journalctl 工具使用

在Systemd出现之前,Linux系统及各应用的日志都是分别管理的,Systemd开始统一管理了所有Unit的启动日志,这样带来的好处就是可以只用一个 journalctl命令,查看所有内核和应用的日志。

journalctl 常用命令介绍

[root@node01 ~]# journalctl --help
journalctl [OPTIONS...] [MATCHES...]

Query the journal.

Flags:
     --system              Show the system journal
     --user                Show the user journal for the current user
  -M --machine=CONTAINER   Operate on local container
  -S --since=DATE          Show entries not older than the specified date
  -U --until=DATE          Show entries not newer than the specified date
  -c --cursor=CURSOR       Show entries starting at the specified cursor
     --after-cursor=CURSOR Show entries after the specified cursor
     --show-cursor         Print the cursor after all the entries
  -b --boot[=ID]           Show current boot or the specified boot
     --list-boots          Show terse information about recorded boots
  -k --dmesg               Show kernel message log from the current boot
  -u --unit=UNIT           Show logs from the specified unit
  -t --identifier=STRING   Show entries with the specified syslog identifier
  -p --priority=RANGE      Show entries with the specified priority
  -e --pager-end           Immediately jump to the end in the pager
  -f --follow              Follow the journal
  -n --lines[=INTEGER]     Number of journal entries to show
     --no-tail             Show all lines, even in follow mode
  -r --reverse             Show the newest entries first
  -o --output=STRING       Change journal output mode (short, short-iso,
                                   short-precise, short-monotonic, verbose,
                                   export, json, json-pretty, json-sse, cat)
     --utc                 Express time in Coordinated Universal Time (UTC)
  -x --catalog             Add message explanations where available
     --no-full             Ellipsize fields
  -a --all                 Show all fields, including long and unprintable
  -q --quiet               Do not show privilege warning
     --no-pager            Do not pipe output into a pager
  -m --merge               Show entries from all available journals
  -D --directory=PATH      Show journal files from directory
     --file=PATH           Show journal file
     --root=ROOT           Operate on catalog files underneath the root ROOT
     --interval=TIME       Time interval for changing the FSS sealing key
     --verify-key=KEY      Specify FSS verification key
     --force               Override of the FSS key pair with --setup-keys

Commands:
  -h --help                Show this help text
     --version             Show package version
  -F --field=FIELD         List all values that a specified field takes
     --new-id128           Generate a new 128-bit ID
     --disk-usage          Show total disk usage of all journal files
     --vacuum-size=BYTES   Reduce disk usage below specified size
     --vacuum-time=TIME    Remove journal files older than specified date
     --flush               Flush all journal data from /run into /var
     --header              Show journal header information
     --list-catalog        Show all message IDs in the catalog
     --dump-catalog        Show entries in the message catalog
     --update-catalog      Update the message catalog database
     --setup-keys          Generate a new FSS key pair
     --verify              Verify journal file consistency

 

示例:获取指定服务的日志

[root@node01 ~]# journalctl -u docker
-- Logs begin at Sat 2019-04-13 05:07:54 EDT, end at Mon 2019-04-22 05:41:57 EDT. --
Apr 21 23:54:30 node01 dockerd[8836]: time="2019-04-21T23:54:30.299737884-04:00" level=error msg="stream copy error: reading from a closed fifo"
Apr 21 23:54:30 node01 dockerd[8836]: time="2019-04-21T23:54:30.300315300-04:00" level=error msg="stream copy error: reading from a closed fifo"
Apr 21 23:54:30 node01 dockerd[8836]: time="2019-04-21T23:54:30.355290303-04:00" level=error msg="Error running exec 681ea1cbeec4763247ef45b32f40531da1d41939185c642879638caf5eb9b8f1 in containe
Apr 22 00:26:21 node01 dockerd[8836]: time="2019-04-22T00:26:21-04:00" level=error msg="stat cgroup 547883cdbd575ee45bd9827b5764ccb65038797f90e769f928d9d01ea1a3464e" error="cgroups: cgroup dele
Apr 22 00:26:21 node01 dockerd[8836]: time="2019-04-22T00:26:21-04:00" level=info msg="shim reaped" id=547883cdbd575ee45bd9827b5764ccb65038797f90e769f928d9d01ea1a3464e
Apr 22 00:26:21 node01 dockerd[8836]: time="2019-04-22T00:26:21.158805497-04:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete
Apr 22 00:26:21 node01 dockerd[8836]: time="2019-04-22T00:26:21-04:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/4bbc13693fd1813f18fb8592b5e09037120f39
Apr 22 00:26:22 node01 dockerd[8836]: time="2019-04-22T00:26:21-04:00" level=error msg="stat cgroup 850ba380dfee8a56fa2fbc41398773dc06f20341a999d64c1d42e837caff0a4a" error="cgroups: cgroup dele
Apr 22 00:26:22 node01 dockerd[8836]: time="2019-04-22T00:26:22-04:00" level=info msg="shim reaped" id=850ba380dfee8a56fa2fbc41398773dc06f20341a999d64c1d42e837caff0a4a
Apr 22 00:26:22 node01 dockerd[8836]: time="2019-04-22T00:26:22.139834802-04:00" level=info msg="ignoring event" module=libcontainerd namespace=moby topic=/tasks/delete type="*events.TaskDelete
Apr 22 00:26:22 node01 dockerd[8836]: time="2019-04-22T00:26:22-04:00" level=info msg="shim docker-containerd-shim started" address="/containerd-shim/moby/e4b3b9b34746daa91d9e4a102795ff6255436f
Apr 22 05:33:01 node01 dockerd[8836]: time="2019-04-22T05:33:01.971922138-04:00" level=error msg="stream copy error: reading from a closed fifo"
Apr 22 05:33:01 node01 dockerd[8836]: time="2019-04-22T05:33:01.972808195-04:00" level=error msg="stream copy error: reading from a closed fifo"
Apr 22 05:33:02 node01 dockerd[8836]: time="2019-04-22T05:33:02.052711667-04:00" level=error msg="Error running exec 4ece50903e2b1a1b003c80be5b141a0e22ab9fdc140b608d676a55a0917deb23 in containe
lines 1-15/15 (END)

 

转载于:https://www.cnblogs.com/vincenshen/p/10751566.html

你可能感兴趣的:(journalctl 工具使用)