使用journalctl查看systemd日志
source link: https://www.lujun9972.win/blog/2018/08/08/%E4%BD%BF%E7%94%A8journalctl%E6%9F%A5%E7%9C%8Bsystemd%E6%97%A5%E5%BF%97/index.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
systemd-journald.service
systemd本身使用 systemd-journald.service 来提供日志服务.
它默认以二进制的格式将日志文件存在 /var/log/journal/ 目录中.
ls -R /var/log/journal/
/var/log/journal/: c291481e2d9b4024b6315308254f29df remote /var/log/journal/c291481e2d9b4024b6315308254f29df: system@b06763dfb5d9474bbf08a41aafa705db-0000000000000001-00054f69725bd1f4.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000000b4fb-000551d6d83e3bec.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000011330-00055283e814ebff.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000001f0f2-000554ef5835cba3.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000001f26f-000554ef5d159c4d.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000002e434-0005575684e0156a.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000002e59d-0005575694a45c89.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000041f7f-000559d3e2618783.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000420e3-000559d411759d7a.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000053108-00055c3ebcc97ddd.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000053268-00055c3ecdad6b24.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000060b5e-00055ea67129b27f.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000060cc2-00055ea750da7423.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000705c2-0005610bae10254c.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000007f115-000563724facc0ec.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000007f2a6-00056372622f1fb9.journal system@b06763dfb5d9474bbf08a41aafa705db-0000000000089e54-000565e109b67bae.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000008a147-000565e11109f819.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000009d3f5-00056846b7b72568.journal system@b06763dfb5d9474bbf08a41aafa705db-000000000009d6ef-00056846b9dfdae2.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000bee0f-00056a81e6471243.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000d7e23-00056cea54ac049d.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000d7fca-00056cea9d641931.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000f2885-00056f63127cbe97.journal system@b06763dfb5d9474bbf08a41aafa705db-00000000000f2af8-00056f63149c60b5.journal system.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000015b0-00055006ed5dfbb6.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000001132e-00055283e8135caf.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000001f26d-000554ef5d14f66e.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000002e59b-0005575694a3b831.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000420e1-000559d41174fbf8.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-0000000000053266-00055c3ecdacd823.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-0000000000060cc0-00055ea750d9d71f.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000705cb-0005610bbd3f532d.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000007f2a4-00056372622da099.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000008a145-000565e11108ed20.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-000000000009d6ed-00056846b9ddd3d4.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000bfd2c-00056a8255f67694.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000d7fc8-00056cea9d631972.journal user-1000@1f9ca3ee21814314a67d9069a58e7128-00000000000f2af6-00056f63149a9d60.journal user-1000.journal /var/log/journal/remote:
systemd之所以使用二进制来存储日志是因为systemd除了记录日志本身外,还会记录大量的元数据。 这些信息可以方便用户对信息进行过滤和分类,但同时也占用了大量的空间。 有鉴于此,systemd使用二进制格式以节省空间。
journalctl --output=verbose --all |head -n 32
-- Logs begin at Sat 2017-05-13 23:26:32 HKT, end at Wed 2018-08-08 15:38:56 HKT. --
Sat 2017-05-13 23:26:32.333812 HKT [s=b06763dfb5d9474bbf08a41aafa705db;i=1;b=3d88f970ddc247a8bc58bbcf924fb9c5;m=2796ef;t=54f69725bd1f4;x=c397f8de2fb56e8e]
SYSLOG_FACILITY=3
SYSLOG_IDENTIFIER=systemd-journald
_TRANSPORT=driver
PRIORITY=6
MESSAGE=Time spent on flushing to /var is 943us for 0 entries.
_PID=180
_UID=0
_GID=0
_COMM=systemd-journal
_EXE=/usr/lib/systemd/systemd-journald
_CMDLINE=/usr/lib/systemd/systemd-journald
_CAP_EFFECTIVE=25402800cf
_SYSTEMD_CGROUP=/system.slice/systemd-journald.service
_SYSTEMD_UNIT=systemd-journald.service
_SYSTEMD_SLICE=system.slice
_SYSTEMD_INVOCATION_ID=028ad00d541f43b18015d87a4b504133
_BOOT_ID=3d88f970ddc247a8bc58bbcf924fb9c5
_MACHINE_ID=c291481e2d9b4024b6315308254f29df
_HOSTNAME=T520
Sat 2017-05-13 23:26:32.333966 HKT [s=b06763dfb5d9474bbf08a41aafa705db;i=2;b=3d88f970ddc247a8bc58bbcf924fb9c5;m=279788;t=54f69725bd28e;x=ed81c61ce14af023]
_BOOT_ID=3d88f970ddc247a8bc58bbcf924fb9c5
_MACHINE_ID=c291481e2d9b4024b6315308254f29df
_HOSTNAME=T520
_SOURCE_MONOTONIC_TIMESTAMP=0
_TRANSPORT=kernel
PRIORITY=5
SYSLOG_FACILITY=0
SYSLOG_IDENTIFIER=kernel
MESSAGE=Linux version 4.10.13-1-ARCH (builduser@tobias) (gcc version 6.3.1 20170306 (GCC) ) #1 SMP PREEMPT Thu Apr 27 12:15:09 CEST 2017
Sat 2017-05-13 23:26:32.334011 HKT [s=b06763dfb5d9474bbf08a41aafa705db;i=3;b=3d88f970ddc247a8bc58bbcf924fb9c5;m=2797b6;t=54f69725bd2bb;x=e5ad63c3bd76a8fa]
你会看到除了 MESSAGE 这一项是真正的日志消息外,还有大量的其他元数据,比如 SYSLOG_FACILIT, _PID, _UID 等等信息.
此外,你还会发现不同MESSAGE中元数据的数量也是不同的。
配置systemd-journald.service
systemd-journald 的配置文件为 /etc/systemd/journald.conf 中, 通过修改其中的配置信息可以影响其行为:
cat /etc/systemd/journald.conf
# This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version. # # Entries in this file show the compile time defaults. # You can change settings by editing this file. # Defaults can be restored by simply deleting this file. # # See journald.conf(5) for details. [Journal] #Storage=auto #Compress=yes #Seal=yes #SplitMode=uid #SyncIntervalSec=5m #RateLimitIntervalSec=30s #RateLimitBurst=10000 #SystemMaxUse= #SystemKeepFree= #SystemMaxFileSize= #SystemMaxFiles=100 #RuntimeMaxUse= #RuntimeKeepFree= #RuntimeMaxFileSize= #RuntimeMaxFiles=100 #MaxRetentionSec= #MaxFileSec=1month #ForwardToSyslog=no #ForwardToKMsg=no #ForwardToConsole=no #ForwardToWall=yes #TTYPath=/dev/console #MaxLevelStore=debug #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info #MaxLevelWall=emerg #LineMax=48K
Recommend
-
27
systemd journal之于systemd犹如syslog之于init,其日志文件保存在 /var/log/journal 目录下。随着时间的流逝,该目录下会积累大量日志文件,占用不少的磁盘空间。如果硬盘容量较小或...
-
21
Journalctl-mode This is a major-mode for emacs to view systemd’s journalctl output in emacs. The output is split into chunks for performance reasons. Fontification is provided and may be customized. At the moment...
-
13
Exclude lines in less (or journalctl)Skip to main content Exclude lines in less (or journalctl) Published: 23-05-20...
-
10
Tutorial How To Use Journalctl to View and Manipulate Systemd Logs System Tools
-
10
Linux 必知必会:通过不同示例查看和分析 Systemd 日志-51CTO.COM Linux 必知必会:通过不同示例查看和分析 Systemd 日志 作者:聆听世界的鱼 2022-03-21 09:52:44 本指南解释了 Systemd 的 jour...
-
9
systemd journal 之于 systemd 犹如 syslog 之于 init,其日志文件保存在 /var/log/journal 目录下。随着时间的流逝,该目录下会积累大量日志文件,占用不少的磁盘空间。如果硬盘容量较小或可用空...
-
9
systemd是大多数主要Linux发行版的默认的初始化程序。systemd的主要功能之一是它收集日志的方式以及为分析这些日志提供工具。在传统的SysVinit系统中,将日志存储在纯文本文件中的syslog 。读取和分析这些文件需要使用find、grep、cut和许多其他命令。...
-
3
Systemd与journalctl的双剑合璧 2022-10-19 2 分钟阅读 时代已经进化到 systemd 的年代了,service 应该是彻底没有市场了 systemd 的好处是写程序的时候再也不用 fork 甩脱父进程了,日志直接输出终端即可 对 java...
-
8
使用stern查看pod的日志 2022-12-05 17:46:00 kubernetes
-
3
Ubuntu磁盘分析和清理:baobab journalctl 作者:疯狂Lawrence 2023-12-21 13:02:25 这里给大家分享一些 Linux 子系统中的Ubuntu桌面版的磁盘分析和日志清理的经验。 大概也就只有爱折腾的极客们,才敢将...
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK