Hacker News new | past | comments | ask | show | jobs | submit login

I haven't used journalctl in a while - do you mind explaining how it works with a binary path? Does it report all system logging that came from that executable, as if it were a service file?



The systemd journal logs not only raw strings and priorities (like legacy syslog), but a large number of metadata fields for each message. One of these fields is the name of the executable which generated the message. The command

  journalctl /bin/su
can, to avoid ambiguity, also be written as

  journalctl _EXE=/bin/su
See systemd.journal-fields(7) for more information: https://manpages.debian.org/stable/systemd/systemd.journal-f...


wow! finally something neat from journald


Finally? The thing has an amazing amount of useful features. Let's see:

* Automatic log cleanup to a desired storage size.

* Automatic compression, transparent decompression.

* Filtering by date, or boot number.

* Log shipping, ability to see interleaved logs from multiple machines.

* Microsecond precision for timestamps, multiple timestamp types and output formats.

* Output in JSON or multiple other formats, for trivial parsing.

* Cursors, for easily continuing parsing where you left off.

* Applications can log custom fields. No need to extract data from strings then.

* Captures logs that happen inside initramfs before / is mounted.

* Docker containers can log to the host's journald

It's pretty darn nice, really.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: