| <?xml version='1.0'?> <!--*-nxml-*--> |
| <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" |
| "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> |
| |
| <!-- |
| This file is part of systemd. |
| |
| Copyright 2012 Lennart Poettering |
| |
| systemd is free software; you can redistribute it and/or modify it |
| under the terms of the GNU Lesser General Public License as published by |
| the Free Software Foundation; either version 2.1 of the License, or |
| (at your option) any later version. |
| |
| systemd is distributed in the hope that it will be useful, but |
| WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public License |
| along with systemd; If not, see <http://www.gnu.org/licenses/>. |
| --> |
| |
| <refentry id="journalctl"> |
| |
| <refentryinfo> |
| <title>journalctl</title> |
| <productname>systemd</productname> |
| |
| <authorgroup> |
| <author> |
| <contrib>Developer</contrib> |
| <firstname>Lennart</firstname> |
| <surname>Poettering</surname> |
| <email>lennart@poettering.net</email> |
| </author> |
| </authorgroup> |
| </refentryinfo> |
| |
| <refmeta> |
| <refentrytitle>journalctl</refentrytitle> |
| <manvolnum>1</manvolnum> |
| </refmeta> |
| |
| <refnamediv> |
| <refname>journalctl</refname> |
| <refpurpose>Query the systemd journal</refpurpose> |
| </refnamediv> |
| |
| <refsynopsisdiv> |
| <cmdsynopsis> |
| <command>journalctl <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="opt" rep="repeat">MATCHES</arg></command> |
| </cmdsynopsis> |
| </refsynopsisdiv> |
| |
| <refsect1> |
| <title>Description</title> |
| |
| <para><command>journalctl</command> may be used to |
| query the contents of the |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> |
| journal as written by |
| <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> |
| |
| <para>If called without parameter it will show the full |
| contents of the journal, starting with the oldest |
| entry collected.</para> |
| |
| <para>If one or more match arguments are passed the |
| output is filtered accordingly. A match is in the |
| format <literal>FIELD=VALUE</literal>, |
| e.g. <literal>_SYSTEMD_UNIT=httpd.service</literal>, |
| referring to the components of a structured journal |
| entry. See |
| <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry> |
| for a list of well-known fields. If multiple matches |
| are specified matching different fields the log |
| entries are filtered by both, i.e. the resulting output |
| will show only entries matching all the specified |
| matches of this kind. If two matches apply to the same |
| field, then they are automatically matched as |
| alternatives, i.e. the resulting output will show |
| entries matching any of the specified matches for the |
| same field. Finally, if the character |
| "<literal>+</literal>" appears as separate word on the |
| command line all matches before and after are combined |
| in a disjunction (i.e. logical OR).</para> |
| |
| <para>As shortcuts for a few types of field/value |
| matches file paths may be specified. If a file path |
| refers to an executable file, this is equivalent to an |
| <literal>_EXE=</literal> match for the canonicalized |
| binary path. Similar, if a path refers to a device |
| node, this is equivalent to a |
| <literal>_KERNEL_DEVICE=</literal> match for the |
| device.</para> |
| |
| <para>Output is interleaved from all accessible |
| journal files, whether they are rotated or currently |
| being written, and regardless whether they belong to the |
| system itself or are accessible user journals.</para> |
| |
| <para>All users are granted access to their private |
| per-user journals. However, by default only root and |
| users who are members of the <literal>adm</literal> |
| group get access to the system journal and the |
| journals of other users.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Options</title> |
| |
| <para>The following options are understood:</para> |
| |
| <variablelist> |
| <varlistentry> |
| <term><option>--help</option></term> |
| <term><option>-h</option></term> |
| |
| <listitem><para>Prints a short help |
| text and exits.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--version</option></term> |
| |
| <listitem><para>Prints a short version |
| string and exits.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--no-pager</option></term> |
| |
| <listitem><para>Do not pipe output into a |
| pager.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--all</option></term> |
| <term><option>-a</option></term> |
| |
| <listitem><para>Show all fields in |
| full, even if they include unprintable |
| characters or are very |
| long.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--follow</option></term> |
| <term><option>-f</option></term> |
| |
| <listitem><para>Show only the most recent |
| journal entries, and continuously print |
| new entries as they are appended to |
| the journal.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--lines=</option></term> |
| <term><option>-n</option></term> |
| |
| <listitem><para>Controls the number of |
| journal lines to show, counting from |
| the most recent ones. The argument is |
| optional, and if specified is a |
| positive integer. If not specified and |
| in follow mode defaults to 10. If this |
| option is not passed and follow mode |
| is not enabled, how many lines are |
| shown is not |
| limited.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--no-tail</option></term> |
| |
| <listitem><para>Show all stored output |
| lines, even in follow mode. Undoes the |
| effect of |
| <option>--lines=</option>.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--output=</option></term> |
| <term><option>-o</option></term> |
| |
| <listitem><para>Controls the |
| formatting of the journal entries that |
| are shown. Takes one of |
| <literal>short</literal>, |
| <literal>short-monotonic</literal>, |
| <literal>verbose</literal>, |
| <literal>export</literal>, |
| <literal>json</literal>, |
| <literal>json-pretty</literal>, |
| <literal>json-sse</literal>, |
| <literal>cat</literal>. <literal>short</literal> |
| is the default and generates an output |
| that is mostly identical to the |
| formatting of classic syslog log |
| files, showing one line per journal |
| entry. <literal>short-monotonic</literal> |
| is very similar but shows monotonic |
| timestamps instead of wallclock |
| timestamps. <literal>verbose</literal> |
| shows the full structured entry items |
| with all |
| fields. <literal>export</literal> |
| serializes the journal into a binary |
| (but mostly text-based) stream |
| suitable for backups and network |
| transfer (see <ulink |
| url="http://www.freedesktop.org/wiki/Software/systemd/export">Journal |
| Export Format</ulink> for more |
| information). <literal>json</literal> |
| formats entries as JSON data |
| structures, one per |
| line. <literal>json-pretty</literal> |
| also formats entries as JSON data |
| structures, but formats them in |
| multiple lines in order to make them |
| more readable for |
| humans. <literal>json-sse</literal> |
| also formats entries as JSON data |
| structures, but wraps them in a format |
| suitable for <ulink |
| url="https://developer.mozilla.org/en-US/docs/Server-sent_events/Using_server-sent_events">Server-Sent |
| Events</ulink>. <literal>cat</literal> |
| generates a very terse output only |
| showing the actual message of each |
| journal entry with no meta data, not |
| even a timestamp.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--quiet</option></term> |
| <term><option>-q</option></term> |
| |
| <listitem><para>Suppresses any warning |
| message regarding inaccessible system |
| journals when run as normal |
| user.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--merge</option></term> |
| <term><option>-m</option></term> |
| |
| <listitem><para>Show entries |
| interleaved from all available |
| journals, including remote |
| ones.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--this-boot</option></term> |
| <term><option>-b</option></term> |
| |
| <listitem><para>Show data only from |
| current boot. This will add a match |
| for <literal>_BOOT_ID=</literal> for |
| the current boot ID of the |
| kernel.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--unit=</option></term> |
| <term><option>-u</option></term> |
| |
| <listitem><para>Show data only of the |
| specified unit. This will add a match |
| for <literal>_SYSTEMD_UNIT=</literal> |
| for the specified |
| unit.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>-p</option></term> |
| <term><option>--priority=</option></term> |
| |
| <listitem><para>Filter output by |
| message priorities or priority |
| ranges. Takes either a single numeric |
| or textual log level (i.e. between |
| 0/<literal>emerg</literal> and |
| 7/<literal>debug</literal>), or a |
| range of numeric/text log levels in |
| the form FROM..TO. The log levels are |
| the usual syslog log levels as |
| documented in |
| <citerefentry><refentrytitle>syslog</refentrytitle><manvolnum>3</manvolnum></citerefentry>, |
| i.e. <literal>emerg</literal> (0), |
| <literal>alert</literal> (1), |
| <literal>crit</literal> (2), |
| <literal>err</literal> (3), |
| <literal>warning</literal> (4), |
| <literal>notice</literal> (5), |
| <literal>info</literal> (6), |
| <literal>debug</literal> (7). If a |
| single log level is specified all |
| messages with this log level or a |
| lower (hence more important) log level |
| are shown. If a range is specified all |
| messages within the range are shown, |
| including both the start and the end |
| value of the range. This will add |
| <literal>PRIORITY=</literal> matches |
| for the specified |
| priorities.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--cursor=</option></term> |
| <term><option>-c</option></term> |
| |
| <listitem><para>Start showing entries |
| from the location in the journal |
| specified by the passed |
| cursor.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--since=</option></term> |
| <term><option>--until=</option></term> |
| |
| <listitem><para>Start showing entries |
| on or newer than the specified date, |
| or on or older than the specified |
| date, respectively. Date specifications should be of |
| the format "2012-10-30 18:17:16". If |
| the time part is omitted, 00:00:00 is |
| assumed. If only the seconds component |
| is omitted, :00 is assumed. If the |
| date component is ommitted, the |
| current day is assumed. Alternatively |
| the strings |
| <literal>yesterday</literal>, |
| <literal>today</literal>, |
| <literal>tomorrow</literal> are |
| understood, which refer to 00:00:00 of |
| the day before the current day, the |
| current day, or the day after the |
| current day, respectively. <literal>now</literal> |
| refers to the current time. Finally, |
| relative times may be specified, |
| prefixed with <literal>-</literal> or |
| <literal>+</literal>, referring to |
| times before or after the current |
| time, respectively.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--field=</option></term> |
| <term><option>-F</option></term> |
| |
| <listitem><para>Print all possible |
| data values the specified field can |
| take in all entries of the |
| journal.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--directory=</option></term> |
| <term><option>-D</option></term> |
| |
| <listitem><para>Takes an absolute |
| directory path as argument. If |
| specified journalctl will operate on the |
| specified journal directory instead of |
| the default runtime and system journal |
| paths.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--new-id128</option></term> |
| |
| <listitem><para>Instead of showing |
| journal contents generate a new 128 |
| bit ID suitable for identifying |
| messages. This is intended for usage |
| by developers who need a new |
| identifier for a new message they |
| introduce and want to make |
| recognizable. Will print the new ID in |
| three different formats which can be |
| copied into source code or |
| similar.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--header</option></term> |
| |
| <listitem><para>Instead of showing |
| journal contents show internal header |
| information of the journal fields |
| accessed.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--disk-usage</option></term> |
| |
| <listitem><para>Shows the current disk |
| usage of all |
| journal files.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--setup-keys</option></term> |
| |
| <listitem><para>Instead of showing |
| journal contents generate a new key |
| pair for Forward Secure Sealing |
| (FSS). This will generate a sealing |
| key and a verification key. The |
| sealing key is stored in the journal |
| data directory and shall remain on the |
| host. The verification key should be |
| stored externally.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--interval=</option></term> |
| |
| <listitem><para>Specifies the change |
| interval for the sealing key, when |
| generating an FSS key pair with |
| <option>--setup-keys</option>. Shorter |
| intervals increase CPU consumption but |
| shorten the time range of |
| undetectable journal |
| alterations. Defaults to |
| 15min.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--verify</option></term> |
| |
| <listitem><para>Check the journal file |
| for internal consistency. If the |
| file has been generated with FSS |
| enabled, and the FSS verification key |
| has been specified with |
| <option>--verify-key=</option> |
| authenticity of the journal file is |
| verified.</para></listitem> |
| </varlistentry> |
| |
| <varlistentry> |
| <term><option>--verify-key=</option></term> |
| |
| <listitem><para>Specifies the FSS |
| verification key to use for the |
| <option>--verify</option> |
| operation.</para></listitem> |
| </varlistentry> |
| |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>Exit status</title> |
| |
| <para>On success 0 is returned, a non-zero failure |
| code otherwise.</para> |
| </refsect1> |
| |
| <refsect1> |
| <title>Environment</title> |
| |
| <variablelist> |
| <varlistentry> |
| <term><varname>$SYSTEMD_PAGER</varname></term> |
| <listitem><para>Pager to use when |
| <option>--no-pager</option> is not given; |
| overrides <varname>$PAGER</varname>. Setting |
| this to an empty string or the value |
| <literal>cat</literal> is equivalent to passing |
| <option>--no-pager</option>.</para></listitem> |
| </varlistentry> |
| </variablelist> |
| </refsect1> |
| |
| <refsect1> |
| <title>Examples</title> |
| |
| <para>Without arguments all collected logs are shown |
| unfiltered:</para> |
| |
| <programlisting>journalctl</programlisting> |
| |
| <para>With one match specified all entries with a field matching the expression are shown:</para> |
| |
| <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service</programlisting> |
| |
| <para>If two different fields are matched only entries matching both expressions at the same time are shown:</para> |
| |
| <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097</programlisting> |
| |
| <para>If two matches refer to the same field all entries matching either expression are shown:</para> |
| |
| <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _SYSTEMD_UNIT=dbus.service</programlisting> |
| |
| <para>If the separator "<literal>+</literal>" is used |
| two expressions may be combined in a logical OR. The |
| following will show all messages from the Avahi |
| service process with the PID 28097 plus all messages |
| from the D-Bus service (from any of its |
| processes):</para> |
| |
| <programlisting>journalctl _SYSTEMD_UNIT=avahi-daemon.service _PID=28097 + _SYSTEMD_UNIT=dbus.service</programlisting> |
| |
| <para>Show all logs generated by the D-Bus executable:</para> |
| |
| <programlisting>journalctl /usr/bin/dbus-daemon</programlisting> |
| |
| <para>Show all logs of the kernel device node <filename>/dev/sda</filename>:</para> |
| |
| <programlisting>journalctl /dev/sda</programlisting> |
| |
| </refsect1> |
| |
| <refsect1> |
| <title>See Also</title> |
| <para> |
| <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>systemd.journal-fields</refentrytitle><manvolnum>7</manvolnum></citerefentry>, |
| <citerefentry><refentrytitle>journald.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry> |
| </para> |
| </refsect1> |
| |
| </refentry> |