Working with systemctl and journalctl in Linux
Working with systemctl and journalctl in Linux is essential for managing services in the operating system. This allows system administrators to effectively manage services, monitor their state, and configure autostart at system startup.
Knowledge of these tools is also useful when analyzing system logs to detect errors, track actions, and find information about how services and programs are running in Linux.
Working with systemctl
Systemctl allows you to manage and view OS services, their state, and startup capabilities.
The basic commands are:
| Command | Description |
|---|---|
| systemctl start <service_name> | Start the service |
| systemctl stop <service_name> | Stop the service |
| systemctl restart <service_name> | Restart the service |
| systemctl enable <service_name> | Enable service autorun |
| systemctl disable <service_name> | Disable service autorun |
| systemctl mask <service_name> | Disallow the service from starting |
| systemctl unmask <service_name> | Allow the service from starting |
| systemctl list-units --type=service | Output the list of services in the system |
For example, to start the SSH service, run:
systemctl start sshdExecute these commands with root privileges. To log in as root, use su root.
Working with journalctl
When working with system logs via journalctl, it is useful to know the basic commands for viewing and navigating the output.
By default, journalctl uses the "more" utility to display paginated output, meaning you can control the log view by using the keys to scroll up, down, and execute other control commands.
Here are some basic commands for working with journalctl in the console:
| Command | Description |
|---|---|
| journalctl -u <service_name> | Display all service logs |
| journalctl -f | View the log in real time |
| journalctl --since <date_time> | View the log for a specific period of time since entered date and time |
| journalctl --until <date_time> | View the log for a specific period of time up to entered date and time |
| journalctl -p <0|1|2|3|4|5|6|7> | Display log messages of a certain priority level (from 0 to 7) |
For example, to display all SSH service startup logs:
journalctl -u sshdKeys to navigate through an open journal:
| Keys | Description |
|---|---|
| 🠝 (Up) and 🠟 (Down) keys | Scrolling the journal up and down |
| PgUp and PgDown keys | Page-by-page scrolling the journal up and down |
| Home key | Go to start of the journal |
| End key | Go to end of the journal |
| Q key | Exit the journal view |
Redirecting output and using grep
Besides navigating journalctl output in the console, it is also important to know how to redirect this output to a file for later analysis or saving.
To redirect journalctl output to a file, you can use the > character in the console, for example:
journalctl > journal_log.txtThis command will redirect the journalctl output to a file named journal_log.txt. You can also use the grep utility to filter journalctl output and find specific information.
For example, to find all lines containing information about mysql, you can run the following command:
journalctl | grep "mysql".Saving the log after a reboot
By default, system logs are not saved after a reboot.
To save them, you need to change «Storage» to «persistent» in the configuration file /etc/systemd/journald.conf:
Storage=persistentLimiting the size of the journal
You can also limit the size of the journal by using the SystemMaxUse parameter in the configuration file /etc/systemd/journald.conf.
For example, to limit the journal size to 1GB, change the value of the SystemMaxUse parameter to 1G:
SystemMaxUse=1GAfter making the changes, you must restart the journald service:
systemctl restart systemd-journald
The systemctl and journalctl utilities are powerful tools for managing services and analyzing logs in Linux.
They allow you to effectively monitor processes and analyze system events.