1 00:00:06,559 --> 00:00:09,679 All right, let's talk about journalctl and how to work with it. 2 00:00:10,349 --> 00:00:13,410 So in journalctl there is different commands that are available. 3 00:00:14,029 --> 00:00:17,574 If you just type journalctl, you get the complete journal 4 00:00:17,574 --> 00:00:21,120 and you can use spacebar to scroll through it. 5 00:00:21,699 --> 00:00:27,436 It's opening in a less pager. So if you know how to work with less, you know 6 00:00:27,436 --> 00:00:33,173 how to work with the journal. CTL output journalctl u allows you to find information about specific 7 00:00:33,173 --> 00:00:38,909 units, and you can use tab completion for more information about units that are available. 8 00:00:39,469 --> 00:00:43,269 Journalctl dmessage is an alternative for the old dmessage 9 00:00:43,269 --> 00:00:47,069 command and it will show you kernel messages. 10 00:00:47,869 --> 00:00:54,380 You can also combine filters like journalctl u cron d since yesterday until 9 11 00:00:54,380 --> 00:01:00,890 pinfo, which has a time range and then a new option b for priority, 12 00:01:00,890 --> 00:01:07,400 the priority info that will basically show you anything that has been logged. 13 00:01:08,079 --> 00:01:13,823 Not the most useful thing to try, but if you want to try the command and see 14 00:01:13,823 --> 00:01:19,566 that it works, binfo increases the chance that you will actually see something in real life. Probably 15 00:01:19,566 --> 00:01:25,310 you want to do journalctl ber for the priority error, because that is what really matters. 16 00:01:26,000 --> 00:01:31,900 Now there is one challenge in the journal D and that is that the systemd journal by default is not persistent. 17 00:01:33,379 --> 00:01:39,534 But fortunately most Linux distributions have the option storage is auto in etcsystemd journald.com 18 00:01:39,534 --> 00:01:45,689 and this setting makes that if a directory var log journal is created, the 19 00:01:45,689 --> 00:01:51,844 journal will be saved persistently. But you will need to use systemctl start journal 20 00:01:51,844 --> 00:01:58,000 flush to make the persistent log effective without a need to reboot. 21 00:01:59,000 --> 00:01:59,599 Let me show you. 22 00:02:00,420 --> 00:02:05,000 Okay, so let me do all of this from root shell using sudo I. 23 00:02:06,180 --> 00:02:11,605 Because journalctl does require super user powers. If I just type journalctl it 24 00:02:11,605 --> 00:02:17,030 shows from the start and I can use spacebar to move forward. 25 00:02:17,550 --> 00:02:21,699 And there's a lot of lines using uppercase g. You can see we have about 70,000 lines in total. 26 00:02:24,599 --> 00:02:31,139 Now that requires some filtering. So let's do a journalctl u tab tab oh 27 00:02:31,139 --> 00:02:37,679 boy, all 790 possibilities. Yeah, you can easily filter on that. And if you 28 00:02:37,680 --> 00:02:44,219 already know what you want to do, then look for that like USSHD service. 29 00:02:47,199 --> 00:02:52,636 Then if I use journalctl d message and it's more focused and we 30 00:02:52,636 --> 00:02:58,073 see kernel related messages, that is what you want to do to troubleshoot 31 00:02:58,073 --> 00:03:03,509 on features that relate to the kernel and not to specific services. 32 00:03:05,590 --> 00:03:11,324 You can do this filtering journalctl U why not Cron 33 00:03:11,324 --> 00:03:17,058 d since yesterday and until until now in p info 34 00:03:17,057 --> 00:03:22,792 and oh boy, we don't see any entries. Well, that's 35 00:03:22,792 --> 00:03:28,526 possible because of the time filtering and maybe nothing has 36 00:03:28,525 --> 00:03:34,259 been logged between yesterday and now. 37 00:03:35,240 --> 00:03:40,379 Let me just do the P info and there you can see a lot of messages that have been logged. 38 00:03:41,180 --> 00:03:45,983 Now as I mentioned, the P info is not really what you 39 00:03:45,983 --> 00:03:50,786 should be interested in, but journalctl will show error messages only, and 40 00:03:50,786 --> 00:03:55,590 that might really help you in troubleshooting what is going on. 41 00:03:56,389 --> 00:04:01,240 Now one more thing I would like to show you, and that 42 00:04:01,240 --> 00:04:06,090 is journalctlxb b is for the bootlog and X is for explanation. 43 00:04:07,150 --> 00:04:12,149 The result of this explanation is that where possible you will get some lines 44 00:04:12,149 --> 00:04:17,149 in green that are adding an explanation telling you what exactly is going wrong. 45 00:04:17,920 --> 00:04:22,829 And these were the most common commands that people normally use in journal CTL.