/
/
Working with systemctl and journalctl in Linux

Working with systemctl and journalctl in Linux

Why?

Working with systemctl and journalct in Linux is essential for managing services in the operating system. This allows system administrators to effectively manage services, monitor their state, and configure autostart at system startup.

Knowledge of these tools is also useful when analyzing system logs to detect errors, track actions, and find information about how services and programs are running in Linux.

Instructions

Working with systemctl

Systemctl allows you to manage and view OS services, their state, and startup capabilities.

The basic commands are:

  • systemctl start <service-name> - start the service,
  • systemctl stop <service-name> - stop the service,
  • systemctl restart <service name> - restart the service,
  • systemctl enable <service name> - enable service autorun,
  • systemctl disable <service-name> - disable autorun,
  • systemctl mask <service-name> - disallow the service from starting,
  • systemctl unmask <service-name> - allow the service to start,
  • systemctl list-units --type=service - output the list of services in the system.

For example, to start the SSH service, run:

systemctl start sshd

Execute these commands with root privileges. To log in as root, use "su root".

Working with journalctl

When working with system logs via journalctl, it is useful to know the basic commands for viewing and navigating the output.

By default, journalctl uses the "more" utility to display paginated output, meaning you can control the log view by using the keys to scroll up, down, and execute other control commands.

Here are some basic commands for working with journalctl in the console:

  • journalctl -u <service-name> - display all service logs,
  • journalctl -f - view the log in real time,
  • journalctl --since <date and time> - view the log for a specific period of time,
  • journalctl --until <date and time> - view the log up to a certain time.
  • journalctl -p <0|1|2|3|4|5|6|7> - display log messages of a certain priority level.

 

For example, to display all SSH service startup logs:

journalctl -u sshd

 

Keys to navigate through an open journal:

  • "Up" and "Down" keys - scroll the log,
  • PgUp and PgDown - page-by-page scrolling of the Journal,
  • End and Home - move to the end or the beginning of the log respectively,
  • Q - exit the log view.

Redirecting output and using grep.

Besides navigating journalctl output in the console, it is also important to know how to redirect this output to a file for later analysis or saving.

To redirect journalctl output to a file, you can use the ">" character in the console, for example:

journalctl > journal_log.txt

This command will redirect the journalctl output to a file named "journal_log.txt". You can also use the grep utility to filter journalctl output and find specific information.

For example, to find all lines containing information about "mysql", you can run the following command:

journalctl | grep "mysql".

 

Saving the log after a reboot.

By default, system logs are not saved after a reboot.

To save them, you need to change "Storage" to "persistent" in the configuration file "/etc/systemd/journald.conf":

Storage=persistent

 

Limiting the size of the journal.

You can also limit the size of the journal by using the "SystemMaxUse" parameter in the configuration file "/etc/systemd/journald.conf".

For example, to limit the journal size to 1GB, change the value of the "SystemMaxUse" parameter to "1G":

SystemMaxUse=1G

 

After making the changes, you must restart the journald service:

systemctl restart systemd-journald

 

The systemctl and journalctl utilities are powerful tools for managing services and analyzing logs in Linux.

They allow you to effectively monitor processes and analyze system events.