It store logging data in a structured, indexed binary file. It has additional information about the log events.Redhat7. Systemd journal is stored in /run/log.
Journal is new feature in RH7. Journal will not be allowed to get layer than 10% of file system or less than 15% of system free.
Commands to view system-journal entries:-
journalctl -> It show all system journal from system starting.
journalctl –n -> It show last 10 entries, we can give any number to view the entries
journalctl -n 3 -> It display last 3 entries.
journalctl –p -> It will filter it by priority of journal entries. It take either name or number of priority levels.
Priority name and its code
Ex:- journalctl p -4 (or) journalctl p warning -> Priority code 4 is for warning. We can use either name or code along with journalctl -p command both are same.
journalctl –p 4 | journalctl –n 3 -> here we combined two commands by using pipeline symbol, So first it execute the priority command (journalctl -p) after that it execute (journalctl -n 3).
Result of this command is:
it display last three entries of warning.
journactl -f -> Last 10 lines of the journal and continues to output new journal entries as they get written to the journal.
journalctl --since today -> Display all journal entries recorded today.
journalctl --since "2015-10-01" --until "2015:10:02" -> Display the journal entries recorded with the mention duration.
journalctl _SYSTEMD_UNIT=sshd.service _PID= 1398 -> To view the entries related to process started by mentioned services and also process id.
ConversionConversion EmoticonEmoticon