b.stefanuk.caUsing the Systemd Suite
systemd provides userland boot-time scheduling and management of system daemons, services, sockets, and other resources.
timedatectl
timedatectl can be used to manage the time and date options of your system.
udisksctl
Manages block devices and other stuff.
journalctl
The journald daemon collects data from all available sources (kernel, services, sockets, etc.) and indexes them for viewing and manipulation. Since many logs are registered, knowing how to filter the logs is important.
Time-based Filtering
journalctl --since/--until: Shows all the logs --since the specified time or --until the specified time. Both options can be used together to narrow in on a certain time slice. The time and date is best formatted as YYYY-MM-DD HH:MM:SS (any part of the time or date can be omitted and intuitive defaults will be applied).
Service-based filtering
systemd scripts define units that are managed in a variety of ways. Often the simplest way to filter journal logs is to filter by unit.
journalctl -u <unit>: Only show logs for the unit specified by <unit>. For example journalctl -u ssh --since today would show SSH logs that were viewed today. journalctl -k: Shows kernel messages from the current boot.
Modifying the Journal Display
journalctl --no-pager: Redirects to standard output so that the content can be piped or redirected to another file. journalctl -o <format>: Outputs the entries in the format specified. Examples include: json, json-pretty, etc. journalctl -f: Actively follows the output of the logs.
Command Cheatsheet
systemctl show <unit> -p NRestarts
journalctl --list-boots | wc -l # number of reboots
journalctl -b -N # show logs from the Nth previous boot
journalctl -fu <unit> # follow logs of specific unit
journalctl -o json | jq <pattern> # manipulate journal output as json
journalctl --since "90min ago" --until "1hr ago"
journalctl -u <unit> --since "2023-10-11 17:49:00" --until "2023-10-11 17:57:00"systemctl show <unit> -p NRestarts
journalctl --list-boots | wc -l # number of reboots
journalctl -b -N # show logs from the Nth previous boot
journalctl -fu <unit> # follow logs of specific unit
journalctl -o json | jq <pattern> # manipulate journal output as json
journalctl --since "90min ago" --until "1hr ago"
journalctl -u <unit> --since "2023-10-11 17:49:00" --until "2023-10-11 17:57:00"ADDITIONAL RESOURCES