SystemD – journalctl

傳統的 Linux 日誌檔 可分成兩類 核心日誌 (klogd) & 系統日誌 (syslogd) , 請參考 http://benjr.tw/22756

  • 核心日誌 (klogd)
    主要是儲存系統開機,以及一些核心與硬體溝通時的訊息,核心日誌存放在 /var/log/dmesg 或可使用 #dmesg 指令來查看.
  • 系統日誌 (syslogd),新版為 rsyslog – http://benjr.tw/34103
    開機後的訊息會依據設定檔 /etc/syslog.conf 的規劃來存放,大部分存放在 /var/log/messages.

SystemD 版本的 Linux 則是透過本身的 systemd-journald 來協助記錄系統日誌 (可以透過指令 #journalctl 來檢視).

[root@localhost ~]# pstree | grep -i system
systemd-+-ModemManager---2*[{ModemManager}]
        |-systemd-journal
        |-systemd-logind
        |-systemd-udevd

journalctl 是 systemd 的元件之一,主要負責管理日誌文件,直接執行 #journalctl 其執行結果等同搜尋 /var/log/ 內的資料.指令 #journalctl 還會把日誌檔中錯誤 (error) 等級或是更高級別的行列以紅色顯示,而通知 (notice) 和警告(warning) 等級的行列則是用粗體字體顯示.

不過 journalctl 的日誌檔是儲存在 /run/log/journal (/run 資料夾暫存在記憶體),下次開機就會消失.還是需要透過 rsyslog http://benjr.tw/34103 來儲存長期的系統日誌檔,並透過logrotate 來避免日誌擋過大.

常用的幾個參數

  • -k, –dmesg
    Show only kernel messages.
  • -u, –unit
    Show messages for the specified systemd unit UNIT
    要看服務的狀態訊息,以前必須到 /var/log/ 下去看 syslog 或是其他相對應的 log 在從改成 systemd 之後,我們就可以透過 #systemctl status 來查看目前服務的狀態.

    root@ubuntu:~# systemctl status ssh
    ● ssh.service - OpenBSD Secure Shell server
       Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enab
       Active: active (running) since Wed 2017-04-26 00:11:39 PDT; 27min ago
      Process: 2269 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCES
     Main PID: 932 (sshd)
        Tasks: 1
       Memory: 2.9M
          CPU: 133ms
       CGroup: /system.slice/ssh.service
               └─932 /usr/sbin/sshd -D
    
    Apr 26 00:20:02 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    Apr 26 00:20:02 ubuntu sshd[932]: Received SIGHUP; restarting.
    Apr 26 00:20:02 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
    Apr 26 00:20:02 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:20:02 ubuntu sshd[932]: Server listening on :: port 22.
    Apr 26 00:20:03 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    Apr 26 00:20:03 ubuntu sshd[932]: Received SIGHUP; restarting.
    Apr 26 00:20:03 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
    Apr 26 00:20:03 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:20:03 ubuntu sshd[932]: Server listening on :: port 22.
    

    不過只有最新的資料,如果要看完整的訊息可以透過指令 #journalctl -u
    -u : –unit , Show messages for the specified systemd unit UNIT

    root@ubuntu:~# journalctl -u ssh
    -- Logs begin at Wed 2017-04-26 00:11:34 PDT, end at Wed 2017-04-26 00:45:04 PDT
    Apr 26 00:11:39 ubuntu systemd[1]: Starting OpenBSD Secure Shell server...
    Apr 26 00:11:39 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:11:39 ubuntu sshd[932]: Server listening on :: port 22.
    Apr 26 00:11:39 ubuntu systemd[1]: Started OpenBSD Secure Shell server.
    Apr 26 00:11:41 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    Apr 26 00:11:41 ubuntu sshd[932]: Received SIGHUP; restarting.
    Apr 26 00:11:41 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
    Apr 26 00:11:41 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:11:41 ubuntu sshd[932]: Server listening on :: port 22.
    Apr 26 00:11:42 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    Apr 26 00:11:42 ubuntu sshd[932]: Received SIGHUP; restarting.
    Apr 26 00:11:42 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
    Apr 26 00:11:42 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:11:42 ubuntu sshd[932]: Server listening on :: port 22.
    Apr 26 00:11:43 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    Apr 26 00:11:43 ubuntu sshd[932]: Received SIGHUP; restarting.
    Apr 26 00:11:43 ubuntu systemd[1]: Reloaded OpenBSD Secure Shell server.
    Apr 26 00:11:43 ubuntu sshd[932]: Server listening on 0.0.0.0 port 22.
    Apr 26 00:11:43 ubuntu sshd[932]: Server listening on :: port 22.
    Apr 26 00:11:49 ubuntu sshd[1715]: Accepted password for ben from 172.16.15.1 po
    Apr 26 00:11:49 ubuntu sshd[1715]: pam_unix(sshd:session): session opened for us
    Apr 26 00:20:02 ubuntu systemd[1]: Reloading OpenBSD Secure Shell server.
    lines 1-23
    
  • -f, –follow
    Show only the most recent journal entries, and continuously print new entries as they are appended to the journal.
  • -p, –priority=
    Filter output by message priorities or priority ranges (numeric/text) . “emerg” (0), “alert” (1),”crit” (2), “err” (3), “warning” (4), “notice” (5), “info” (6),”debug” (7).
    透過 journalctl 顯示錯誤等級在 “err” (3) 以上的資料,包含 “emerg” (0), “alert” (1),”crit” (2).

    [root@localhost ~]# journalctl -p 3
    -- Logs begin at 三 2018-06-13 22:05:06 EDT, end at 三 2018-06-13 22:08:39 EDT. --
     6月 13 22:05:07 localhost.localdomain kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
     6月 13 22:05:10 localhost.localdomain kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
     6月 13 22:05:17 localhost.localdomain systemd[1]: Failed to start Crash recovery kernel arming.
     6月 13 22:05:22 localhost.localdomain pulseaudio[1625]: [alsa-sink-ES1371/1] alsa-sink.c: ALSA woke us up to write new data to the device, but there was actually nothing to write.
     6月 13 22:05:22 localhost.localdomain pulseaudio[1625]: [alsa-sink-ES1371/1] alsa-sink.c: Most likely this is a bug in the ALSA driver 'snd_ens1371'. Please report this issue to the ALSA developers.
     6月 13 22:05:22 localhost.localdomain pulseaudio[1625]: [alsa-sink-ES1371/1] alsa-sink.c: We were woken up with POLLOUT set -- however a subsequent snd_pcm_avail() returned 0 or another value < min_avail.
     6月 13 22:05:25 localhost.localdomain spice-vdagent[1688]: Cannot access vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0
    

    下面的指令參數等同.

    [root@localhost ~]# journalctl -p err
    [root@localhost ~]# journalctl --priority=3
    [root@localhost ~]# journalctl --priority=err
    
  • -S, –since=, -U, –until=
    Start showing entries on or newer than the specified date,
    format “2012-10-30 18:17:16” or strings “yesterday”,”today”,”tomorrow”, prefixed with “-” or “+”, referring to times before or after the current time.

    [root@localhost ~]$ journalctl --since="2017-12-18 16:00:00"
    -- Logs begin at 一 2017-12-18 16:11:35 CST, end at 一 2017-12-18 16:16:49 CST. 
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:11:35 localhost.localdomain bluetoothd[675]: Terminating
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:12:09 localhost.localdomain systemd-journald[471]: Received SIGTERM f
    12月 18 16:12:09 localhost.localdomain systemd-journal[2763]: Journal started
    12月 18 16:12:09 localhost.localdomain systemd[1]: Starting Flush Journal to Per
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain systemd[1]: Started Flush Journal to Pers
    12月 18 16:16:49 localhost.localdomain dhclient[862]: DHCPREQUEST on eno16777736
    12月 18 16:16:49 localhost.localdomain dhclient[862]: DHCPACK from 172.16.15.254
    12月 18 16:16:49 localhost.localdomain dhclient[862]: bound to 172.16.15.132 -- 
    12月 18 16:16:49 localhost.localdomain nm-dispatcher[2816]: req:1 'dhcp4-change'
    12月 18 16:16:49 localhost.localdomain nm-dispatcher[2816]: req:1 'dhcp4-change'
    
    [root@localhost ~]$ journalctl --until="2017-12-18 16:16:00"
    -- Logs begin at 一 2017-12-18 16:11:35 CST, end at 一 2017-12-18 16:20:01 CST. 
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:11:35 localhost.localdomain bluetoothd[675]: Terminating
    12月 18 16:11:35 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Registered Authentication A
    12月 18 16:12:09 localhost.localdomain systemd[1]: Starting Flush Journal to Per
    12月 18 16:12:09 localhost.localdomain polkitd[687]: Unregistered Authentication
    12月 18 16:12:09 localhost.localdomain systemd[1]: Started Flush Journal to Pers
    

如果要清除目前 journalctl 的 log ,可以透過下面的方式.

[root@localhost ~]$ find /run/log/journal -name "*.journal" | xargs sudo rm
[root@localhost ~]$ systemctl restart systemd-journald
[root@localhost ~]$ journalctl
-- Logs begin at 一 2017-12-18 16:29:54 CST, end at 一 2017-12-18 16:30:01 CST. --
12月 18 16:29:54 localhost.localdomain polkitd[687]: Registered Authentication Agent for unix-process:3013:153603 (system bus name :1.67 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_TW.UTF-8)
12月 18 16:29:54 localhost.localdomain systemd[1]: Stopping Flush Journal to Persistent Storage...
12月 18 16:29:54 localhost.localdomain systemd-journal[3000]: Journal stopped
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Runtime journal is using 6.1M (max allowed 48.8M, trying to leave 73.2M free of 481.1M available → current limit 48.8M).
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Runtime journal is using 6.1M (max allowed 48.8M, trying to leave 73.2M free of 481.1M available → current limit 48.8M).
12月 18 16:29:54 localhost.localdomain systemd-journald[3000]: Received SIGTERM from PID 1 (systemd).
12月 18 16:29:54 localhost.localdomain systemd-journal[3020]: Journal started
12月 18 16:29:54 localhost.localdomain systemd[1]: Starting Flush Journal to Persistent Storage...
12月 18 16:29:54 localhost.localdomain systemd[1]: Started Flush Journal to Persistent Storage.
12月 18 16:29:54 localhost.localdomain polkitd[687]: Unregistered Authentication Agent for unix-process:3013:153603 
沒有解決問題,試試搜尋本站其他內容

發表迴響

你的電子郵件位址並不會被公開。 必要欄位標記為 *

這個網站採用 Akismet 服務減少垃圾留言。進一步瞭解 Akismet 如何處理網站訪客的留言資料