September 19, 2025
 |  No Comments

journalctl is a command-line tool used to view and query the event logs generated by the systemd logging system, known as the Journal.

journalctl has replaced the traditional syslog system.

Systemd-journald is the systemd component responsible for log management. This service replaced the traditional syslog daemon (such as rsyslogd). To view the logs collected by systemd-journald, use the journalctl command.

The systemd “Journal” unifies all logs from different sources (the kernel, system services, scripts, etc.) into a single, centralized binary database.

journalctl is the primary tool for interacting with that log database.

It is mainly used for:

  • Troubleshooting: Essential for finding errors, system failures, or the reason why a service is not starting correctly.
  • Real-time monitoring: You can view logs as they are generated, which is very useful for debugging a problem live.
  • Filtering Information: Instead of reading a giant text file, journalctl allows you to filter logs by service, date, priority (errors, warnings, etc.), or system startup.

journalctl is a command-line tool used to view and manage system logs on Linux distributions that use systemd.

Unlike older text-based log files, such as those found in /var/log, systemd logs are stored in a centralized binary format, making them faster to search and filter.

journalctl acts as the interface to query systemd’s “journal”, which collects messages from various sources, including the kernel, system services, applications, and systemd itself.

journalctl commands

journalctl

Displays all journal content in reverse chronological order (newest at the end), paginated.

journalctl -f

“Follow” the logs in real time
This is very useful for monitoring what’s happening in the system live.

journalctl -u service_name.service

Example: journalctl -u apache2.service to view Apache service logs.

journalctl -b

Displays logs only from the current system boot. You can use -b -1 to view logs from the previous boot, -b -2 to view logs from two previous boots, and so on.

 journalctl --since "YYYY-MM-DD HH:MM:SS" --until "YYYY-MM-DD HH:MM:SS"

Example: journalctl –since “2025-09-15 12:00:00” to view logs since noon today.

journalctl -p err

Filter logs by priority level. Priority levels include:

  • emerg (0)
  • alert (1)
  • crit (2)
  • err (3)
  • warning (4)
  • notice (5)
  • info (6)
  • debug (7)

Example: journalctl -p err -b to see errors from the last boot.

journalctl -k

Displays only kernel messages.

Post Views: 24
Tags: , , , , , ,