systemd-journalctl — Query the systemd journal
systemd-journalctl [OPTIONS...] [MATCH]
systemd-journalctl may be used to query the contents of the systemd(1) journal.
If called without parameter will show the full contents of the journal, starting with the oldest entry collected.
If a match argument is passed the output is
filtered accordingly. A match is in the format
FIELD=VALUE
,
e.g. _SYSTEMD_UNIT=httpd.service
.
Output is interleaved from all accessible journal files, whether they are rotated or currently being written, and regardless whether they belong to the system itself or are accessible user journals.
All users are granted access to their private
per-user journals. However, by default only root and
users who are members of the adm
group get access to the system journal and the
journals of other users.
The following options are understood:
--help
, -h
Prints a short help text and exits.
--version
Prints a short version string and exits.
--no-pager
Do not pipe output into a pager.
--all
, -a
Show all fields in full, even if they include unprintable characters or are very long.
--follow
, -f
Show only most recent journal entries, and continously print new entries as they are appended to the journal.
--lines=
, -n
Controls the number of journal lines to show, counting from the most recent ones. Takes a positive integer argument. In follow mode defaults to 10, otherwise is unset thus not limiting how many lines are shown.
--no-tail
Show all stored output
lines, even in follow mode. Undoes the
effect of
--lines=
.
--output=
, -o
Controls the
formatting of the journal entries that are
shown. Takes one of
short
,
short-monotonic
,
verbose
,
export
,
json
,
cat
. short
is the default and generates an output
that is mostly identical to the
formatting of classic syslog log
files, showing one line per journal
entry. short-monotonic
is very similar but shows monotonic
timestamps instead of wallclock
timestamps. verbose
shows the full structered entry items
with all
fiels. export
serializes the journal into a binary
(but mostly text-based) stream
suitable for backups and network
transfer. json
formats entries as JSON data
structures. cat
generates a very terse output only
showing the actual message of each
journal entry with no meta data, not
even a timestamp.
--quiet
, -q
Suppresses any warning message regarding inaccessable system journals when run as normal user.
--new-id128
Instead of showing journal contents generate a new 128 bit ID suitable for identifying messages. This is intended for usage by developers who need a new identifier for a new message they introduce and want to make recognizable. Will print the new ID in three different formats which can be copied into source code or similar.