If we do not want or cannot use gnome-system-log, we can use the journalctl command to examine systemd daemon logs. Some useful examples of its use would be:
# to show all log entries since last boot
marc:~> journalctl –boot
.
# to show the last 15 lines plus any subsequent ones
marc:~> journalctl -n 15 -f
.
# to show kernel log entries only for a given period
marc:~> journalctl -k –since=today –until=”16:00”
.
# to show entries of priority info and higher coming from NetworkManager identifier type
marc:~> journalctl -t NetworkManager -p err
.
# to list the boot timings and IDs
marc:~> journalctl –list-boots
.
# to know the disk space utilisation of journalctl log files
marc:~> journalctl –disk-usage
.
# to check the last few lines and any news one for unit dbus
marc:~> journalctl -u dbus.service -f
The configuration file that determines journalctl behaviour is /etc/systemd/journald.conf. Its variables are:
Storage: can be volatile, persistent, auto and none. If set to volatile log data is kept in memory only. If set to persistent data is written to /var/log/journal. auto sends data to disk if /var/log/journal exists or to memory if it doesn’t. None forwards data wherever necessary (console, kmsg, syslog, etc) but drops it afterwards. Default: auto.
Compress: can be yes or no. Default: yes.
Seal: can be yes or no. If set to yes and a sealing key exists (see journalctl –setup-keys) it
can be used to provide some protection against log tampering. Default: yes.
SplitMode: can be uid, login or none. With uid each user gets its own journal files. With login
only logged-in users do. With none journal files are not split up. Default: uid.
RateLimitInterval & RateLimitBurst: if more than RateLimitBurst messages are logged within a
RateLimitInterval, the rest of messages are dropped until the interval is over. This
applies on a perservice basis. Default: 1000 messages per 30 seconds.
SystemMaxUse: max disk space usable by journald logs. Default: 10%.
SystemKeepFree: min disk space that should be kept free on the filesystem. Default: 15%.
SystemMaxFileSize: max size of running logs before log switch happens. Default: 1/8 SystemMaxUse
RuntimeMaxUse: same as SystemMaxUse but applies to memory persistence only. Default: 10%.
RuntimeKeepFree: same as SystemKeepFree but applies to memory persistence only. Default: 15%.
RuntimeMaxFileSize: same as SystemMaxFileSize but applies to memory persistence only.
MaxFileSec: max seconds before log switch. Default: unlimited.
MaxRetentionSec: interval after which records are deleted from the log files. Useful when data retention policies are enforced. Default: 0 → off.
SyncIntervalSec: interval before synching to disk if no CRIT/ALERT/EMERG messages are received. Default: 5m.
ForwardToSyslog, ForwardToKMsg, ForwardToConsole & ForwardToWall: forwards messages to traditional syslod daemon, kernel log buffer, console or wall. Defaults: no, no, no, yes.
MaxLevelStore: min message priority for it to be stored in disk. Default: debug.
MaxLevelSyslog: min message priority for it to be sent to syslog. Default: debug.
MaxLevelKMsg: min message priority for it to be sent to kernel log buffer. Default: notice.
MaxLevelConsole: min message priority for it to be sent to the console. Default: info.
MaxLevelWall: min message priority for it to be sent to the wall. Default: emerg.
TTYPath: console TTY to use to forward messages. Default: /dev/console.