How to Use journalctl to Read and Filter System Logs in Linux

August 13, 2025

Cheap Linux Server

➥

Introduction

System logs are essential for diagnosing issues, auditing activity, and monitoring system health on Linux. The journalctl command, part of systemd, provides a powerful and flexible way to access these logs. Unlike older tools like syslog, journalctl can filter logs by service, time, priority, boot, and more — making it a modern go-to for log management.

Basic Usage of `journalctl`

To display all logs:

journalctl

This command lists logs in chronological order, starting from the oldest. You can scroll through the output or use a pager like less.

Real-Time Log Monitoring

To monitor logs in real time (like tail -f):

journalctl -f

This is useful when you’re troubleshooting a service or tracking changes live.

Filtering by Time

Show logs from the last boot:

journalctl -b

Specify a date/time range:
Specify a date time range

journalctl --since "2025-07-01 10:00" --until "2025-07-01 12:00"

Or use relative times:

journalctl --since "1 hour ago"

Filtering by Service or Unit

Check logs for a specific service:

journalctl -u nginx.service

Combine with -f for live output:

journalctl -u sshd -f

You can also view failed units:

systemctl --failed

Filtering by Priority

View only errors and critical logs:

journalctl -p err

Show warnings and higher:

journalctl -p warning

Priority levels range from 0 (emergency) to 7 (debug).

Filtering by User or PID

Show logs for a specific user:

journalctl _UID=1000

Show logs from a specific process:

journalctl _PID=1234

Persistent Logs

By default, logs might be stored only in memory. To enable persistent logs:

sudo mkdir -p /var/log/journal
sudo systemd-tmpfiles --create --prefix /var/log/journal
sudo systemctl restart systemd-journald

Exporting Logs

Save logs to a text file:

journalctl > logs.txt

Save logs from a specific unit:

journalctl -u apache2 > apache-logs.txt

Conclusion

journalctl is a powerful tool every Linux user and admin should master. With options to filter by time, service, priority, and user, it provides precise control over log access and analysis. Whether you’re debugging an issue or setting up monitoring, journalctl makes your job easier.

How to Use journalctl to Read and Filter System Logs in Linux (F.A.Q)

How do I clear journalctl logs?

Use sudo journalctl --vacuum-time=7d to keep only the last 7 days of logs.

How can I limit log size?

Edit /etc/systemd/journald.conf and set SystemMaxUse to limit log space usage.

What’s the difference between -u and _SYSTEMD_UNIT?

-u is a user-friendly shortcut for filtering by _SYSTEMD_UNIT.

Can I combine filters in journalctl?

Yes, you can combine multiple options like -u with --since, -p, etc.

How to Fix High CPU Usage in Linux

by Saju | Nov 9, 2025 | RDP Fix

Introduction High CPU usage in Linux can slow down your system, cause overheating, or make processes unresponsive. Whether you're using Ubuntu, Debian, CentOS, or any other Linux distribution, identifying and fixing the cause is crucial to maintaining performance. In...

Lietuviškų Internetinių Kazino Atsiliepimai Ir Vadovas Geriausios Lošimo Svetainės 2025 Metais

by martinparker | Nov 8, 2025 | Reviewe

"Casino Online Lt ️ Geriausi Kazino Internete 2025Content„crash“ ŽaidimaiGeriausių Lietuvos Internetinių Kazino SąrašasKazino Mobiliajame TelefoneInternetinių Kazino Žaidimų RūšysKazino Bonusai Be DepozitoOnline Gambling Establishment LietuvojePriežastys, Dėl Kurių...

0 Comments