Chris's Wiki :: blog/linux/JournalctlShowOneUnit Commentshttps://utcc.utoronto.ca/~cks/space/blog/linux/JournalctlShowOneUnit?atomcommentsDWiki2021-08-06T19:45:20ZRecent comments in Chris's Wiki :: blog/linux/JournalctlShowOneUnit.From 193.219.181.219 on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:bcf2b857a4dca0acb30bb437551e1b5d69148c78From 193.219.181.219<div class="wikitext"><p>Hmm, speaking of kind of neat things in journalctl... Messages about core dumps logged by systemd contain quite a few metadata fields, most of which are pretty-printed by <code>coredumpctl info</code>, but there are also some raw values which aren't shown anywhere at all (that I know of).</p>
<p>For example, <code>journalctl -n 1 -o verbose MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1</code> (which is the ID for "core dump" messages) will reveal the entire contents of <code>/proc/<pid>/status</code>, <code>/proc/<pid>/maps</code>, resource limits, environment variables, mount table, open FDs at time of dump. There might be a day when this reveals something useful.</p>
</div>2021-08-06T19:45:20ZFrom 193.219.181.219 on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:9a3ab75e02eec47224d521908dfa4cf8a21973e4From 193.219.181.219<div class="wikitext"><p>journalctl will automatically add <code>.service</code> as needed, like systemctl does, so <code>journalctl -fu dhcpd</code> or <code>journalctl -u rsyslogd -S -2d</code> will do. (I didn't know that "-2d" was valid and always used "--since=2\ days\ ago".)</p>
<p>There's no built-in command for "unit of this PID" that I've found. I was hoping that <code>systemctl show -P Id $pid</code> would work, but rather surprisingly, it treats numeric values as <em>job</em> IDs, rather than process IDs...</p>
<p>If I recall correctly, there's one caveat to using <code>-u</code>: messages logged by a <em>very</em> short-lived process are not guaranteed to be tagged with the proper <code>_SYSTEMD_UNIT=</code> (as there is no SO_PEERCRED for cgroups, thus journald must scrape the cgroup from /proc). Sometimes this means lines appear in <code>journalctl -t</code> when filtered by syslog tag (i.e. "program name") but are missing in <code>journalctl -u</code>.</p>
<p>Bonus: <code>journalctl /dev/sda</code> will get kernel logs for a single <em>device,</em> together with its parents. (But not children or siblings, which might be relevant for some USB devices. And there's no nice shortcut for network interfaces, you have to use something like <code>journalctl -b _KERNEL_DEVICE=+pci:0000:03:00.0</code> for that.) I don't think I've <em>ever</em> used this in anger, but it's nevertheless kinda neat.</p>
</div>2021-08-06T19:32:50ZBy Ben Cotton on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:56dab81a715a82ac82ded25e723c3e4628058597Ben Cottonhttps://funnelfiasco.com<div class="wikitext"><p>My life got a lot better when I started remembering the `-b` flag to journalctl to limit the output to the last boot. Since I'm generally using it on my laptop, my uptime isn't particularly long and I almost always don't care about anything that happened before the last time I powered up.</p>
</div>2021-08-06T12:44:43ZBy Robert Earl on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:241cd104c7da7cb7c86e74a943e2f0dc835df4ecRobert Earlhttps://www.chupchup.org/<div class="wikitext"><p>Let's have Microsoft port Event Viewer to Linux/systemd.
<a href="https://github.com/pentix/qjournalctl">Hey now...!</a></p>
</div>2021-08-06T11:43:11ZBy Miksa on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:bb00212e8933c3f937b845a4f615e02b94fe7f92Miksa<div class="wikitext"><p>I pretty much like JournalD, but what could really endear it to me, is if they added interactive mode. Just start journalctl and then filter it to the units and timeframes that suit your needs without repeated restarting.</p>
</div>2021-08-06T07:44:30ZBy Ivan on /blog/linux/JournalctlShowOneUnittag:CSpace:blog/linux/JournalctlShowOneUnit:03375b6f7b2afde0ce017d2c0c8795d40ba57602Ivanhttps://www.tomica.net/<div class="wikitext"><p>Excellent article! Somehow demonstrates that the functionality is really there, one just needs to go through the docs,like with any other piece of software.</p>
<p>Argument I hear often against systemd is that it does everything under the sun but complicates things with binary logs where you can't just grep them. </p>
<p>On that note, I'd like to add that there's also -g (--grep) option for journalctl, if your journalctl was built with matching support, which does just that :-)</p>
</div>2021-08-06T07:01:41Z