Last Updated on May 28, 2022
This is the eighth in our series of articles highlighting essential system tools. These are small utilities, useful for system administrators as well as regular users of Linux based systems. The series examines both graphical and text based open source utilities. For this article, we’ll examine journalctl. For details of all tools in this series, please check the table in the summary section.
Systemd (stylized as systemd) is a suite of software that provides fundamental building blocks for Linux. It’s a Linux-specific system and service manager, offering an init system used to bootstrap the user space and to manage system processes after booting. The software provides a standard process for controlling what programs run when a Linux system boots up. Systemd, was created by Red Hat’s Lennart Poettering and Kay Sievers. It provides more than running core programs. It also starts a journal of system activity, the network stack, a cron-style job scheduler, user logins, and many other jobs.
systemd has courted a lot of controversy with some legitimate concerns about its design details (for example, the decision to use binary logs), and debate about whether it extends its reach too far. Nevertheless, this system and service manager has been adopted by many popular Linux distributions such as Fedora, Ubuntu, Debian, openSUSE, and Arch. Why? Essentially, because it offers a fast boot-up, parallelizing the boot process, as well as being designed with security in mind with most daemons running at minimal privileges. It also unifies system objects, and offers a simple configuration file language.
journalctl is a systemd utility. If your system doesn’t use systemd, you’ll have little interest in this utility. But given most popular Linux distros have adopted systemd, it’s likely you’ll need journalctl at one stage or another. It’s common sense to understand the system you’re running, and this utility will help you in this process.
journalctl is used for querying and displaying messages from the journal. Since the journal comprises of one or more binary files, journalctl is the standard way to read messages from it.
If your Linux distribution uses systemd, journalctl will already be present on your system. It’s a command-line tool, so you won’t find it listed in a desktop environment system’s menu. But it’s available from the console, terminal emulator, or anywhere you can access a shell. Many applications give you shell access too e.g. RStudio.
Logging data is collected, stored, and processed by the Journal’s journald service. Depending on your distribution, Journal stores log files in memory, in a small ring-buffer in the /run/log/journal directory. It’s also possible for log data to be saved permanently if persistent storage is enabled. BleachBit offers the option to clean the log files. But journalctl offers functions for immediately removing archived journals on disk.
If you run the journalctl command without any flags, you’ll see all the logs in your journal.
You’ll probably make more sense of the output by making use of the command’s various flags, which are displayed below.
journalctl displays logs in a format similar to the traditional syslog format. Each line starts with the date, followed by the server’s hostname, the process name, and the message for the log. Logs are displayed from oldest to newest, but the order can be reversed using the -r flag.
If you want to view a live log of new entries, use the -f flag. This lets you supervise the log messages in real time as new entries are continuously printed as they appear.
One of the most useful attributes of journalctl is to filter the log messages before they are displayed. You can output kernel messages only, filter output by message priorities, and/or messages that match a unit or pattern. Filters of different types can also be combined together to further narrow the output. And you can show logs within a time range.
Another flag that’s useful is -b, which shows messages from the last boot of your machine. It can also show messages from a specific boot. To list all journal log errors since the latest boot, type:
Another useful commands is:
We’ll leave what that does as an exercise for the reader. Post in the comments box!
journalctl is a command that’s used to identify many errors and for troubleshooting purposes. It’s an essential way of solving any issues with your Linux system.
Support: Journal Export Format, Journal JSON Format
Developer: Part of systemd
License: GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version
All the essential tools in this series:
|Essential System Tools|
|Alacritty||Innovative, hardware-accelerated terminal emulator|
|BleachBit||System cleaning software. Quick and easy way to service your computer|
|bottom||Graphical process/system monitor for the terminal|
|btop++||Monitor usage and stats for CPU, memory, disks, network and processes|
|catfish||Versatile file searching software|
|Clonezilla||Partition and disk cloning software|
|CPU-X||System profiler with both a GUI and text-based|
|Czkawka||Find duplicate files, big files, empty files, similar images, and much more|
|ddrescue||Data recovery tool, retrieving data from failing drives as safely as possible|
|dust||More intuitive version of du written in Rust|
|f3||Detect and fix counterfeit flash storage|
|Fail2ban||Ban hosts that cause multiple authentication errors|
|fdupes||Find or delete duplicate files|
|Firejail||Restrict the running environment of untrusted applications|
|Glances||Cross-platform system monitoring tool written in Python|
|GParted||Resize, copy, and move partitions without data|
|GreenWithEnvy||NVIDIA graphics card utility|
|gtop||System monitoring dashboard|
|gWakeOnLAN||Turn machines on through Wake On LAN|
|hyperfine||Command-line benchmarking tool|
|inxi||Command-line system information tool that's a time-saver for everyone|
|journalctl||Query and display messages from the journal|
|kmon||Manage Linux kernel modules with this text-based tool|
|Krusader||Advanced, twin-panel (commander-style) file manager|
|Neofetch||System information tool written in Bash|
|Nmap||Network security tool that builds a "map" of the network|
|nmon||Systems administrator, tuner, and benchmark tool|
|nnn||Portable terminal file manager that's amazingly frugal|
|pet||Simple command-line snippet manager|
|Pingnoo||Graphical representation for traceroute and ping output|
|ps_mem||Accurate reporting of software's memory consumption|
|SMC||Multi-featured system monitor written in Python|
|Timeshift||Reliable system restore tool|
|QDirStat||Qt-based directory statistics|
|QJournalctl||Graphical User Interface for systemd’s journalctl|
|TLP||Must-have tool for anyone running Linux on a notebook|
|Unison||Console and graphical file synchronization software|
|VeraCrypt||Strong disk encryption software|
|Ventoy||Create bootable USB drive for ISO, WIM, IMG, VHD(x), EFI files|
|WTF||Personal information dashboard for your terminal|