1,563 瀏覽數

SystemD – journalctl

以前要看服務的狀態訊息需要到 /var/log/ 下去看 syslog 或是其他相對應的 log 在從改成 systemd 之後,我們就可以透過 #systemctl status 來查看目前服務的狀態.

root@ubuntu:~# systemctl status ssh
● ssh.service - OpenBSD Secure Shell server
   Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
   Active: active (running) since Wed 2017-04-26 00:11:39 PDT; 27min ago
  Process: 2269 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES
 Main PID: 932 (sshd)
    Tasks: 1
   Memory: 2.9M
      CPU: 133ms
   CGroup: /system.slice/ssh.service
           └─932 /usr/sbin/sshd -D

Apr 26 00:20:02 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 26 00:20:02 ubuntu sshd[932]: Received SIGHUP; restarting.
Apr 26 00:20:02 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 26 00:20:02 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:20:02 ubuntu sshd[932]: Server listening on :: port 22.
Apr 26 00:20:03 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 26 00:20:03 ubuntu sshd[932]: Received SIGHUP; restarting.
Apr 26 00:20:03 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 26 00:20:03 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:20:03 ubuntu sshd[932]: Server listening on :: port 22.

不過只有最新的資料,如果要看完整的訊息可以透過指令 #journalctl -u
-u : –unit , Show messages for the specified systemd unit UNIT

root@ubuntu:~# journalctl -u ssh
-- Logs begin at Wed 2017-04-26 00:11:34 PDT, end at Wed 2017-04-26 00:45:04 PDT
Apr 26 00:11:39 ubuntu systemd[1]: Starting OpenBSD Secure Shell server...
Apr 26 00:11:39 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:11:39 ubuntu sshd[932]: Server listening on :: port 22.
Apr 26 00:11:39 ubuntu systemd[1]: Started OpenBSD Secure Shell server.
Apr 26 00:11:41 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 26 00:11:41 ubuntu sshd[932]: Received SIGHUP; restarting.
Apr 26 00:11:41 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 26 00:11:41 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:11:41 ubuntu sshd[932]: Server listening on :: port 22.
Apr 26 00:11:42 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 26 00:11:42 ubuntu sshd[932]: Received SIGHUP; restarting.
Apr 26 00:11:42 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 26 00:11:42 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:11:42 ubuntu sshd[932]: Server listening on :: port 22.
Apr 26 00:11:43 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
Apr 26 00:11:43 ubuntu sshd[932]: Received SIGHUP; restarting.
Apr 26 00:11:43 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
Apr 26 00:11:43 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
Apr 26 00:11:43 ubuntu sshd[932]: Server listening on :: port 22.
Apr 26 00:11:49 ubuntu sshd[1715]: Accepted password for ben from 172.16.15.1 po
Apr 26 00:11:49 ubuntu sshd[1715]: pam_unix(sshd:session): session opened for us
Apr 26 00:20:02 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
lines 1-23

journalctl 是 systemd 的元件之一,主要負責管理日誌文件,直接執行 #journalctl 其執行結果等同搜尋 /var/log/ 內的資料.指令 #journalctl 還會把日誌檔中錯誤 (error) 等級或是更高級別的行列以紅色顯示,而通知 (notice) 和警告(warning) 等級的行列則是用粗體字體顯示.

不過 journalctl 的日誌檔是儲存在 /run/log/journal (/run 資料夾暫存在記憶體),下次開機就會消失.還是需要透過 rsyslog http://benjr.tw/34103 來儲存長期的系統日誌檔.

常用的幾個參數

  • -k, –dmesg
    Show only kernel messages.
  • -u, –unit
    Show messages for the specified systemd unit UNIT
  • -f, –follow
    Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.
  • -p, –priority=
    Filter output by message priorities or priority ranges (numeric/text) . “emerg” (0), “alert” (1),”crit” (2), “err” (3), “warning” (4), “notice” (5), “info” (6),”debug” (7).
  • -S, –since=, -U, –until=
    Start showing entries on or newer than the specified date,
    format “2012-10-30 18:17:16” or strings “yesterday”,”today”,”tomorrow”, prefixed with “-” or “+”, referring to times before or after the current time.

    [root@localhost ~]$ journalctl --since="2017-12-18 16:00:00"
    -- Logs begin at 一 2017-12-18 16:11:35 CST, end at 一 2017-12-18 16:16:49 CST. 
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:11:35 localhost.localdomain bluetoothd[675]: Terminating
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:12:09 localhost.localdomain systemd-journald[471]: Received SIGTERM f
    12月 18 16:12:09 localhost.localdomain systemd-journal[2763]: Journal started
    12月 18 16:12:09 localhost.localdomain systemd[1]: Starting Flush Journal to Per
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain systemd[1]: Started Flush Journal to Pers
    12月 18 16:16:49 localhost.localdomain dhclient[862]: DHCPREQUEST on eno16777736
    12月 18 16:16:49 localhost.localdomain dhclient[862]: DHCPACK from 172.16.15.254
    12月 18 16:16:49 localhost.localdomain dhclient[862]: bound to 172.16.15.132 -- 
    12月 18 16:16:49 localhost.localdomain nm-dispatcher[2816]: req:1 'dhcp4-change'
    12月 18 16:16:49 localhost.localdomain nm-dispatcher[2816]: req:1 'dhcp4-change'
    
    [root@localhost ~]$ journalctl --until="2017-12-18 16:16:00"
    -- Logs begin at 一 2017-12-18 16:11:35 CST, end at 一 2017-12-18 16:20:01 CST. 
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:11:35 localhost.localdomain bluetoothd[675]: Terminating
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:12:09 localhost.localdomain systemd[1]: Starting Flush Journal to Per
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain systemd[1]: Started Flush Journal to Pers
    

如果要清除目前 journalctl 的 log ,可以透過下面的方式.

[root@localhost ~]$ find /run/log/journal -name "*.journal" | xargs sudo rm
[root@localhost ~]$ systemctl restart systemd-journald
[root@localhost ~]$ journalctl
-- Logs begin at 一 2017-12-18 16:29:54 CST, end at 一 2017-12-18 16:30:01 CST. --
12月 18 16:29:54 localhost.localdomain polkitd[687]: Registered Authentication Agent for unix-process:3013:153603 (system bus name :1.67 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_TW.UTF-8)
12月 18 16:29:54 localhost.localdomain systemd[1]: Stopping Flush Journal to Persistent Storage...
12月 18 16:29:54 localhost.localdomain systemd-journal[3000]: Journal stopped
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Runtime journal is using 6.1M (max allowed 48.8M, trying to leave 73.2M free of 481.1M available → current limit 48.8M).
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Runtime journal is using 6.1M (max allowed 48.8M, trying to leave 73.2M free of 481.1M available → current limit 48.8M).
12月 18 16:29:54 localhost.localdomain systemd-journald[3000]: Received SIGTERM from PID 1 (systemd).
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Journal started
12月 18 16:29:54 localhost.localdomain systemd[1]: Starting Flush Journal to Persistent Storage...
12月 18 16:29:54 localhost.localdomain systemd[1]: Started Flush Journal to Persistent Storage.
12月 18 16:29:54 localhost.localdomain polkitd[687]: Unregistered Authentication Agent for unix-process:3013:153603 

發表迴響