In this tutorial let us see how to use the journalctl command to verify logging information.

To list end of journal log and follow mode (f) same like tail -f

# journalctl -ef

To list the newest entries at first.

# journalctl -r

To list only the logging information about sshd.service unit.

# journalctl -u httpd.service

To list all the logging information about sshd.service system unit.

# journalctl _SYSTEMD_UNIT=httpd.service

To list all the emergency error using journald.

# journalctl -p emerg..err

To list the last system boot information.

# journalctl -b -1

To list journal logs for a range of period.

# journalctl –since “2017-07-25 13:00:00” –until “2017-09-03”

To list the kernel dmesg logs from the current boot time.

# journalctl -k

Show total disk usage of all journal files

# journalctl –disk-usage

[root@rhel7 ~]# journalctl –disk-usage
Journals take up 97.3M on disk.

To verify the journal file consistency

# journalctl –verify

[root@rhel7 ~]# journalctl –verify
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@00054fe6b304c8d7-9df63f9ab5a6251b.journal~
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@0005511829618c3d-fee52e1358540d89.journal~
1d1f78: invalid entry item (5/21 offset: 000000░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 0%
Invalid object contents at 1d1f78: Bad message
File corruption detected at /var/log/journal/e37a71c6effe44428389f277a1219225/system@000551183b108830-ca20e7ed4cbd7c2f.journal~:1d1f78 (of 8388608 bytes, 22%).
FAIL: /var/log/journal/e37a71c6effe44428389f277a1219225/system@000551183b108830-ca20e7ed4cbd7c2f.journal~ (Bad message)
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@0005583bae4b7900-a8650995da3dc53e.journal~
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system.journal
[root@rhel7 ~]#

To list the entries in the message catalog

# journalctl –dump-catalog

[root@rhel7 ~]# journalctl –dump-catalog
— 0027229ca0644181a76c4e92458afa2e
Subject: One or more messages could not be forwarded to syslog
Defined-By: systemd

One or more messages could not be forwarded to the syslog service
running side-by-side with journald. This usually indicates that the
syslog implementation has not been able to keep up with the speed of
messages queued.

To know more about journalctl command run below man page command.

# man journalctl


Please enter your comment!
Please enter your name here