To use journalctl effectively on a systemd-based Linux system, start by checking logs from the current boot with 1.) journalctl -b to focus on recent events and avoid old entries. For real-time monitoring, add the -f flag with 2.) journalctl -b -f. Filter logs by service using 3.) journalctl -u [service] to see messages tied to a specific systemd unit like nginx or sshd. Narrow results further with time-based filters via 4.) --since and --until, such as journalctl --since "-1 hour" for logs from the past hour. Lastly, view logs from previous boots by first listing them with 5.) journalctl --list-boots then accessing them using their index or hash with journalctl -b [index|hash], which helps investigate issues that occurred before the last reboot.
If you're working with a Linux system that uses systemd, journalctl is one of the most powerful tools for viewing logs. Unlike traditional log files scattered across /var/log/, journalctl gives you a centralized and structured way to access system logs — but it can feel overwhelming at first.
Here’s how to use journalctl effectively without getting lost in the noise.
Check basic logs from the current boot
A good starting point is to view logs from the current system session only. This keeps things focused and avoids digging through old entries.
You can do this by adding the -b flag:
journalctl -b
This shows all logs since the last reboot. It's useful when troubleshooting recent issues like failed services or app crashes during startup.
If you want to follow the logs in real time (like tail -f), add the -f option:
journalctl -b -f
This is handy when testing a service or watching what happens after triggering a specific action on your system.
Filter logs by service or unit
Most of the time, you’re not interested in everything — just what happened with a specific service or process.
To filter logs by a systemd unit (e.g., nginx, sshd, or NetworkManager), use the -u flag:
journalctl -u nginx
This helps when debugging why a service didn’t start properly or stopped unexpectedly. You’ll see messages specifically tied to that service, even across reboots if you don't use -b.
And if you want to check logs for a specific time window, combine it with time filters (see the next section).
Use time-based filtering to narrow results
Sometimes you know roughly when something went wrong — say, between 2 PM and 3 PM today. Journalctl lets you filter by date and time.
Use --since and --until to define a range:
journalctl --since "2024-04-05 14:00" --until "2024-04-05 15:00"
Or keep it simpler with relative times:
journalctl --since "-1 hour"
This cuts down noise and helps you focus on relevant events. If you're dealing with intermittent problems or scheduled tasks (like cron jobs), narrowing the time frame makes all the difference.
View logs from previous boots
By default, journalctl shows the current boot only. But if you need to look into logs from earlier sessions, list past boots first:
journalctl --list-boots
You'll get output like this:
-2 abcdef... Mon 2024-04-01 10:00:00 EDT -1 123456... Tue 2024-04-02 09:30:00 EDT 0 7890ab... Wed 2024-04-03 11:15:00 EDT
Then use the hash or index to view logs from a specific boot:
journalctl -b -2
or
journalctl -b abcdef...
This is super helpful if the issue happened before the last reboot and you didn’t save any logs manually.
That's the core set of commands you’ll use most often. Once you get used to combining flags like -b, -u, and time filters, journalctl becomes much less intimidating. It's not complicated, but it does take a little practice to pull out exactly what you need.
The above is the detailed content of How to view system logs using journalctl?. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undress AI Tool
Undress images for free
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
How to install a local .rpm file with all dependencies?
Jul 08, 2025 am 12:51 AM
To correctly install the local RPM file and handle dependencies, you should first use dnf to install it directly, because it can automatically obtain the required dependencies from the configured repository; if the system does not support dnf, you can use yum's localinstall command instead; if the dependency cannot be resolved, you can manually download and install all related packages; finally, you can also forcefully ignore the dependency installation, but this method is not recommended. 1. Use sudodnfinstall./package-name.rpm to automatically resolve dependencies; 2. If there is no dnf, you can use sudoyumlocalinstall./package-name.rpm; 3. Force installation and execute sudorpm-ivh--nod
What is the minimal install of CentOS and what does it include?
Jul 07, 2025 am 12:35 AM
AminimalinstallofCentOSisalightweightsetupthatincludesonlyessentialcomponents,makingitidealforserversorsystemsrequiringfullcontrol.Itcontainscoreutilitieslikebash,yum/dnf,networkingtools,andsecuritypackages,whileexcludingdesktopenvironments,webserver
How to configure a static IP address on CentOS 8/9 using nmcli?
Jul 10, 2025 pm 12:19 PM
How to set a static IP address using nmcli on CentOS8 or 9? 1. First run the nmcliconnectionshow and ipa commands to view the current network interface and its configuration; 2. Use the nmcliconnectionmodify command to modify the connection configuration, specify parameters such as ipv4.methodmanual, ipv4.addresses (such as 192.168.1.100/24), ipv4.gateway (such as 192.168.1.1), and ipv4.dns (such as 8.8.8.8). 3. Run the nmcliconnectiondown and up commands to restart the connection to make the changes take effect, or
How to install and configure fail2ban on CentOS?
Jul 10, 2025 pm 12:21 PM
Installing and configuring fail2ban on CentOS is not complicated, it mainly includes the following steps: 1. Install fail2ban using yum; 2. Manually enable and start the service; 3. Create a jail.local file for custom configuration; 4. Set SSH defense rules, including enabling sshd, specifying the blocking time and retry times; 5. Configure firewalld as an action actuator; 6. Regularly check the blocking IP and logs. Fail2ban detects abnormal login behavior through monitoring logs and automatically blocks suspicious IPs. Its core mechanism relies on key parameters such as bantime (banned time), findtime (statistic window time) and maxretry (maximum failure number).
What are KernelCare and kpatch for live kernel patching?
Jul 12, 2025 am 01:07 AM
KernelCare and kpatch are both tools for implementing hot patches in the Linux kernel, but the applicable scenarios are different. 1. KernelCare is a commercial service that supports CentOS, RHEL, Ubuntu and Debian, automatically applies patches without restarting, and is suitable for hosting service providers and enterprise production environments; 2. kpatch is an open source tool developed by Red Hat. It is based on the ftrace framework and requires manual construction of patch modules. It is suitable for RHEL and compatible systems, and is suitable for organizations that need to finely control the patch process or use customized kernels. When choosing, automation requirements, system distribution, whether official support is required, and the degree of control over open source tools should be considered. Neither of them can fix all vulnerabilities, some still need to be restarted, and
How to add or remove a service in FirewallD?
Jul 13, 2025 am 01:32 AM
How to add or remove a service in FirewallD? 1. Add a service: First use firewall-cmd-get-services to view available services, temporarily add --add-service=service name, and permanently add --permanent parameter; 2. Remove service: Use --remove-service=service name to temporarily remove, add --permanent permanently remove, and after modification, all need to perform --reload reload configuration; 3. Custom service: Use --new-service to create a service and edit the XML file to define the port, and then add it according to the standard service. Pay attention to distinguish between temporary and permanent settings during operation, and reload the firewall in time.
Where are the main system log files located in CentOS?
Jul 19, 2025 am 03:56 AM
In CentOS, the system log files are mainly stored in the /var/log directory. Common ones include: 1./var/log/messages record system messages; 2./var/log/secure record authentication-related logs; 3./var/log/dmesg record kernel information; 4./var/log/cron record timing task information; 5./var/log/boot.log record startup process. CentOS7 and above use rsyslog to manage logs, combined with systemd's journald tool, can be viewed through the journalctl command. It is also recommended to use logrotate to rotate logs and real
How to install MariaDB or MySQL on CentOS?
Jul 11, 2025 am 12:28 AM
The method of installing MariaDB or MySQL to CentOS is as follows: 1. Install MariaDB: After updating the system, use yum to install mariadb-server, start the service and run the security initialization script; 2. Install MySQL: After adding the official source, then use yum to install mysql-community-server, start the service and view the log to get the temporary password, and then run the security initialization script. MariaDB is the default recommended option, suitable for development and testing environments; MySQL is suitable for scenarios with specific enterprise needs, the community version has limited functions, and the enterprise version requires a fee. Frequently asked questions include port conflicts, permission issues, and database status checks, which can be accessed through open firewall ports.
