🖥️journalctl
➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the journalctl command with important options and switches using examples.
3 minute read
▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁
# ██╗ ██████╗ ██╗ ██╗██████╗ ███╗ ██╗ █████╗ ██╗ ██████╗████████╗██╗
# ██║██╔═══██╗██║ ██║██╔══██╗████╗ ██║██╔══██╗██║ ██╔════╝╚══██╔══╝██║
# ██║██║ ██║██║ ██║██████╔╝██╔██╗ ██║███████║██║ ██║ ██║ ██║
# ██ ██║██║ ██║██║ ██║██╔══██╗██║╚██╗██║██╔══██║██║ ██║ ██║ ██║
# ╚█████╔╝╚██████╔╝╚██████╔╝██║ ██║██║ ╚████║██║ ██║███████╗╚██████╗ ██║ ███████╗
# ╚════╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚═╝ ╚═══╝╚═╝ ╚═╝╚══════╝ ╚═════╝ ╚═╝ ╚══════╝
# Actively follow log (like tail -f)
journalctl -f
# Display all errors since last boot
journalctl -b -p err
# Filter by time period
journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"
# Show list of systemd units logged in journal
journalctl -F _SYSTEMD_UNIT
# Filter by specific unit
journalctl -u dbus
# Filter by executable name
journalctl /usr/bin/dbus-daemon
# Filter by PID
journalctl _PID=123
# Filter by Command, e.g., sshd
journalctl _COMM=sshd
# Filter by Command and time period
journalctl _COMM=crond --since '10:00' --until '11:00'
# List all available boots
journalctl --list-boots
# Filter by specific User ID e.g., user id 1000
journalctl _UID=1000
#==============================#
# CMD JOURNALCTL
#==============================##==============================#
journalctl /sbin/dhclient
#
journalctl /dev/sd?
#
journalctl -b
# Get boot information with -b option
journalctl –since=yesterday
# Use anotger filer to get a log view since yesterday
journalctl -u sshd --since=yesterday
# Journald gets its information from systemctl, let us get inofrmation of sshd service
journalctl -u sshd --since=yesterday -o verbose
# To get more detailed infomration use versbose option
journalctl --unit=named --follow
# We can even use systemctl to get detailed information about an service - follow DNS Bind named log - prints and follows the systemd logfile entires for the DNS bind named.service unit (on Arch linux, your distro bind service may have a different name)
journalctl -k
# show kernel messages only
# Retrieve dropped connections from firewalld journaling
journalctl -b | grep -o "PROTO=.*" | sed -r 's/(PROTO|SPT|DPT|LEN)=//g' | awk '{print $1, $3}' | sort | uniq -c
# Explanation: We take the output of journalctl since the last boot (-b flag) and output from PROTO= until the EOL. Then, we remove identification tags (PROTO=/SPT=/DPT=/LEN=) and print just the protocol and destination port (cols 1 and 3). We sort the output properly so we can aggregate them on the call over uniq.
# Limitations:
# Only works on Linux
# You use firewalld and you have logging set on ALL (see firewalld.conf for details)
# You use journald for logging
# Your user has sudo privileges
#==============================##==============================#
# CMD JOURNALCTL
#==============================##==============================#
Cheatsheets are an excellent complement to other information sources like Linux man-pages, Linux help, or How-To’s and tutorials, as they provide compact and easily accessible information. While man-pages and detailed tutorials often contain comprehensive explanations and extensive guides, cheatsheets summarize the most important options forthe command journalctl in a clear format. This allows users to quickly access the needed information for journalctl without having to sift through lengthy texts. Especially in stressful situations or for recurring tasks, cheatsheets for journalctl are a valuable resource to work efficiently and purposefully.
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
█║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌
██╗ ██╗ ██████╗ ██████╗ ██╗ ██╗███████╗██████╗
████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
╚██╔═██╔╝██║ ██║██║ ██║ ╚███╔╝ █████╗ ██║ ██║
████████╗██║ ██║██║ ██║ ██╔██╗ ██╔══╝ ██║ ██║
╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
╚═╝ ╚═╝ ╚═════╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝╚═════╝
█║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.