journalctl工具是在centos7之後出現的工具。
在Systemd出現之前,Linux系統及各應用的日誌都是分別管理的,Systemd開始統一管理了所有Unit的啟動日誌,這樣帶來的好處就是可以只用一個 journalctl命令,檢視所有日誌(核心日誌和 應用日誌)。
日誌的配置檔案`/etc/systemd/journald.conf`
引數:
-b 檢視本次啟動的所有日誌 或者什麼也不加,journalctl
[root@vrgv ~]# journalctl -b-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Feb 18 10:37:48 vrgv systemd-journal[197]: Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G freeFeb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root Feb 18 10:37:48 vrgv kernel: Disabled fast string operationsFeb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'-k 檢視核心日誌
[root@vrgv ~]# journalctl -k-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Feb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root Feb 18 10:37:48 vrgv kernel: Disabled fast string operationsFeb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'-u 根據型別查詢,如檢視docker服務日誌journalctl -u docker
[root@vrgv ~]# journalctl -u docker.service-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Feb 18 10:37:59 vrgv systemd[1]: Starting Docker Application Container Engine...Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.798907622+08:00" level=info msg="libcontainerd: started Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.801937970+08:00" level=info msg="parsed scheme: \"unix\"Feb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.802051497+08:00" level=info msg="scheme \"unix\" not regFeb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.806551815+08:00" level=info msg="ccResolverWrapper: sendFeb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.806638857+08:00" level=info msg="ClientConn switching baFeb 18 10:37:59 vrgv dockerd[10179]: time="2021-02-18T10:37:59.808453873+08:00" l--since "2017-01-10" --until "2017-01-11 03:00" 檢視2017.1.10到2017.1.11 3點的日誌,也可簡寫成-S和-U
[root@vrgv ~]# journalctl -S "2021-03-01 11:00" -U "2021-03-01 12:00"-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Mar 01 11:00:13 vrgv systemd[1]: Starting Cleanup of Temporary Directories...Mar 01 11:00:13 vrgv systemd[1]: Started Cleanup of Temporary Directories.Mar 01 11:01:01 vrgv systemd[1]: Started Session 307 of user root.Mar 01 11:01:01 vrgv CROND[129463]: (root) CMD (run-parts /etc/cron.hourly)Mar 01 11:01:01 vrgv run-parts(/etc/cron.hourly)[129466]: starting 0anacron_UID 檢視某個使用者的日誌,如檢視postgres使用者日誌journalctl _UID=1000 (1000是根據命令id -u postgres得到的)
[root@vrgv ~]# id -u postgres1000[root@vrgv ~]# journalctl _UID=1000-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Feb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.254 EST [10206] LOG: listening on IPv4 address "0.0.0.0", portFeb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.254 EST [10206] LOG: listening on IPv6 address "::", port 5432Feb 18 10:37:59 vrgv pg_ctl[10180]: 2021-02-17 21:37:59.264 EST [10206] LOG: listening on Unix socket "/tmp/.s.PGSQL.5Feb 18 10:38:00 vrgv pg_ctl[10180]: 2021-02-17 21:38:00.083 EST [10206] LOG: redirecting log output to l-p 顯示特定優先順序的資訊,從而過濾掉優先順序較低的資訊
0: emerg 緊急 1: alert 警惕 2: crit 警示 3: err 錯誤 4: warning 警告 5: notice 注意,通告 6: info 資訊 7: debug 除錯[root@vrgv ~]# journalctl -p 3 -b-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 12:46:08 CST. --Feb 18 10:37:50 vrgv kernel: sd 2:0:0:0: [sda] Assuming drive cache: write throughFeb 18 10:37:50 vrgv kernel: sd 2:0:1:0: [sdb] Assuming drive cache: write throughFeb 18 10:37:50 vrgv kernel: sd 2:0:2:0: [sdc] Assuming drive cache: write throughFeb 18 10:37:51 vrgv systemd-udevd[5107]: unknown key 'PHYSDEVBUS' in /etc/udev/rules.d/80-hasp.rules:9Feb 18 10:37:51 vrgv systemd-udevd[5107]: invalid rule '/etc/udev/rules.d/80-hasp.rules:9'Feb 18 10:37:51 vrgv systemd-udevd[5107]: unknown key 'PHYSDEVBUS' in /etc/udev/rules.d/80-hasp.rules:10Feb 18 10:37:51 vrgv systemd-udevd[5107]: invalid rule '/etc/udev/rules.d/80-hasp.rules:10'Feb 18 10:37:52 vrgv kernel: piix4_smbus 0000:00:07.3: SMBus Host Controller not enabled!-a 與-p相反,-a代表全部顯示
[root@vrgv ~]# journalctl -a-- Logs begin at Thu 2021-02-18 10:37:48 CST, end at Mon 2021-03-01 13:01:01 CST. --Feb 18 10:37:48 vrgv systemd-journal[197]: Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G freeFeb 18 10:37:48 vrgv kernel: Linux version 5.4.91-1.el7.elrepo.x86_64 (mockbuild@Build64R7) (gcc version 9.3.1 20200408Feb 18 10:37:48 vrgv kernel: Command line: BOOT_IMAGE=/vmlinuz-5.4.91-1.el7.elrepo.x86_64 root=/dev/mapper/centos-root Feb 18 10:37:48 vrgv kernel: Disabled fast string operationsFeb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'Feb 18 10:37:48 vrgv kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'-o 指定日誌輸出格式,最為常見的格式:-o json-pretty
cat: 只顯示資訊欄位本身。export: 適合傳輸或備份的二進位制格式。json: 標準JSON,每行一個條目。json-pretty: JSON格式,適合人類閱讀習慣。json-sse: JSON格式,經過打包以相容server-sent事件。short: 預設syslog類輸出格式。short-iso: 預設格式,強調顯示ISO 8601掛鐘時間戳。short-monotonic: 預設格式,提供普通時間戳。short-precise: 預設格式,提供微秒級精度。verbose: 顯示該條目的全部可用journal欄位,包括通常被內部隱藏的欄位。[root@vrgv ~]# journalctl -o json-pretty -b{ "__CURSOR" : "s=fb03d2b00f8e4804ae90d1272f9ac3f2;i=1;b=66afbb5671e04f30b082eed2c2ff5402;m=23a7fc;t=5bb9338a8743e;x=acbe13f9 "__REALTIME_TIMESTAMP" : "1613615868703806", "__MONOTONIC_TIMESTAMP" : "2336764", "_BOOT_ID" : "66afbb5671e04f30b082eed2c2ff5402", "PRIORITY" : "6", "_TRANSPORT" : "driver", "MESSAGE" : "Runtime journal is using 8.0M (max allowed 799.4M, trying to leave 1.1G free of 7.7G available \uffffffe2\ufff "MESSAGE_ID" : "ec387f577b844b8fa948f33cad9a75e6", "_PID" : "197", "_UID" : "0", "_GID" : "0", "_COMM" : "systemd-journal", "_EXE" : "/usr/lib/systemd/systemd-journald", "_CMDLINE" : "/usr/lib/systemd/systemd-journald", "_CAP_EFFECTIVE" : "25402800cf", "_SYSTEMD_CGROUP" : "/system.slice/systemd-journald.service", "_SYSTEMD_UNIT" : "systemd-journald.service", "_SYSTEMD_SLICE" : "system.slice", "_MACHINE_ID" : "92dcecad2935477796367be725a6735b", "_HOSTNAME" : "vrgv"}-f 持續實時輸入日誌
[root@vrgv ~]# journalctl -fu docker.service-- Logs begin at Thu 2021-02-18 10:37:48 CST. --Feb 18 10:38:00 vrgv dockerd[10179]: time="2021-02-18T10:38:00.241741884+08:00" level=info msg="Loading containers: start."Feb 18 10:38:01 vrgv dockerd[10179]: time="2021-02-18T10:38:01.610646278+08:00" level=info msg="Default bridge (docker0) is assigned with an IP address 172.17.0.0/16. Daemon option --bip can be used to set a preferred IP address"Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.143827293+08:00" level=info msg="Loading containers: done."Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.250503801+08:00" level=info msg="Docker daemon" commit=481bc77 graphdriver(s)=overlay2 version=18.09.6Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.250847585+08:00" level=info msg="Daemon has completed initialization"Feb 18 10:38:02 vrgv dockerd[10179]: time="2021-02-18T10:38:02.277582884+08:00" level=info msg="API listen on /var/run/docker.sock"Feb 18 10:38:02 vrgv systemd[1]: Started Docker Application Container Engine.另外幾種檢視資訊的
檢視日誌佔用磁碟空間大小
[root@k8s-node1 ~]# journalctl --disk-usage Archived and active journals take up 87.6M on disk.設定日誌佔用磁碟空間
[root@k8s-node1 ~]# journalctl --vacuum-size=500MVacuuming done, freed 0B of archived journals on disk.設定日誌最長保留時間
month/years
[root@k8s-node1 ~]# journalctl --vacuum-time=1monthVacuuming done, freed 0B of archived journals on disk.最後看一下配置檔案
[root@k8s-node1 ~]# vim /etc/systemd/journald.conf# This file is part of systemd.## systemd is free software; you can redistribute it and/or modify it# under the terms of the GNU Lesser General Public License as published by# the Free Software Foundation; either version 2.1 of the License, or# (at your option) any later version.## Entries in this file show the compile time defaults.# You can change settings by editing this file.# Defaults can be restored by simply deleting this file.## See journald.conf(5) for details.[Journal]#Storage=auto#Compress=yes#Seal=yes#SplitMode=uid#SyncIntervalSec=5m#RateLimitInterval=30s#RateLimitBurst=1000#SystemMaxUse=#SystemKeepFree=#SystemMaxFileSize=#RuntimeMaxUse=#RuntimeKeepFree=#RuntimeMaxFileSize=#MaxRetentionSec=#MaxFileSec=1month#ForwardToSyslog=yes#ForwardToKMsg=no#ForwardToConsole=no#ForwardToWall=yes#TTYPath=/dev/console#MaxLevelStore=debug#MaxLevelSyslog=debug#MaxLevelKMsg=notice#MaxLevelConsole=info#MaxLevelWall=emerg#LineMax=48K
最新評論