🖥️journalctl

➡️This is a command-line reference manual for commands and command combinations that you don’t use often enough to remember it. This cheatsheet explains the journalctl command with important options and switches using examples.

▁ ▂ ▃ ▄ ꧁ 🔴☠ COMMANDLINE-KUNGFU WITH CHEATSHEETS ☠🔴꧂▅ ▃ ▂ ▁

#                     ██╗ ██████╗ ██╗   ██╗██████╗ ███╗   ██╗ █████╗ ██╗      ██████╗████████╗██╗     
#                     ██║██╔═══██╗██║   ██║██╔══██╗████╗  ██║██╔══██╗██║     ██╔════╝╚══██╔══╝██║     
#                     ██║██║   ██║██║   ██║██████╔╝██╔██╗ ██║███████║██║     ██║        ██║   ██║     
#                ██   ██║██║   ██║██║   ██║██╔══██╗██║╚██╗██║██╔══██║██║     ██║        ██║   ██║     
#                ╚█████╔╝╚██████╔╝╚██████╔╝██║  ██║██║ ╚████║██║  ██║███████╗╚██████╗   ██║   ███████╗
#                 ╚════╝  ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚═╝  ╚═══╝╚═╝  ╚═╝╚══════╝ ╚═════╝   ╚═╝   ╚══════╝
                                                                                                     
                                                                                                     
                                                                                                     
                                                                                                    
# Actively follow log (like tail -f)
journalctl -f

# Display all errors since last boot
journalctl -b -p err

# Filter by time period
journalctl --since=2012-10-15 --until="2011-10-16 23:59:59"

# Show list of systemd units logged in journal
journalctl -F _SYSTEMD_UNIT

# Filter by specific unit
journalctl -u dbus

# Filter by executable name
journalctl /usr/bin/dbus-daemon

# Filter by PID
journalctl _PID=123

# Filter by Command, e.g., sshd
journalctl _COMM=sshd

# Filter by Command and time period
journalctl _COMM=crond --since '10:00' --until '11:00'

# List all available boots 
journalctl --list-boots

# Filter by specific User ID e.g., user id 1000 
journalctl _UID=1000

#==============================#
# CMD JOURNALCTL
#==============================##==============================#
journalctl /sbin/dhclient
#

journalctl /dev/sd?
#

journalctl -b
# Get boot information with -b option

journalctl –since=yesterday
# Use anotger filer to get a log view since yesterday

journalctl -u sshd --since=yesterday  
# Journald gets its information from systemctl, let us get inofrmation of sshd service

journalctl -u sshd --since=yesterday -o verbose
# To get more detailed infomration use versbose option

journalctl --unit=named --follow
# We can even use systemctl to get detailed information about an service - follow DNS Bind named log - prints and follows the systemd logfile entires for the DNS bind named.service unit (on Arch linux, your distro bind service may have a different name)

journalctl -k
# show kernel messages only

# Retrieve dropped connections from firewalld journaling
journalctl -b | grep -o "PROTO=.*" | sed -r 's/(PROTO|SPT|DPT|LEN)=//g' | awk '{print $1, $3}' | sort | uniq -c
# Explanation: We take the output of journalctl since the last boot (-b flag) and output from PROTO= until the EOL. Then, we remove identification tags (PROTO=/SPT=/DPT=/LEN=) and print just the protocol and destination port (cols 1 and 3). We sort the output properly so we can aggregate them on the call over uniq.
# Limitations: 
    # Only works on Linux
    # You use firewalld and you have logging set on ALL (see firewalld.conf for details)
    # You use journald for logging
    # Your user has sudo privileges

#==============================##==============================#
# CMD JOURNALCTL
#==============================##==============================#
░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░

  █║▌│║█║▌★ KALI ★ PARROT ★ DEBIAN 🔴 PENTESTING ★ HACKING ★ █║▌│║█║▌

              ██╗ ██╗ ██████╗  ██████╗ ██╗  ██╗███████╗██████╗
             ████████╗██╔══██╗██╔═══██╗╚██╗██╔╝██╔════╝██╔══██╗
             ╚██╔═██╔╝██║  ██║██║   ██║ ╚███╔╝ █████╗  ██║  ██║
             ████████╗██║  ██║██║   ██║ ██╔██╗ ██╔══╝  ██║  ██║
             ╚██╔═██╔╝██████╔╝╚██████╔╝██╔╝ ██╗███████╗██████╔╝
              ╚═╝ ╚═╝ ╚═════╝  ╚═════╝ ╚═╝  ╚═╝╚══════╝╚═════╝

               █║▌│║█║▌ WITH COMMANDLINE-KUNGFU POWER █║▌│║█║▌

░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░