In this tutorial let us see how to use the journalctl command to verify logging information.

To list end of journal log and follow mode (f) same like tail -f

# journalctl -ef

To list the newest entries at first.

# journalctl -r

To list only the logging information about sshd.service unit.

# journalctl -u httpd.service

To list all the logging information about sshd.service system unit.

# journalctl _SYSTEMD_UNIT=httpd.service

To list all the emergency error using journald.

# journalctl -p emerg..err

To list the last system boot information.

# journalctl -b -1

To list journal logs for a range of period.

# journalctl –since “2017-07-25 13:00:00” –until “2017-09-03”

To list the kernel dmesg logs from the current boot time.

# journalctl -k

Show total disk usage of all journal files

# journalctl –disk-usage

[root@rhel7 ~]# journalctl –disk-usage
Journals take up 97.3M on disk.

To verify the journal file consistency

# journalctl –verify

[root@rhel7 ~]# journalctl –verify
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@00054fe6b304c8d7-9df63f9ab5a6251b.journal~
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@0005511829618c3d-fee52e1358540d89.journal~
1d1f78: invalid entry item (5/21 offset: 000000░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░ 0%
Invalid object contents at 1d1f78: Bad message
File corruption detected at /var/log/journal/e37a71c6effe44428389f277a1219225/system@000551183b108830-ca20e7ed4cbd7c2f.journal~:1d1f78 (of 8388608 bytes, 22%).
FAIL: /var/log/journal/e37a71c6effe44428389f277a1219225/system@000551183b108830-ca20e7ed4cbd7c2f.journal~ (Bad message)
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system@0005583bae4b7900-a8650995da3dc53e.journal~
PASS: /var/log/journal/e37a71c6effe44428389f277a1219225/system.journal
[root@rhel7 ~]#

To list the entries in the message catalog

# journalctl –dump-catalog

[root@rhel7 ~]# journalctl –dump-catalog
— 0027229ca0644181a76c4e92458afa2e
Subject: One or more messages could not be forwarded to syslog
Defined-By: systemd

One or more messages could not be forwarded to the syslog service
running side-by-side with journald. This usually indicates that the
syslog implementation has not been able to keep up with the speed of
messages queued.

To know more about journalctl command run below man page command.

# man journalctl

Babin Lonston
Overall 14+ Years of experience in IT field, 7+ years of experience in Linux administration with Virtualization & Cloud technologies. Love documentation and being Numismatics for a long time.

Step by Step Installing Symantec Enterprise End Point Protection Linux client

Previous article

How to Install OSSEC Host Intrusion Detection client in Linux and Solaris

Next article

You may also like


Leave a reply

Your email address will not be published.