JournalCtl

Viewing logs in Fedora

Log files contain messages about the system, including the kernel, services, and applications running on it. These contain information that helps troubleshoot issues, or simply monitor system functions. Fedora uses the systemd system and service manager. With systemd, messages for most services are now stored in the systemd journal which is a binary file that must be accessed usinng the journalctl command.

System tools that do not use systemd for their logs continue to place them as plain text files in the /var/log/ directory. In Fedora, there are two ways of accessing system logs:

  • The command line
  • A GUI applications

Using the command line to view log files

The journalctl command can be to view messages in the system journal on the command line. For plain text log files, generic tools may be used:

  • catmorelesstail, or head.
  • the grep command to search for specific information.
  • any text editor of your choosing (nano/pico/vim/emacs)

Please note that you may require sudo access to view these files.

Using journalctl to view system information

  • To view all collected journal entries, simply use:
$ journalctl
  • To view a logs related to a specific file, you can provide the journalctl command with a filepath. The example shown below shows all logs of the kernel device node /dev/sda:
$ journalctl /dev/sda
  • To view log for the current boot use the -b option :
$ journalctl -b
  • To view kernel logs for the current boot, you can add the -k option:
$ journalctl -k -b -1

Using journalctl to view log information for a specific service

  • To filter logs to only see ones matching the “foo” systemd service:
$ journalctl -b _SYSTEMD_UNIT=foo
  • Matches can be combined. For example, to view logs for systemd-units that match foo, and the PID number:
$ journalctl -b _SYSTEMD_UNIT=foo _PID=number
  • If the separator “+” is used, two expressions may be combined in a logical OR. For example, to view all messages from the foo service process with the PID plus all messages from the foo1 service (from any of its processes):
$ journalctl -b _SYSTEMD_UNIT=foo _PID=number + _SYSTEMD_UNIT=foo1
  • If two matches refer to the same field, all entries matching either expression are shown. For example, this command will show logs matching a systemd-unit foo or a systemd-unit foo1:
$ journalctl -b _SYSTEMD_UNIT=foo _SYSTEMD_UNIT=foo1

(source)