systemd System and Service Manager
What is this?
systemd is a system and service manager for Linux, compatible with SysV and LSB init scripts.
systemd provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services,
offers on-demand starting of daemons, keeps track of processes using Linux control groups,
supports snapshotting and restoring of the system state, maintains mount and automount points
and implements an elaborate transactional dependency-based service control logic.
The ($) and (#) signs before all commands, just indicates how to enter the commands.
so don't actually type them. (#) means you have to be root, ($) means normal user
let's start with some basics. To access the logs of the journal use the journalctl tool.
To have a first look at the logs, just type in:
If you run this as root you will see all logs generated on the system, from system components the same way
as for logged in users. The output you will get looks like a pixel-perfect copy of the traditional /var/log/messages format,
but actually has a couple of improvements over it:
- Lines of error priority (and higher) will be highlighted red.
- Lines of notice/warning priority will be highlighted bold.
- The timestamps are converted into your local time-zone.
- The output is auto-paged with your pager of choice (defaults to less).
This will show all available data, including rotated logs.
Browsing logs this way is already pretty nice.
But requiring to be root sucks of course, even administrators tend to do most of their work as unprivileged users these days.
By default, Journal users can only watch their own logs, unless they are root or in the adm group.
To make watching system logs more fun, you could add yourselve to adm:
# usermod -a -G adm yourusername
After logging out and back in as yourusername you have access to the full journal of the system and all users:
If invoked without parameters journalctl will show you the current log database.
Sometimes one needs to watch logs as they grow, where one previously used tail -f /var/log/messages:
$ journalctl -f
Yes, this does exactly what you expect it to do: it will show you the last ten logs lines,
and then wait for changes and show them as they take place.
When invoking journalctl without parameters you'll see the whole set of logs, beginning with the oldest message stored.
That of course, can be a lot of data. Much more useful is just viewing the logs of the current boot:
$ journalctl -b
This will show you only the logs of the current boot, with all the gimmicks mentioned.
But sometimes even this is way too much data to process.
So let's just listing all the real issues to care about: all messages of priority levels ERRORS and worse,
from the current boot:
$ journalctl -b -p err
But, if you reboot only seldom the -b makes little sense, filtering based on time is much more useful:
$ journalctl --since=yesterday