Systemd-Journal Entries

It store logging data in a structured, indexed binary file. It has additional information about the log events.Redhat7. Systemd journal is stored in /run/log

Journal is new feature in RH7. Journal will not be allowed to get layer than 10% of file system or less than 15% of system free.

Commands to view system-journal entries:-

journalctl  -> It show all system journal from system starting.



journalctl –n -> It show last 10 entries, we can give any number to view the entries




journalctl -n 3 -> It display last 3 entries.


journalctl –p -> It will filter it by priority of journal entries. It take either name or number of priority levels. 

Priority name and its code

Ex:- journalctl p -4 (or) journalctl p warning -> Priority code 4 is for warning. We can use either name or code along with journalctl -p command both are same.


 
journalctl –p 4 | journalctl –n 3 -> here we combined two commands by using pipeline symbol, So first it execute the priority command (journalctl -p) after that it execute (journalctl -n 3). 

Result of this command is:
it display last three entries of warning.

 
journactl -f -> Last 10 lines of the journal and continues to output new journal entries as they get written to the journal.



journalctl --since today -> Display all journal entries recorded today.



journalctl --since "2015-10-01" --until "2015:10:02"  -> Display the journal entries recorded with the mention duration. 
 

journalctl _SYSTEMD_UNIT=sshd.service _PID= 1398 -> To view the entries related to process started by mentioned services and also process id.







Previous
Next Post »