How To Manage Logs Systemd Events with Journalctl on Linux

All the steps to know how to manage Logs Systemd events with Journalctl Linux

Systemd is present in most Linux distros such as Fedora, Debian, Ubuntu, OpenSuSE, Arch, RHEL, CentOS a, d others.

With Systemd we have the option of centrally managing all the services and processes of the system. For this tutorial, we will use CentOS 7.

Configure Journald to collect Systemd Logs

Basically journald is responsible for collecting and writing daily operating system entries such as startup messages, kernel messages, syslog messages, application records, among others.

All Journald information is hosted on the path /etc/systemd/journald.conf and the values recorded there meet local system requirements.

A simple way to visualize the content of this route is to execute the following line with the cat parameter:

cat /etc/systemd/journald.conf

Enable Journal of Disk Storage

Most Linux distributions do not allow persistent messages to be stored in your boot system to collect the boot information.

To enable this, it will be necessary to access the path /var/log/journal and there to edit the Storage line. To access there we will use editors such as nano or vi as follows:

sudo vi /etc/systemd/journald.conf

sudo nano /etc/systemd/journald.conf

There we will modify the Storage line from the auto value to the persistent value:

Save ChangesSave the changes using the Ctrl + O keys and exit the editor using Ctrl + X.

To get detailed information on each of the elements of Journal, we can execute the following line:

man journald.conf

Setting Date & Time using Timedatectl

This aspect is important since having a correct configuration of the date and time the records will be much more reliable and accurate.

To visualize the current date and time, we will execute one of the following lines:


timedatectl status

The result will be the following:

In case of configuring a different time zone we will execute the following syntax:

sudo timedatectl set-timezone (City/Country)

sudo timedatectl set-time “HH:MM:SS”

View Messages From the Logs using Journalctl

The journalctl command is a utility included in Linux that allows us to see the content of systemd. To display all the records without filtering, we will execute the following line:


Now the following are the filters that we can use with Journalctl:

Filters based on boot

This filter allows us to display the start numbers, their ID, their time stamps, among other values.
For this we will use the –list-boots parameter:

journalctl --list-boots

If we want to see the records from the current boot, we will use the following line:

journalctl -b

To see previous records we will use the following line:

journalctl -b -1

Filters based on time

With this filter we can use the UTC (Coordinated Universal Time) format using the -utc parameter:

journalctl –utc

See the most recent events

The default value to use Journalctl is 10 records, but if we use the -n parameter, we can indicate a smaller or larger quantity.

journalctl -n 5

See events generated by the kernel

To visualize the messages generated by the kernel we will use the -k parameter as follows:

journalctl -k

In this way, Journalctl offers multiple practical solutions to carry out this task.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *