Managing Logs on Debian Using journalctl

Using Debian system to view various logs, filter them, and perform advanced operations. This guide includes specific examples for viewing logs from different services and limiting the log output.

Basic journalctl Commands

1. View All Logs: journalctl
   • This command shows all logs in chronological order. It’s the most basic usage of journalctl.
2. View Logs Without Pager: journalctl --no-pager
   • Displays logs directly on the screen without using a pager like less, making it easier to process large outputs.
3. View Logs in Real-Time: journalctl -f
   • This command is similar to tail -f and lets you monitor logs as they are being written.

Filtering Logs by Specific Criteria

4. Filter by Unit: journalctl -u <unit>
   • To see logs for a specific systemd unit, for example, journalctl -u nginx.service.
5. Filter by Boot: journalctl -b <boot_id>
   • Use journalctl --list-boots to list boot IDs and journalctl -b <boot_id> to view logs from a specific boot.
6. Filter by Time: journalctl --since=<timestamp>
   • Shows logs since a specific timestamp. For example, journalctl --since "2024-11-01".
7. Filter by Severity: journalctl -p <priority>
   • Filters logs by priority level. For example, journalctl -p 3 to display errors.

Viewing Specific Log Files

8. Nginx Logs: journalctl -u nginx.service
   • Shows logs for the Nginx web server.
9. Apache Logs: journalctl -u apache2.service
   • Displays logs for the Apache web server.
10. Kernel Logs: journalctl -k
    • Filters and shows only kernel-related messages.
11. Debug Logs: journalctl -p debug
    • Displays logs with debug priority.
12. Notice and Warning Logs: journalctl -p notice..warning
    • Filters logs from notice to warning levels.
13. Iptables Logs: journalctl -u iptables.service
    • Displays logs for the iptables firewall service.
14. IP6tables Logs: journalctl -u ip6tables.service
    • Shows logs for the IP6tables service.
15. MySQL/MariaDB Logs: journalctl -u mysql.service or journalctl -u mariadb.service
    • Displays logs for MySQL or MariaDB databases.
16. Named (BIND) Logs: journalctl -u named.service
    • Shows logs for the BIND (named) DNS server.
17. SSH Logs: journalctl -u ssh.service
    • Displays logs for the SSH service.
18. System.slice Logs: journalctl -t systemd
    • Shows logs related to systemd slices.
19. Systemd-networkd.service Logs: journalctl -u systemd-networkd.service
    • Displays logs for systemd’s network management service.

Limiting Log Output

20. Limit to Latest 50 Entries: journalctl -n 50
    • Displays the last 50 log entries.
21. Limit to Latest 100 Entries: journalctl -n 100
    • Shows the last 100 log entries.

Combining Filters

You can combine different filters to narrow down your logs. For example, to view the latest 100 logs for Nginx since a specific date, you can use:

journalctl -u nginx.service --since "2024-11-01" -n 100

Example Usage

• View Nginx Logs: journalctl -u nginx.service
• View Apache Logs Since a Specific Date: journalctl -u apache2.service --since "2024-11-01"
• View Kernel Logs with Error Priority: journalctl -k -p 3
• View Latest 50 MySQL Logs: journalctl -u mysql.service -n 50

Viewing Logs for Specific Services with Custom Filters

For deeper insights, you can use specific fields to get logs. For example:

journalctl -u systemd-networkd.service --since "2024-11-01" -p warning

In summary, journalctl is an incredibly powerful tool for managing and viewing logs on Debian. It offers extensive filtering and searching capabilities, making it easier to diagnose and troubleshoot system issues. By combining different commands and filters, you can tailor the log outputs to suit your specific needs.