Technotes for future me


systemctl restart rsyslog && service auditd restart && logger "blaataap"

Perusing system logs

On Linux distros based on systemd, logs can be viewed using the journalctl command. This requires root privileges. However, users that are members of the adm group get access as well. So, add your user to the adm group to make viewing logs easier.

Show log since last bootjournalctl -b
Kernel messages (like dmesg)journalctl -k
Show latest log and wait for changesjournalctl -f
Reverse output (newest first)journalctl -r
Show only errors and worsejournalctl -b -p err
Filter on time (example)journalctl --since=2014-06-00 --until="2014-06-07 12:00:00"
Since yesterdayjournalctl --since=yesterday
Show only log of SERVICEjournalctl -u SERVICE
Match executable, e.g. dhclientjournalctl /usr/sbin/dhclient
Match device node, e.g. /dev/sdajournalctl /dev/sda
Disable truncating/pagingjournalctl --no-pager

“Traditional” logs

Traditionally, logs are text files in /var/log. Some services still write their logs to these text files and not to journald.

Live view of log FILEtail -f /var/log/FILE
Colorized live view of boot/kernel messagesdmesg -wH


Last updated on 3 Oct 2022
Published on 11 Dec 2019
Edit on GitHub