journalctl日志工具使用方法
journalctl工具是在centos7之后出现的工具。
在Systemd出现之前,Linux系统及各应用的日志都是分别管理的,Systemd开始统一管理了所有Unit的启动日志,这样带来的好处就是可以只用一个 journalctl命令,查看所有日志(内核日志和 应用日志)。
日志的配置文件/etc/systemd/journald.conf
参数:
-b 查看本次启动的所有日志 或者什么也不加,journalctl
[root@vrgv ~]# journalctl -b
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Feb 18 10:37:48 vrgv systemd-journal[197]: Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G free
Feb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408
Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root
Feb 18 10:37:48 vrgv kernel: Disabled fast string operations
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
-k 查看内核日志
[root@vrgv ~]# journalctl -k
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Feb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408
Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root
Feb 18 10:37:48 vrgv kernel: Disabled fast string operations
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
-u 根据类型查询,如查看docker服务日志journalctl -u docker
[root@vrgv ~]# journalctl -u docker.service
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Feb 18 10:37:59 vrgv systemd[1]: Starting Docker Application Container Engine...
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.798907622+08:00" level=info msg="libcontainerd: started
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.801937970+08:00" level=info msg="parsed scheme: \"unix\"
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.802051497+08:00" level=info msg="scheme \"unix\" not reg
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.806551815+08:00" level=info msg="ccResolverWrapper: send
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.806638857+08:00" level=info msg="ClientConn switching ba
Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.808453873+08:00" l
–since “2017-01-10” --until “2017-01-11 03:00” 查看2017.1.10到2017.1.11 3点的日志,也可简写成-S和-U
[root@vrgv ~]# journalctl -S "2021-03-01 11:00" -U "2021-03-01 12:00"
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Mar 01 11:00:13 vrgv systemd[1]: Starting Cleanup of Temporary Directories...
Mar 01 11:00:13 vrgv systemd[1]: Started Cleanup of Temporary Directories.
Mar 01 11:01:01 vrgv systemd[1]: Started Session 307 of user root.
Mar 01 11:01:01 vrgv CROND[129463]: (root) CMD (run-parts /etc/cron.hourly)
Mar 01 11:01:01 vrgv run-parts(/etc/cron.hourly)[129466]: starting 0anacron
_UID 查看某个用户的日志,如查看postgres用户日志journalctl _UID=1000 (1000是根据命令id -u postgres得到的)
[root@vrgv ~]# id -u postgres
1000
[root@vrgv ~]# journalctl _UID=1000
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Feb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.254 EST [10206] LOG: listening on IPv4 address "0.0.0.0", port
Feb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.254 EST [10206] LOG: listening on IPv6 address "::", port 5432
Feb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.264 EST [10206] LOG: listening on Unix socket "/tmp/.s.PGSQL.5
Feb 18 10:38:00 vrgv pg_ctl[10180]: 2021-02-17 21:38:00.083 EST [10206] LOG: redirecting log output to l
-p 显示特定优先级的信息,从而过滤掉优先级较低的信息
0: emerg 紧急1: alert 警惕2: crit 警示3: err 错误4: warning 警告5: notice 注意,通告6: info 信息7: debug 调试
[root@vrgv ~]# journalctl -p 3 -b
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --
Feb 18 10:37:50 vrgv kernel: sd 2:0:0:0: [sda] Assuming drive cache: write through
Feb 18 10:37:50 vrgv kernel: sd 2:0:1:0: [sdb] Assuming drive cache: write through
Feb 18 10:37:50 vrgv kernel: sd 2:0:2:0: [sdc] Assuming drive cache: write through
Feb 18 10:37:51 vrgv systemd-udevd[5107]: unknown key 'PHYSDEVBUS' in /etc/udev/rules.d/80-hasp.rules:9
Feb 18 10:37:51 vrgv systemd-udevd[5107]: invalid rule '/etc/udev/rules.d/80-hasp.rules:9'
Feb 18 10:37:51 vrgv systemd-udevd[5107]: unknown key 'PHYSDEVBUS' in /etc/udev/rules.d/80-hasp.rules:10
Feb 18 10:37:51 vrgv systemd-udevd[5107]: invalid rule '/etc/udev/rules.d/80-hasp.rules:10'
Feb 18 10:37:52 vrgv kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!
-a 与-p相反,-a代表全部显示
[root@vrgv ~]# journalctl -a
-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 13:01:01 CST. --
Feb 18 10:37:48 vrgv systemd-journal[197]: Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G free
Feb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408
Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root
Feb 18 10:37:48 vrgv kernel: Disabled fast string operations
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
-o 指定日志输出格式,最为常见的格式:-o json-pretty
cat: 只显示信息字段本身。
export: 适合传输或备份的二进制格式。
json: 标准JSON,每行一个条目。
json-pretty: JSON格式,适合人类阅读习惯。
json-sse: JSON格式,经过打包以兼容server-sent事件。
short: 默认syslog类输出格式。
short-iso: 默认格式,强调显示ISO 8601挂钟时间戳。
short-monotonic: 默认格式,提供普通时间戳。
short-precise: 默认格式,提供微秒级精度。
verbose: 显示该条目的全部可用journal字段,包括通常被内部隐藏的字段。
[root@vrgv ~]# journalctl -o json-pretty -b
{"__CURSOR" : "s=fb03d2b00f8e4804ae90d1272f9ac3f2;i=1;b=66afbb5671e04f30b082eed2c2ff5402;m=23a7fc;t=5bb9338a8743e;x=acbe13f9"__REALTIME_TIMESTAMP" : "1613615868703806","__MONOTONIC_TIMESTAMP" : "2336764","_BOOT_ID" : "66afbb5671e04f30b082eed2c2ff5402","PRIORITY" : "6","_TRANSPORT" : "driver","MESSAGE" : "Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G free of 7.7G available \uffffffe2\ufff"MESSAGE_ID" : "ec387f577b844b8fa948f33cad9a75e6","_PID" : "197","_UID" : "0","_GID" : "0","_COMM" : "systemd-journal","_EXE" : "/usr/lib/systemd/systemd-journald","_CMDLINE" : "/usr/lib/systemd/systemd-journald","_CAP_EFFECTIVE" : "25402800cf","_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service","_SYSTEMD_UNIT" : "systemd-journald.service","_SYSTEMD_SLICE" : "system.slice","_MACHINE_ID" : "92dcecad2935477796367be725a6735b","_HOSTNAME" : "vrgv"
}
-f 持续实时输入日志
[root@vrgv ~]# journalctl -fu docker.service
-- Logs begin at Thu 2021-02-18 10:37:48 CST. --
Feb 18 10:38:00 vrgv dockerd[10179]: time="2021-02-18T10:38:00.241741884+08:00" level=info msg="Loading containers: start."
Feb 18 10:38:01 vrgv dockerd[10179]: time="2021-02-18T10:38:01.610646278+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"
Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.143827293+08:00" level=info msg="Loading containers: done."
Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.250503801+08:00" level=info msg="Docker daemon" commit=481bc77 graphdriver(s)=overlay2 version=18.09.6
Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.250847585+08:00" level=info msg="Daemon has completed initialization"
Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.277582884+08:00" level=info msg="API listen on /var/run/docker.sock"
Feb 18 10:38:02 vrgv systemd[1]: Started Docker Application Container Engine.
另外几种查看信息的
查看日志占用磁盘空间大小
[root@k8s-node1 ~]# journalctl --disk-usage
Archived and active journals take up 87.6M on disk.
设置日志占用磁盘空间
[root@k8s-node1 ~]# journalctl --vacuum-size=500M
Vacuuming done, freed 0B of archived journals on disk.
设置日志最长保留时间
month/years
[root@k8s-node1 ~]# journalctl --vacuum-time=1month
Vacuuming done, freed 0B of archived journals on disk.
最后看一下配置文件
[root@k8s-node1 ~]# vim /etc/systemd/journald.conf
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
#
# Entries in this file show the compile time defaults.
# You can change settings by editing this file.
# Defaults can be restored by simply deleting this file.
#
# See journald.conf(5) for details.[Journal]
#Storage=auto
#Compress=yes
#Seal=yes
#SplitMode=uid
#SyncIntervalSec=5m
#RateLimitInterval=30s
#RateLimitBurst=1000
#SystemMaxUse=
#SystemKeepFree=
#SystemMaxFileSize=
#RuntimeMaxUse=
#RuntimeKeepFree=
#RuntimeMaxFileSize=
#MaxRetentionSec=
#MaxFileSec=1month
#ForwardToSyslog=yes
#ForwardToKMsg=no
#ForwardToConsole=no
#ForwardToWall=yes
#TTYPath=/dev/console
#MaxLevelStore=debug
#MaxLevelSyslog=debug
#MaxLevelKMsg=notice
#MaxLevelConsole=info
#MaxLevelWall=emerg
#LineMax=48K
头条号链接:
https://mp.toutiao.com/profile_v4/graphic/preview?pgc_id=6934551004453339661
journalctl日志工具使用方法相关推荐
- journalctl 日志查看方法
1 概述 日志管理工具journalctl是centos7上专有的日志管理工具,该工具是从message这个文件里读取信息.Systemd统一管理所有Unit的启动日志.带来的好处就是,可以只用jo ...
- 细说 Java 主流日志工具库
点击上方"方志朋",选择"设为星标" 做积极的人,而不是积极废人 作者:静默虚空 juejin.im/post/5c8f35bfe51d4545cc650567 ...
- 细说Java主流日志工具库
细说 Java 主流日志工具库 日志框架 java.util.logging (JUL) Log4j Logback Log4j2 Log4j vs Logback vs Log4j2 日志门面 co ...
- Android Studio 单刷《第一行代码》系列 02 —— 日志工具 LogCat
前情提要(Previously) 本系列将使用 Android Studio 将<第一行代码>(书中讲解案例使用Eclipse)刷一遍,旨在为想入坑 Android 开发,并选择 Andr ...
- 服务器接收消息写日志,在Ubuntu 18.04上配置Rsyslog集中式日志服务器的方法
本文介绍在Ubuntu 18.04操作系统上配置Rsyslog集中式日志服务器的方法. 前言 登录任何Linux系统对于分析和排除与系统和应用程序相关的任何问题至关重要,借助Graylog等工具(参考 ...
- mysql事物日志工具_MySQL——常用工具和日志
一.MySql中常用工具 1.1.mysql 该mysql不是指mysql服务,而是指mysql的客户端工具. 语法 : mysql [options] [database] 连接选项 参数 : -u ...
- IOZONE测试工具使用方法(转载)
IOZONE主要用来测试操作系统文件系统性能的测试工具,该工具所测试的范围主要有,write , Re-write, Read, Re-Read, Random Read, Random Write, ...
- linux shell ls -l,linux之ls -l|grep ^-|wc -l命令 Shell 中常見的日志統計方法
轉:http://www.cnblogs.com/senior-engineer/p/6203268.html Shell 中常見的日志統計方法 https://my.oschina.net/wate ...
- Android入门(三) | Android 的日志工具 Logcat
文章目录 日志工具类 android.util.Log Logcat 中的过滤器 日志工具类 android.util.Log Log 从属日志工具类 android.util.Log ,该类提供了五 ...
- 用Oracle归档日志进行恢复方法
用Oracle归档日志进行恢复方法 联机重演日志没有丢失应使用完成恢复,如联机重演日志损坏,而又没有备份,就只能进行不完全恢复. 一.完全恢复: 1.使用命令"svrmgrl"调用 ...
最新文章
- 【组合数学】组合恒等式 ( 变下项求和 3 组合恒等式 | 变下项求和 4 组合恒等式 | 二项式定理 + 求导 证明组合恒等式 | 使用已知组合恒等式证明组合恒等式 )
- 数学公式难懂?动态图片来解答,孩子看一遍秒懂
- 从技术角度分析“抢票软件的加速”,到底有多快?
- JS替换textarea里的回车换行
- 南航计算机考研是自主命题吗_什么是自主计算?
- beetl html 转义,Beetl解决XSS问题
- Linux系统中的远程访问及控制
- 程序员的百宝箱:提升工作效率的七大神器
- repost 从APP工厂到游戏工厂?字节跳动进攻腾讯腹地
- 2020年阿里巴巴校招面试题及答案持续更新中~~~
- 一篇文章让你看懂信息安全领域的巨鳄(小白必看)
- opta球员大数据预测胜负_大数据预测简介及使用流程
- spring boot 中用到的thymeleaf (模板引擎)
- vue+vant+springboot+netty仿照微信聊天和朋友圈
- 有关swin transformer相对位置编码的理解:
- 知乎问题:北京,2017,多少k的java web程序员应该懂多线程和jvm优化?
- poj1094 Sorting It All Out(拓扑排序+传递闭包)
- node.js+Vue计算机毕设项目基于Web的软考题库平台(程序+LW+部署)
- 决策树和期望货币价值
- WIN10 WLAN的适配器驱动程序可能出现问题
热门文章
- 什么是CTI?呼叫中心系统CTI技术的应用
- ps使用仿制图章工具,图案图章工具
- Python-URL编码和URL解码方法
- 【原创】STM32低功耗模式及中断唤醒(基于BMI160及RTC)的研究
- oracle的dbv命令,Oracle的DBV命令行工具用法详解
- 西门子触摸屏程序锁屏V1.0
- 2011年河南省国民经济和社会发展统计公报
- spark机器学习 源码解析及原理分析
- Succinctly 中文系列教程(三)20220109 更新
- 编辑器 的保存怎么绑定事件_小鹿百度编辑器新增小程序URL,抢占百度新流量...