journalctl usage..
journalctl 用法
journalctl 查看所有日志,基本上就是狂刷

journalctl --no-pager 等于 cat syslog.txt的效果。

journalctl -k

 查看内核日志(不显示应用日志)

加上--no-pager参数就直接输出到标准输出了。

journalctl -k --no-pager 

Jul 29 17:38:47 systemd[1]: systemd-journald.service: Unit entered failed state.
Jul 29 17:38:47 systemd[1]: systemd-journald.service: Failed with result 'signal'.
Jul 29 17:38:47 systemd[1]: systemd-journald.service: Service has no hold-off time, scheduling restart.
Jul 29 17:38:47 systemd[1]: Stopped Flush Journal to Persistent Storage.
Jul 29 17:38:47 systemd[1]: Stopping Flush Journal to Persistent Storage...
Jul 29 17:38:47 systemd[1]: Stopped Journal Service.
Jul 29 17:38:47 systemd[1]: Starting Journal Service...
Jul 29 17:38:47 systemd[1]: Started Journal Service.

查看系统本次启动的日志,基本上就是刷屏了。

journalctl -b
journalctl -b --no-pager 

查看指定程序的日志

journalctl /usr/sbin/sshd --no-pager

Jul 30 10:00:24 sshd[14609]: error: AuthorizedKeysCommand path is not absolute
Jul 30 10:00:24 sshd[14609]: Authentication refused: bad ownership or modes for directory /home/root
Jul 30 10:00:24 sshd[14609]: error: AuthorizedKeysCommand path is not absolute
Jul 30 10:00:24 sshd[14609]: Authentication refused: bad ownership or modes for directory /home/root
Jul 30 10:00:26 sshd[14609]: Accepted password for root from 192.168.5.64 port 52218 ssh2
Jul 30 10:00:26 sshd[14614]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 10:00:26 sshd[14614]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 10:56:45 sshd[16413]: error: AuthorizedKeysCommand path is not absolute
Jul 30 10:56:45 sshd[16413]: Authentication refused: bad ownership or modes for directory /home/root
Jul 30 10:56:45 sshd[16413]: error: AuthorizedKeysCommand path is not absolute
Jul 30 10:56:45 sshd[16413]: Authentication refused: bad ownership or modes for directory /home/root
Jul 30 10:56:47 sshd[16413]: Accepted password for root from 192.168.5.64 port 55484 ssh2
Jul 30 10:56:47 sshd[16418]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 10:56:47 sshd[16418]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 11:01:29 sshd[16585]: error: AuthorizedKeysCommand path is not absolute
Jul 30 11:01:29 sshd[16585]: error: AuthorizedKeysCommand path is not absolute
Jul 30 11:01:29 sshd[16585]: Accepted publickey for root from 192.168.5.64 port 55624 ssh2: RSA SHA256:Qji+sVx09n43QcM300pHJiiPWi4KzqulAMkLAaf1vXM
Jul 30 11:01:29 sshd[16587]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 11:01:29 sshd[16587]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 11:22:15 sshd[17223]: Accepted password for root from 192.168.5.44 port 64448 ssh2
Jul 30 11:22:15 sshd[17228]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 11:22:15 sshd[17228]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory
Jul 30 11:33:52 sshd[17582]: Accepted password for root from 192.168.5.44 port 65228 ssh2
Jul 30 11:36:11 sshd[17696]: Accepted password for root from 192.168.5.44 port 65341 ssh2

journalctl /usr/bin/cv2x-daemon --no-pager

基本上就够用了。

按可执行文件的路径过滤
如果在参数中指定某个可执行文件(二进制文件或脚本文件),则 journalctl 会显示与该可执行文件相关的全部条目。比如可以显示 /usr/lib/systemd/systemd 程序产生的日志:

$ sudo journalctl /usr/lib/systemd/systemd

也可以显示 /usr/bin/bash 程序产生的日志:

$ sudo journalctl /usr/bin/bash

用json输出略吊。。

journalctl /usr/sbin/sshd --no-pager -o json

{ "__CURSOR" : "s=1f967cdb38644934b6add6dca6147120;i=ab550;b=81a1ae5398824daea9b502bf3ddfc092;m=2488403b14;t=5c84eebbadaf5;x=3e575c4f570ffd13", "__REALTIME_TIMESTAMP" : "1627616171449077", "__MONOTONIC_TIMESTAMP" : "156904733460", "_BOOT_ID" : "81a1ae5398824daea9b502bf3ddfc092", "_TRANSPORT" : "syslog", "_UID" : "0", "_GID" : "0", "_CAP_EFFECTIVE" : "3fffffffff", "_MACHINE_ID" : "df9d1eef11ee45fd92b407191b390e56", "_HOSTNAME" : "imx6qsabresd", "PRIORITY" : "6", "SYSLOG_FACILITY" : "4", "SYSLOG_IDENTIFIER" : "sshd", "_COMM" : "sshd", "_EXE" : "/usr/sbin/sshd", "_CMDLINE" : "sshd: root [priv]", "_SYSTEMD_SLICE" : "system-sshd.slice", "SYSLOG_PID" : "17696", "MESSAGE" : "Accepted password for root from 192.168.5.44 port 65341 ssh2", "_PID" : "17696", "_SYSTEMD_CGROUP" : "/system.slice/system-sshd.slice/sshd@57-192.168.5.242:22-192.168.5.44:65341.service", "_SYSTEMD_UNIT" : "sshd@57-192.168.5.242:22-192.168.5.44:65341.service", "_SOURCE_REALTIME_TIMESTAMP" : "1627616171448199" }

journalctl /usr/sbin/sshd --no-pager -o json-pretty

{

"__CURSOR" : "s=1f967cdb38644934b6add6dca6147120;i=ab550;b=81a1ae5398824daea9b502bf3ddfc092;m=2488403b14;t=5c84eebbadaf5;x=3e575c4f570ffd13",
"__REALTIME_TIMESTAMP" : "1627616171449077",
"__MONOTONIC_TIMESTAMP" : "156904733460",
"_BOOT_ID" : "81a1ae5398824daea9b502bf3ddfc092",
"_TRANSPORT" : "syslog",
"_UID" : "0",
"_GID" : "0",
"_CAP_EFFECTIVE" : "3fffffffff",
"_MACHINE_ID" : "df9d1eef11ee45fd92b407191b390e56",
"_HOSTNAME" : "imx6qsabresd",
"PRIORITY" : "6",
"SYSLOG_FACILITY" : "4",
"SYSLOG_IDENTIFIER" : "sshd",
"_COMM" : "sshd",
"_EXE" : "/usr/sbin/sshd",
"_CMDLINE" : "sshd: root [priv]",
"_SYSTEMD_SLICE" : "system-sshd.slice",
"SYSLOG_PID" : "17696",
"MESSAGE" : "Accepted password for root from 192.168.5.44 port 65341 ssh2",
"_PID" : "17696",
"_SYSTEMD_CGROUP" : "/system.slice/system-sshd.slice/sshd@57-192.168.5.242:22-192.168.5.44:65341.service",
"_SYSTEMD_UNIT" : "sshd@57-192.168.5.242:22-192.168.5.44:65341.service",
"_SOURCE_REALTIME_TIMESTAMP" : "1627616171448199"

}

查看了一下帮助文件,支持的格式还不少。

 -o --output=STRING       Change journal output mode (short, short-iso,
                                    short-precise, short-monotonic, verbose,
                                    export, json, json-pretty, json-sse, cat)
                               

不知道json-sse是什么东西,试试。

journalctl /usr/sbin/sshd --no-pager -o json-sse

data: { "__CURSOR" : "s=1f967cdb38644934b6add6dca6147120;i=ab550;b=81a1ae5398824daea9b502bf3ddfc092;m=2488403b14;t=5c84eebbadaf5;x=3e575c4f570ffd13", "__REALTIME_TIMESTAMP" : "1627616171449077", "__MONOTONIC_TIMESTAMP" : "156904733460", "_BOOT_ID" : "81a1ae5398824daea9b502bf3ddfc092", "_TRANSPORT" : "syslog", "_UID" : "0", "_GID" : "0", "_CAP_EFFECTIVE" : "3fffffffff", "_MACHINE_ID" : "df9d1eef11ee45fd92b407191b390e56", "_HOSTNAME" : "imx6qsabresd", "PRIORITY" : "6", "SYSLOG_FACILITY" : "4", "SYSLOG_IDENTIFIER" : "sshd", "_COMM" : "sshd", "_EXE" : "/usr/sbin/sshd", "_CMDLINE" : "sshd: root [priv]", "_SYSTEMD_SLICE" : "system-sshd.slice", "SYSLOG_PID" : "17696", "MESSAGE" : "Accepted password for root from 192.168.5.44 port 65341 ssh2", "_PID" : "17696", "_SYSTEMD_CGROUP" : "/system.slice/system-sshd.slice/sshd@57-192.168.5.242:22-192.168.5.44:65341.service", "_SYSTEMD_UNIT" : "sshd@57-192.168.5.242:22-192.168.5.44:65341.service", "_SOURCE_REALTIME_TIMESTAMP" : "1627616171448199"}

本文链接地址:https://const.net.cn/278.html

标签: none

添加新评论