“journalctl” – is a command-line tool in Linux used to query and view logs managed by the systemd-journald service, which is part of the systemd system and service manager. journalctl allows users to access log data from various sources in a consolidated, searchable format, covering everything from kernel and system logs to application logs for services that run on systemd.

Here’s a quick overview of how to use journalctl:

1 .View All Logs:

journalctl

2. View Most Recent Logs:

journalctl -r

3 .Follow Logs in Real-Time (similar to tail -f):

journalctl -f

4. Specify a Service:

journalctl -u [service-name]

5. Filter by Time:

journalctl –since “YYYY-MM-DD HH:MM:SS” –until “YYYY-MM-DD HH:MM:SS”
journalctl –since “1 hour ago”

6. Filter by Priority:

journalctl -p [priority]

7. View Kernel Messages:

journalctl -k

8. Advanced Filtering:

journalctl -u nginx –since “2024-10-01” –until “2024-10-31” -p warning