How to View and Manage System Logs Using journalctl in Linux
ServerAvatar
Focus on your sites 📱, we handle everything else with Managed Cloud Hosting ⚡
In today’s Linux-based environments, efficient log management is essential for system administrators to monitor performance, troubleshoot issues, and support system stability. Most modern Linux distributions rely on systemd as the default init system, which includes a built-in logging component known as the journal. Unlike traditional plain-text logs, the journal stores data in a structured binary format, allowing faster and more flexible access using the journalctl command.
To interact with these logs, Linux provides a powerful command-line tool called ‘journalctl‘. This utility allows administrators to view, filter, and analyze logs across the entire system, including kernel events, service logs, and user-generated messages, all from a single interface. Whether you’re debugging a service failure, tracking down a security event, or monitoring logs in real time, journalctl offers the precision and control needed to get the job done.
This guide will show you how to use journalctl, from viewing logs to advanced filtering and cleanup techniques, helping you confidently manage system logs on any Linux system using systemd.
What Is journalctl and Why It Matters
journalctl is a command-line utility for interacting with the systemd journal. systemd replaces older init systems and manages various system tasks, including logging. The systemd journal is a centralized log storage system, storing logs for all services, the kernel, and user programs in a binary format.
Unlike traditional text-based log files, the binary format allows for more advanced querying and filtering. This feature makes journalctl an essential tool for administrators who need to troubleshoot problems, monitor system performance, or audit events in real-time.
Some advantages of using journalctl include:
Basic Syntax of the journalctl Command
Before diving into advanced features, let’s go over the basic syntax of the journalctl command. The basic syntax is:
journalctl [options]
Some common options you’ll encounter include:
Let’s explore some practical examples using these options.
View All System Logs
To view all logs in the system journal, run:
journalctl
By default, this will show logs from the most recent boot. Logs are displayed in reverse chronological order, with the most recent entries appearing at the top.
If you want to see logs for a specific time frame, you can filter them by date using the –since and –until options (this will be covered later).
Recommended by LinkedIn
View Logs for a Specific Service
Often, you’ll need to view logs related to a specific service, such as Apache, Nginx, or MySQL. journalctl allows you to filter logs by service unit using the -u option.
To view logs for a service, run:
journalctl -u <service_name>
For example, to view the logs for the Apache web server (assuming the service name is apache2), run:
journalctl -u apache2
You can also view logs for services across reboots by using the –no-pager flag to prevent pagination:
journalctl -u apache2 --no-pager
This is useful when you need to check logs after the service has restarted.
Filter Logs by Date and Time
journalctl offers powerful time-based filtering, allowing you to specify logs from specific dates or time ranges. The –since and –until options allow you to specify start and end times for the logs you want to view.
For example, to view logs from today:
journalctl --since today
You can also specify a custom date or time range. For instance, to view logs from the last two days:
journalctl --since "2 days ago"
To specify an exact time range, you can use both –since and –until together:
journalctl --since "2025-04-01 00:00:00" --until "2025-04-02 00:00:00"
To specify an exact time range, you can use both –since and –until together:
journalctl --since "2025-04-01 00:00:00" --until "2025-04-02 00:00:00"
This allows you to view logs between two specific dates or times.
Read Full Article: https://serveravatar.com/journalctl-log-management/