In Linux, logging is vital in debugging and checking the usage of the kernel and other processes. It’s through logs that you can quickly spot errors or bugs and fix them. Journalctl is a Linux command-line utility that allows users to query and display logs from the systemd-journald, making it easy for users to get detailed information on various system events, processes, and services. Instead of checking the logs of each tool or service from different daemons, you can get all the logs by utilizing the systemd through the journalctl. This post shares most insights on using the journalctl to view and manipulate systemd logs.

In Linux, journalctl is a centralized way of logging all the systems used by systemd. With journalctl, all the services, processes, and events running on your Linux system will be logged via systemd, and you can check the past logs or even the logs in real-time.

Moreover, the journal also displays information on system events such as hardware events, startup, and kernel messages. The purpose of journalctl is to give users an easy and convenient way of viewing, filtering, monitoring, and analyzing log messages.

There are numerous ways of working with journalctl, and it all depends on your goal. Here, we’ve given different instances of when to work with a journal. Hopefully, these examples will ease your time understanding and working with journalctl.

Running the journalctl without any options will display all the logs from services, events, and processes running on your Linux system.

Run the following command.

You will get a similar output.

When you run the command with sudo privileges, you will fetch logs for all users.

Instead of getting the basic results from running the journalctl without options, you can filter them for better results.

For instance, to check the logs in real time, add the -f option.

Still, you can filter the logs based on the date and time. If you want to see all logs since yesterday, you should run the below command.

You can specify that you only want to retrieve the kernel logs and isolate all the other logs. Such an instance is ideal for monitoring your OS core components.

Add the -k option.

You can also view systemd logs for your Linux disk usage to get information on your system. Run the following command.

With journalctl, you can view logs on the local time for different timezones. When you check the time, systemd will show the results based on your system’s local time. You can opt to set a different timezone using the below command.

We’ve set our timezone to New_York, but you are free to list the available timezones with the below command and set any of your choice.

You can view the logs for your timedatectl by checking its status to ensure that you are using the correct time.

Before we see how to filter the log results by time, if you want to check your timestamps in UTC or any other, specify it in your command, as demonstrated below.

Suppose you only want to get the journal entries for all logs from your current boot, add the -b option in your command.

There are different boots that journald can access and you can first check the available boots with the below command.

Once you’ve seen the available boots, you can then specify them in your filter command. For instance, to check the journal entries for the previous boot list 2, use the following command.

The above examples are instances of how you can utilize the journalctl to view and manipulate systemd logs.

Journalctl is one way of accessing systemd logs through a centralized option. You can use it to check logs on different system events, processes, and services. This post shares different examples of working with journalctl to view and manipulate systemd logs. Hopefully, the examples covered in the post will guide you in understanding and getting comfortable with journalctl.