
+ current day, respectively. <literal>now</literal>
+ refers to the current time. Finally,
+ relative times may be specified,
+ prefixed with <literal>-</literal> or
+ <literal>+</literal>, referring to
+ times before or after the current
+ time, respectively.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--directory=</option></term>
+ <term><option>-D</option></term>
+
+ <listitem><para>Takes an absolute
+ directory path as argument. If
+ specified journalctl will operate on the
+ specified journal directory instead of
+ the default runtime and system journal
+ paths.</para></listitem>
</varlistentry>
<varlistentry>
similar.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>--header</option></term>
+
+ <listitem><para>Instead of showing
+ journal contents show internal header
+ information of the journal fields
+ accessed.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--disk-usage</option></term>
+
+ <listitem><para>Shows the current disk
+ usage of all
+ journal files.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--setup-keys</option></term>
+
+ <listitem><para>Instead of showing
+ journal contents generate a new key
+ pair for Forward Secure Sealing
+ (FSS). This will generate a sealing
+ key and a verification key. The
+ sealing key is stored in the journal
+ data directory and shall remain on the
+ host. The verification key should be
+ stored externally.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--interval=</option></term>
+
+ <listitem><para>Specifies the change
+ interval for the sealing key, when
+ generating an FSS key pair with
+ <option>--setup-keys</option>. Shorter
+ intervals increase CPU consumption but
+ shorten the time range of
+ undetectable journal
+ alterations. Defaults to
+ 15min.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--verify</option></term>
+
+ <listitem><para>Check the journal file
+ for internal consistency. If the
+ file has been generated with FSS
+ enabled, and the FSS verification key
+ has been specified with
+ <option>--verify-key=</option>
+ authenticity of the journal file is
+ verified.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--verify-key=</option></term>
+
+ <listitem><para>Specifies the FSS
+ verification key to use for the
+ <option>--verify</option>
+ operation.</para></listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
</variablelist>
</refsect1>
+ <refsect1>
+ <title>Examples</title>
+
+ <para>Without arguments all collected logs are shown
+ unfiltered:</para>
+
+ <programlisting>journalctl</programlisting>
+
+ <para>With one match specified all entries with a field matching the expression are shown:</para>
+
+ <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service</programlisting>
+
+ <para>If two different fields are matched only entries matching both expressions at the same time are shown:</para>
+
+ <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting>
+
+ <para>If two matches refer to the same field all entries matching either expression are shown:</para>
+
+ <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting>
+
+ <para>If the separator "<literal>+</literal>" is used
+ two expressions may be combined in a logical OR. The
+ following will show all messages from the Avahi
+ service process with the PID 28097 plus all messages
+ from the D-Bus service (from any of its
+ processes):</para>
+
+ <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting>
+
+ <para>Show all logs generated by the D-Bus executable:</para>
+
+ <programlisting>journalctl /usr/bin/dbus-daemon</programlisting>
+
+ <para>Show all logs of the kernel device node <filename>/dev/sda</filename>:</para>
+
+ <programlisting>journalctl /dev/sda</programlisting>
+
+ </refsect1>
+
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
- <citerefentry><refentrytitle>systemd-journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
+ <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
</para>
</refsect1>
~ianmdlvl / elogind.git / blobdiff